Understanding Optional Spanning-Tree Features
Understanding Port Fast
Port Fast immediately brings an interface configured as an access or trunk port to the forwarding state
from a blocking state, bypassing the listening and learning states. You can use Port Fast on ports
connected to a single workstation or server, as shown in
immediately connect to the network, rather than waiting for the spanning tree to converge.
Ports connected to a single workstation or server should not receive bridge protocol data units (BPDUs).
A port with Port Fast enabled goes through the normal cycle of spanning-tree status changes when the
switch is restarted.
Because the purpose of Port Fast is to minimize the time ports must wait for spanning-tree to converge,
Note
it is effective only when used on ports connected to end stations. If you enable Port Fast on a port
connecting to another switch, you risk creating a spanning-tree loop.
You can enable this feature by using the spanning-tree portfast interface configuration or the
spanning-tree portfast default global configuration command.
Figure 16-1 Port Fast-Enabled Ports
Workstations
Understanding BPDU Guard
The BPDU guard feature can be globally enabled on the switch or can be enabled per interface, but the
feature operates with some differences.
At the global level, you can enable BPDU guard on Port Fast-enabled ports by using the spanning-tree
portfast bpduguard default global configuration command. Spanning tree shuts down ports that are in
a Port Fast-operational state. In a valid configuration, Port Fast-enabled ports do not receive BPDUs.
Receiving a BPDU on a Port Fast-enabled port signals an invalid configuration, such as the connection
of an unauthorized device, and the BPDU guard feature puts the port in the error-disabled state.
At the interface level, you can enable BPDU guard on any port by using the spanning-tree bpduguard
enable interface configuration command without also enabling the Port Fast feature. When the port
receives a BPDU, it is put in the error-disabled state.
The BPDU guard feature provides a secure response to invalid configurations because you must
manually put the port back in service. Use the BPDU guard feature in a service-provider network to
prevent an access port from participating in the spanning tree.
Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide
16-2
Port
Fast-enabled
ports
Workstations
Chapter 16
Configuring Optional Spanning-Tree Features
Figure
16-1, to allow those devices to
Server
Port
Fast-enabled port
78-11380-10