PortFast causes a switch or trunk port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states. You can use PortFast on switch or trunk ports connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state. When the switch powers up, or when a device is connected to a port, the port normally enters the spanning tree listening state. When the Forward Delay timer expires, the port enters the learning state. When the Forward Delay timer expires a second time, the port is transitioned to the forwarding or blocking state. When you enable PortFast on a switch or trunk port, the port is immediately transitioned to the spanning tree forwarding state. These sections describe how to configure PortFast on the switch: • • To enable PortFast on a switch port, perform this procedure in privileged mode: This example shows how to enable PortFast on port 1 of module 4 and verify the configuration, the PortFast status is shown in the "Fast-Start" column: To enable PortFast on a trunk port, perform this procedure in privileged mode: This example shows how to enable PortFast on port 1 of module 4 of a trunk port, bring the trunk port to a forwarding state, and verify the configuration (the PortFast status is shown in the "Fast-Start" column): To disable PortFast on a switch or trunk port, perform this procedure in privileged mode: Step 1 Disable PortFast on a switch port. set spantree portfast mod_num/port_num disable Step 2 Verify the PortFast setting. show spantree mod_num/port_num This example shows how to disable PortFast on port 1 of module 4: To reset PortFast on a switch or trunk port to its default settings, perform this procedure in privileged mode: Step 1 Reset PortFast to default setting on a switch port. set spantree portfast mod_num/port_num default Step 2 Verify the PortFast setting. show spantree mod_num/port_num This example shows how to disable PortFast on port 1 of module 4: To reset PortFast on a switch or trunk port to its default settings, perform this procedure in privileged mode: Step 1 Reset PortFast to its default settings on a switch port. set spantree portfast mod_num/port_num default Step 2 Verify the PortFast setting. show spantree mod_num/port_num This example shows how to reset PortFast to its default settings on port 1 of module 4: To prevent loops from occurring in a network, the PortFast mode is supported only on nontrunking access ports because these ports typically do not transmit or receive BPDUs. The most secure implementation of PortFast is to enable it only on ports that connect end stations to switches. Because PortFast can be enabled on nontrunking ports connecting two switches, spanning tree loops can occur because BPDUs are still being transmitted and received on those ports. The PortFast BPDU guard feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When the BPDU guard feature is enabled on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs, instead of putting them into the spanning tree blocking state. In a valid configuration, PortFast-configured interfaces do not receive BPDUs. If a PortFast-configured interface receives a BPDU, an invalid configuration exists, such as connection of an unauthorized device. The BPDU guard feature provides a secure response to invalid configurations because the administrator must manually put the interface back in service. Configuring PortFast
Enabling PortFast on an Access Port Enabling PortFast on a Trunk Port Enabling PortFast on an Access Port
Console> (enable) set spantree portfast 4/1 enable
Warning:Connecting Layer 2 devices to a fast start port can cause
temporary spanning tree loops. Use with caution.
Spantree port 4/1 fast start enabled.
Console> (enable) show spantree 4/1
Port Vlan Port-State Cost Priority Fast-Start Group-method
--------- ---- ------------- ----- -------- ---------- ------------
4/1 1 blocking 19 20 enabled
4/1 100 forwarding 10 20 enabled
4/1 521 blocking 19 20 enabled
4/1 522 blocking 19 20 enabled
4/1 523 blocking 19 20 enabled
4/1 524 blocking 19 20 enabled
4/1 1003 not-connected 19 20 enabled
4/1 1005 not-connected 19 4 enabled
Console> (enable)
Enabling PortFast on a Trunk Port
Console> (enable) set spantree portfast 4/1 enable trunk
Warning:Connecting Layer 2 devices to a fast start port can cause
temporary spanning tree loops. Use with caution.
Spantree port 4/1 fast start enabled.
