How to Configure PortFast and BPDU Guard – Explained
The switch port that is directly connected to an end station cannot create bridging loops. So the port can rapidly enter the forwarding state by skipping the listening and learning state. Portfast is a Cisco proprietary solution that makes possible to skip the listening and learning state and put the switch port immediately to the forwarding state. It is working in PVST+ environments.
We can use PortFast on access ports to allow the immediate connection of the attached devices to the network immediately, relatively than waiting for IEEE 802.1D STP to converge on each VLAN. Access ports usually connected to a single workstation or a server. A switch enabled port fast cannot generate a topology change and notification for an interface that has Port fast enabled.
In a Port Fast configuration, BPDUs should never be received, because receiving of BPDU indicate that another bridge or switch is connected to the port. The receiving of BPDU is causing a spanning tree loop. The BPDU guard is a feature called BPDU guard. BPDU guard is Cisco proprietary which puts the port in an error-disabled state on receipt of a BPDU.
Port Fast is useful for Dynamic Host Configuration Protocol (DHCP). If the port fast is not enabled on the switch, the host can send a DHCP request before the port is in forwarding state, which denying the host from receiving an IP address and related information from the DHCP server. If PortFast is enabled, the port state changes immediately to the forwarding state, and the host can get a usable IP address.
We can enable Port Fast on a switch port using the command spanning-tree portfast in interface configuration mode. If we want to configure the Port Fast for all interface of the router use the command spanning-tree portfast default in global configuration mode.
The command enables Port Fast on all non-trunking interfaces. The figure below illustrates the Port Fast configuration on the switch-3 interface fa0/2.
- Switch-3>enable
- Switch-3#config terminal
- Switch-3#Interface fastethernet 0/2
- Switch-3(config-if)#spanning-tree portfast
- Switch-3(config-if)# spanning-tree bpduguard enable
- Switch-3(config-if)#exit
- Switch-3(config)#exit
- Switch-3#wr
To configure BPDU guard on an access port, use the spanning-tree bpduguard enable command in interface configuration mode. If we want to configure the BPDU guard on all interface use the command spanning-tree portfast bpduguard default in global configuration mode. The command enables BPDU guard on all PortFast-enabled ports.
We can verify the PortFast and BPDU guard enabled for the switch port, use the show running-config command. By default, PortFast and BPDU guard are disabled, on all interfaces.