This topic is to discuss the following lesson:
Your articles are so useful, it totally saved me.
It’s a pleasure to read a text so well detailed and clear, you went straight to the point and also used a very interesting methodology to keep our focus in the subject.
Do you make any labs in packet tracer?
The labs on GNS3Vault were created in GNS3, I haven’t created anything in packet tracer but it should be simple to recreate. Nowadays people use GNS3, IOU, packet tracer, the 1000v VMware image and real hardware. It takes too much time to create a startup config for any possible method.
Thanks for this explanation
Hop you are well - do you know at all if the current CCNA blueprint / exam covers any other additional spanning tree enhancement features besides Portfast such as UDLD , Backbonefast, Uplinkfast - I ask since after searching the current blueprint there is not reference or doesn’t seem to be to any of these
Many thanks in advance
Backbonefast, Uplinkfast and UDL are on the CCNP SWITCH blueprint so I don’t expect to see those on the CCNA exam(s). They aren’t on the CCNA blueprint.
Portfast is something you should practice though
Very clear and easy to understand. Great job
What happens when Portfast is enabled on a port but BPDU filter is not globally enabled and the port receives a BPDU.
The port will lose its portfast status, and will continue to function like a normal port (without Portfast). It will not be disabled unless BPDU Guard was also enabled.
FYI: Rene has a Lesson related to this topic here
Thanks Andrew. I have one more question, What is the real use of BPDU filter command in a Global mode, if a normal portfast can achieve the same functionality. Why do we need to enable BPDU filter at the global level and what enhancement does it provide at the global level. BPDU filter lesson says.
BPDUfilter can be configured globally or on the interface level and there’s a difference:
Global: if you enable BPDUfilter globally then any interface with portfast enabled will not send or receive any BPDUs. When you receive a BPDU on a portfast enabled interface then it will lose its portfast status, disables BPDU filtering and acts as a normal interface.
BPDUFilter Global and Portfast serve very different purposes:
The most important thing that portfast does is define which ports should be ignored for spanning-tree re-convergence events. In other words, you want to make sure your access-level ports, where people might be plugging/unplugging their devices all the time, will not cause the entire spanning-tree topology run its STP calculation every time an event occurs. Secondarily, it tells the port in question to skip the listening/learning and go straight to forwarding.
One thing that PortFast does NOT do is prevent the sending of BPDUs–only BPDU Filtering does that.
When running BPDUFilter, you should do so only at the global level. The reason is at the global level it has a built in protection mechanism where if a BPDU is received on a port that has global filtering enabled, this port will fall back to being a “normal” port that sends/receives BPDUs. This protection is not present when enabling filtering on a per port basis which may result in a layer 2 loop (broadcast storm).
Thanks Andrew. Now i can understand completely. I misunderstood that portfast will not send BPDU’s.
What happen if the port enables portfast is to be part of the loop ?
The port is going to be blocked or not?
PortFast does not stop the port from sending BPDUs. Therefore, if a port that became part of a loop had PortFast enabled would detect this, and the port would lose its PortFast state and return to normal spanning-tree operations. This assumes the other end of the connection cause the loop does not have BPDU Filtering enabled, which would block that side from sending BPDUs.
It means Portfast enabled interface still sends and recevies BPDU.
what happens when We configure BPDU filter ?
There are actually two modes of BPDU Filter: Per port (dangerous) and globally.
In the port mode, the switch will not send or receive BPDUs (which essentially disables the STP process) on the port in question. Configuring BPDU Filtering in port mode would prevent the switch from detecting a loop involving the port where it is enabled. This is why this option is considered dangerous and is generally avoided.
In global mode, this command is paired with portfast as follows:
switch(config)#spanning-tree portfast bpdufilter default switch(config)#spanning-tree portfast default
This prevents interfaces in portfast mode from sending BPDUs. However, if a BPDU is received on such an interface, the interface will lose its PortFast state, and outgoing BPDU filtering is disabled.
As on different threads and post see that Don’t enable portfast on an interface to another hub or switch. If you enable Port Fast on a port connected to a switch (a network port), you might create a temporary bridging loop…
My question is how bridging loops will be created as when port on which portfast is enabled receives the bpdu, then that port losses its portfast status and start working like a normal port. then how loops are going to create.
My second questions is that can we enable portfast on the trunks.?
and also, does portfast enabled port immediately transition to blocking state if they receive the superior BPDU.?
If, I understand correctly then portfast enabled port towards the host sends only BPDUs and do not receive BPDUS and if we enable Portfast on the interface or port that is connected to another switch then that port will receive the BPDUs from the root switch and when that port receives the BPDUs, the port immediately losses its port fast status and become normal port. Please let me know if this statement is correct about portfast.
If one port on switch is configured as portfast, and accidentally someone connected another switch on that port …what will happen… what will be impact? … because I think it is recommended that portfast enbaled ports must be connected to host devices.