Console> (enable) show spantree 4/1
Port Vlan Port-State Cost Prio Portfast
Channel_id
------------------------ ---- ------------- --------- ---- ------------------
4/1 1 blocking 4 32 enabled 0
4/1 100 forwarding 4 32 enabled 0
4/1 521 blocking 4 32 enabled 0
4/1 524 blocking 4 32 enabled 0
4/1 1003 not-connected 4 32 enabled 0
4/1 1005 not-connected 4 32 enabled 0
Console> (enable) show spantree portfast 4/1
Portfast:enable trunk
Portfast BPDU guard is disabled.
Portfast BPDU filter is disabled.
Console>
Disabling PortFast
Console> (enable) set spantree portfast 4/1 disable
Spantree port 4/1 fast start disabled.
Console> (enable)
Console> (enable) set spantree portfast 4/1 default
Spantree port 4/1 fast start set to default.
Console> (enable) show spantree portfast 4/1
Portfast:default
Portfast BPDU guard is disabled.
Portfast BPDU filter is disabled.
Console> (enable)
Resetting PortFast
Console> (enable) set spantree portfast 4/1 default
Spantree port 4/1 fast start set to default.
Console> (enable) show spantree portfast 4/1
Portfast:default
Portfast BPDU guard is disabled.
Portfast BPDU filter is disabled.
Console> (enable)
Understanding How PortFast BPDU Guard Works
Configuring PortFast BPDU Guard
These sections describe how to configure PortFast BPDU guard on the switch:
•Disabling PortFast BPDU Guard
Enabling PortFast BPDU Guard
The PortFast feature is configured on an individual port and the PortFast BPDU guard option is configured either globally or on a per-port basis.
When you disable PortFast on a port, PortFast BPDU guard becomes inactive. The port configuration overrides the global configuration unless the port configuration is set to default. If the port configuration is set to default, the global configuration is checked. If the port configuration is enabled, the port configuration is used and the global configuration is not.
To enable and verify PortFast BPDU guard on a nontrunking switch port, perform this procedure in privileged mode:
This example shows how to enable PortFast BPDU guard on module 6 port 1, and verify the configuration in the Per VLAN Spanning Tree + (PVST+) mode: To disable PortFast BPDU guard, perform this procedure in privileged mode: This example shows how to disable PortFast BPDU guard on the switch and verify the configuration: BPDU filtering allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system. When you enable PortFast on the switch, spanning tree places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states. By default, spanning tree sends BPDUs from all ports regardless of whether PortFast is enabled. BDPU filtering is on a per-switch basis; after you enable BPDU filtering, it applies to all PortFast-enabled ports on the switch. These sections describe how to configure PortFast BPDU filtering on the switch: • •Console> (enable) set spantree portfast bpdu-guard 6/1 enable
Spantree port 6/1 bpdu guard enabled.
Console> (enable)
Console> (enable) show spantree summary
Root switch for vlans: none.
Portfast bpdu-guard enabled for bridge.
Uplinkfast disabled for bridge.
Backbonefast disabled for bridge.
Vlan Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
1 0 0 0 4 4
2 0 0 0 4 4
3 0 0 0 4 4
4 0 0 0 4 4
5 0 0 0 4 4
6 0 0 0 4 4
10 0 0 0 4 4
20 0 0 0 4 4
50 0 0 0 4 4
100 0 0 0 4 4
152 0 0 0 4 4
200 0 0 0 5 5
300 0 0 0 4 4
400 0 0 0 4 4
500 0 0 0 4 4
521 0 0 0 4 4
524 0 0 0 4 4
570 0 0 0 4 4
801 0 0 0 0 0
802 0 0 0 0 0
850 0 0 0 4 4
917 0 0 0 4 4
999 0 0 0 4 4
1003 0 0 0 0 0
1005 0 0 0 0 0
Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
Total 0 0 0 85 85
Console> (enable)
Disabling PortFast BPDU Guard
Console > (enable) set spantree portfast bpdu-guard disable
Spantree portfast bpdu-guard disabled on this switch.
