Spanning Tree Configuration

PVST+ Configuration

PortFast is a Cisco feature for PVST+ environments. When a switch port is configured with PortFast that port transitions from blocking to forwarding state immediately, bypassing the usual 802.1D STP transition states (the listening and learning states). You can use PortFast on access ports to allow these devices to connect to the network immediately, rather than waiting for IEEE 802.1D STP to converge on each VLAN. Access ports are ports which are connected to a single workstation or to a server.

In a valid PortFast configuration, BPDUs should never be received, because that would indicate that another bridge or switch is connected to the port, potentially causing a spanning tree loop. Cisco switches support a feature called BPDU guard. When it is enabled, BPDU guard puts the port in an error-disabled state on receipt of a BPDU. This will effectively shut down the port. The BPDU guard feature provides a secure response to invalid configurations because you must manually put the interface back into service.

Cisco PortFast technology is useful for DHCP. Without PortFast, a PC can send a DHCP request before the port is in forwarding state, denying the host from getting a usable IP address and other information. Because PortFast immediately changes the state to forwarding, the PC always gets a usable IP address.

Note: Because the purpose of PortFast is to minimize the time that access ports must wait for spanning tree to converge, it should only be used on access ports. If you enable PortFast on a port connecting to another switch, you risk creating a spanning tree loop.

To configure PortFast on a switch port, enter the spanning-tree portfast interface configuration mode command on each interface that PortFast is to be enabled, as shown in Figure 2. The spanning-tree portfast default global configuration mode command enables PortFast on all nontrunking interfaces.

To configure BPDU guard on a Layer 2 access port, use the spanning-tree bpduguard enable interface configuration mode command. The spanning-tree portfast bpduguard default global configuration command enables BPDU guard on all PortFast-enabled ports.

To verify that PortFast and BPDU guard has been enabled for a switch port, use the show running-config command, as shown in Figure 3. PortFast and BPDU guard are disabled, by default, on all interfaces.

Use the Syntax Checker in Figure 4 to configure and verify switches S1 and S2 with PortFast and BPDU guard.