How to Configure PortFast and BPDU Guard – Explained
The switch port directly connected to an end station cannot create bridging loops. So, the port can rapidly enter the forwarding state by skipping the listening and learning state. Portfast is a Cisco proprietary solution that allows the switch port to skip the listening and learning state and immediately enter the forwarding state. It is working in PVST+ environments.
We can use PortFast on access ports to allow the immediate connection of the attached devices to the network rather than waiting for IEEE 802.1D STP to converge on each VLAN. Access ports are usually connected to a single workstation or a server. A switch-enabled port fast cannot generate a topology change and notification for an interface with Port Fast enabled.
In a Port Fast configuration, BPDUs should never be received because receiving BPDUs indicates that another bridge or switch is connected to the port. Receiving BPDUs causes a spanning tree loop. The BPDU guard is a feature called BPDU guard. BPDU guard is Cisco proprietary, and it puts the port in an error-disabled state on receipt of a BPDU.
Port Fast is functional for Dynamic Host Configuration Protocol (DHCP). If Port Fast is not enabled on the switch, the host can send a DHCP request before the port is in the forwarding state, which prevents the host from receiving an IP address and related information from the DHCP server. If PortFast is enabled, the port state changes immediately to the forwarding state, and the host can get a usable IP address.
We can enable Port Fast on a switch port using the command spanning-tree portfast in interface configuration mode. If we want to configure Port Fast for all router interfaces, we can use the command spanning-tree portfast default in global configuration mode.
The command enables Port Fast on all non-trunking interfaces. The figure below illustrates the Port Fast configuration on the switch-3 interface fa0/2.
- Switch-3>enable
- Switch-3#config terminal
- Switch-3#Interface fastethernet 0/2
- Switch-3(config-if)#spanning-tree portfast
- Switch-3(config-if)# spanning-tree bpduguard enable
- Switch-3(config-if)#exit
- Switch-3(config)#exit
- Switch-3#wr
To configure BPDU guard on an access port, use the spanning-tree bpduguard enable command in interface configuration mode. If we want to configure the BPDU guard on all interface use the command spanning-tree portfast bpduguard default in global configuration mode. The command enables BPDU guard on all PortFast-enabled ports.
We can verify the PortFast and BPDU guard enabled for the switch port using the show running-config command. By default, PortFast and BPDU guard are disabled on all interfaces.