Console> (enable) show spantree summary
Summary of connected spanning tree ports by vlan
Portfast bpdu-guard disabled for bridge.Uplinkfast disabled for bridge.
Backbonefast disabled for bridge.
Vlan Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
1 0 0 0 4 4
2 0 0 0 4 4
3 0 0 0 4 4
4 0 0 0 4 4
5 0 0 0 4 4
6 0 0 0 4 4
10 0 0 0 4 4
20 0 0 0 4 4
50 0 0 0 4 4
100 0 0 0 4 4
152 0 0 0 4 4
200 0 0 0 5 5
300 0 0 0 4 4
400 0 0 0 4 4
500 0 0 0 4 4
521 0 0 0 4 4
524 0 0 0 4 4
570 0 0 0 4 4
801 0 0 0 0 0
802 0 0 0 0 0
850 0 0 0 4 4
917 0 0 0 4 4
999 0 0 0 4 4
1003 0 0 0 0 0
1005 0 0 0 0 0
Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
Total 0 0 0 85 85
Console> (enable)
Understanding How PortFast BPDU Filtering Works
Configuring PortFast BPDU Filtering
Enabling PortFast BPDU Filtering Disabling PortFast BPDU Filtering Enabling PortFast BPDU Filtering
To enable PortFast BPDU filtering on as single port, perform this procedure in privileged mode:
By default, BPDU filtering is set for each port. This example shows how to enable PortFast BPDU filtering on the port and verify the configuration in PVST+ mode: To disable PortFast BPDU filtering on a switch, perform this procedure in privileged mode: Step 1 Disable PortFast BPDU filter on the switch. set spantree portfast bpdu-filter disable Step 2 Verify the PortFast BPDU filter setting. show spantree summary The following example shows how to disable PortFast BPDU filtering on the switch and verify the configuration: Console> (enable) set spantree portfast bpdu-filter 6/1 enable
Warning:Ports enabled with bpdu filter will not send BPDUs and drop all
received BPDUs. You may cause loops in the bridged network if you misuse
this feature.
Console> (enable) show spantree summary
Root switch for vlans: none.
Portfast bpdu-filter enabled for bridge.
Uplinkfast disabled for bridge.
Backbonefast disabled for bridge.
Vlan Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
1 0 0 0 4 4
2 0 0 0 4 4
3 0 0 0 4 4
4 0 0 0 4 4
5 0 0 0 4 4
6 0 0 0 4 4
.
.
.
850 0 0 0 4 4
917 0 0 0 4 4
999 0 0 0 4 4
1003 0 0 0 0 0
1005 0 0 0 0 0
Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
Total 0 0 0 85 85
Console> (enable)
Disabling PortFast BPDU Filtering
Console> (enable) set spantree portfast bpdu-filter disable
Spantree portfast bpdu-filter disabled on this switch.
Console> (enable) show spantree summary
Summary of connected spanning tree ports by vlan
Portfast bpdu-filter disabled for bridge.
Uplinkfast disabled for bridge.
Backbonefast disabled for bridge.
Vlan Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
1 0 0 0 4 4
2 0 0 0 4 4
3 0 0 0 4 4
4 0 0 0 4 4
5 0 0 0 4 4
6 0 0 0 4 4
10 0 0 0 4 4
20 0 0 0 4 4
50 0 0 0 4 4
100 0 0 0 4 4
152 0 0 0 4 4
200 0 0 0 5 5
300 0 0 0 4 4
400 0 0 0 4 4
500 0 0 0 4 4
521 0 0 0 4 4
524 0 0 0 4 4
570 0 0 0 4 4
801 0 0 0 0 0
802 0 0 0 0 0
850 0 0 0 4 4
917 0 0 0 4 4
999 0 0 0 4 4
1003 0 0 0 0 0
1005 0 0 0 0 0
Blocking Listening Learning Forwarding STP Active
----- -------- --------- -------- ---------- ----------
Total 0 0 0 85 85
Console> (enable)
