portfast bpdu guard

How to Configure PortFast and BPDU Guard – Explained

October 28, 2019

The switch port directly connected to an end station cannot create bridging loops. So, the port can rapidly enter the forwarding state by skipping the listening and learning state. Portfast is a Cisco proprietary solution that allows the switch port to skip the listening and learning state and immediately enter the forwarding state. It is working in PVST+ environments.

We can use PortFast on access ports to allow the immediate connection of the attached devices to the network rather than waiting for IEEE 802.1D STP to converge on each VLAN. Access ports are usually connected to a single workstation or a server. A switch-enabled port fast cannot generate a topology change and notification for an interface that has Port Fast enabled.

In a Port Fast configuration, BPDUs should never be received because receiving BPDUs indicates that another bridge or switch is connected to the port. Receiving BPDUs causes a spanning tree loop. The BPDU guard is a feature called BPDU guard. BPDU guard is Cisco proprietary, and it puts the port in an error-disabled state on receipt of a BPDU.

Port Fast is useful for Dynamic Host Configuration Protocol (DHCP). If Port Fast is not enabled on the switch, the host can send a DHCP request before the port is in the forwarding state, which prevents the host from receiving an IP address and related information from the DHCP server. If PortFast is enabled, the port state changes immediately to the forwarding state, and the host can get a usable IP address.

We can enable Port Fast on a switch port using the command spanning-tree portfast in interface configuration mode. If we want to configure Port Fast for all router interfaces, we can use the command spanning-tree portfast default in global configuration mode.

The command enables Port Fast on all non-trunking interfaces. The figure below illustrates the Port Fast configuration on the switch-3 interface fa0/2.

Switch-3>enable
Switch-3#config terminal
Switch-3#Interface fastethernet 0/2
Switch-3(config-if)#spanning-tree portfast
Switch-3(config-if)# spanning-tree bpduguard enable
Switch-3(config-if)#exit
Switch-3(config)#exit
Switch-3#wr

To configure BPDU guard on an access port, use the spanning-tree bpduguard enable command in interface configuration mode. If we want to configure the BPDU guard on all interface use the command spanning-tree portfast bpduguard default in global configuration mode. The command enables BPDU guard on all PortFast-enabled ports.

We can verify the PortFast and BPDU guard enabled for the switch port using the show running-config command. By default, PortFast and BPDU guard are disabled on all interfaces.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.