From: Bob Sinclair (bob@bobsinclair.net)
Date: Sun Apr 15 2007 - 14:57:26 ART
Greg,
Interesting observations. Some of what you observe is due to
differences between the 3560 and the 3550. See comments inline.
ggombas@gmail.com wrote:
> Hello groupstudy,
>
> I was hoping to clear up some misconceptions regarding the spanning tree portfast and bpdufilter feature on Cisco switches.
>
> In some Cisco texts and even on this group I have read that a port configured with portfast and bpdufilter "loses its Port Fast-operational status, and BPDU filtering is disabled" when it hears a BPDU.
>
> In reality I have seen the opposite. In the example below I configured a Cat 3560 swithport with portfast and bpdufilter and connected it to another switch configured as the root.
>
>
cut
> By the way - the default behavior of a switch is to remove a port from portfast mode when it hears a BPDU on that port (whether bpdufilter is configured or not).
>
CAT4 is a 3560 and port f0/13 an access port and an STP designated
port. By default, the reception of a bpdu appears to disable portfast:
CAT4(config-if)#span portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on FastEthernet0/13 but will only
have effect when the interface is in a non-trunking mode.
CAT4(config-if)#end
CAT4#sh span int f0/13 portfast
VLAN0001 disabled <<<<<<<<<<<<<<<<<<<<<<<
CAT1 is a 3550. Same configs do not disable portfast:
CAT1(config)#int f0/13
CAT1(config-if)#span portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on FastEthernet0/13 but will only
have effect when the interface is in a non-trunking mode.
CAT1(config-if)#end
CAT1#sh span int f0/13 portfast
VLAN0001 enabled <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
On the 3550, the GLOBAL command below will cause portfast ports that
receive bpdus to disable portfast. When you use the global command, and
a portfast port receives a bpdu, portfast is disabled, and the port
does not filter bpdus.
CAT1(config)#span portfast bpdufilter default
CAT1(config)#end
CAT1#sh span int f0/13 portfast
VLAN0001 enabled
CAT1#sh span int f0/13 portfast
VLAN0001 enabled
CAT1#sh span int f0/13 portfast
VLAN0001 enabled
CAT1#sh span int f0/13 portfast
VLAN0001 enabled
CAT1#sh span int f0/13 portfast
VLAN0001 disabled <<<<<<<<<<<<<<<<<<<<<<<<<
CAT1#
Important to distinguish between the global portfast bpdufilter default
command and the interface level command. The global command keeps
portfast ports from sending bpdus as long as portfast is enabled. But
if a bpdu is received, then portfast is disabled and there is no bpdu
filtering.
The interface command keeps the port from sending or receiving bpdus no
matter the portfast status.
Also important to note the difference between the 3550 and 3560. As
you say, the 3560 does disable portfast automatically, by default, when
a bpdu is received. The 3550 does not; it requires the global portfast
bpdufilter default command.
At least, this is what I am seeing :-)
-- Hth,Bob Sinclair CCIE 10427 CCSI 30427 www.netmasterclass.net
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART