Monday, 6 February 2017

STP-PortFast

Understanding How PortFast Works:
PortFast causes a switch or trunk port to enter the spanning tree forwarding state immediately, bypassing the listening and learning states.
You can use PortFast on switch or trunk ports that are connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.

NOTE:http://www.cisco.com/c/dam/en/us/td/i/templates/blank.gifYou can use PortFast to connect a single end station or a switch port to a switch port. If you enable PortFast on a port that is connected to another Layer 2 device, such as a switch, you might create network loops.
When the switch powers up, or when a device is connected to a port, the port enters the spanning tree listening state. When the Forward Delay timer expires, the port enters the learning state. When the Forward Delay timer expires a second time, the port is transitioned to the forwarding or blocking state.
When you enable PortFast on a switch or trunk port, the port is immediately transitioned to the spanning tree forwarding state.

Understanding How PortFast BPDU Guard Works:
To prevent loops from occurring in a network, the PortFast mode is supported only on nontrunking access ports because these ports typically do not transmit or receive BPDUs. The most secure implementation of PortFast is to enable it only on ports that connect end stations to switches. Because PortFast can be enabled on nontrunking ports connecting two switches, spanning tree loops can occur because BPDUs are still being transmitted and received on those ports.
PortFast BPDU guard prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning tree blocking state. In a valid configuration, PortFast-configured interfaces do not receive BPDUs. If a PortFast-configured interface receives a BPDU, an invalid configuration exists. BPDU guard provides a secure response to invalid configurations because the administrator must manually put the interface back in service.


Note http://www.cisco.com/c/dam/en/us/td/i/templates/blank.gifWhen you enable BPDU guard on the switch, spanning tree applies BPDU guard to all PortFast-configured interfaces.

Understanding How PortFast BPDU Filtering Works:
BPDU filtering allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system. When you enable PortFast on the switch, spanning tree places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states.

By default, spanning tree sends BPDUs from all ports regardless of whether PortFast is enabled. BDPU filtering is on a per-switch basis; after you enable BPDU filtering, it applies to all PortFast-enabled ports on the switch.




























For a quick Overview .Go through the below video:


PortFast
By default, all ports on a switch participate in the STP topology. This includes any port that connects to a host, such as a workstation. In most circumstances, a host represents no risk of a loop.

The host port will transition through the normal STP states, including waiting two forward delay times. Thus, a host will be without network connectivity for a minimum of 30 seconds when first powered on.

This is not ideal for a couple reasons:
• Users will be annoyed by the brief outage.
• A host will often request an IP address through DHCP during bootup.
   If the switch port is not forwarding quickly enough, the DHCP request may fail.
• Devices that boot from network may fail as well.

PortFast allows a switch port to bypass the usual progression of STP states.The port will instead transition from a blocking to a forwarding state immediately, eliminating the typical 30 second delay.

PortFast should only be enabled on ports connected to a host. If enabled on a port connecting to a switch or hub, any loop may result in a broadcast storm.

Note: PortFast does not disable STP on a port - it merely accelerates STP convergence. If a PortFast-enabled port receives a BPDU, it will transition through the normal process of STP states.





PortFast provides an additional benefit. Remember that a switch will generate a TCN if a port transitions to a forwarding or blocked state. This is true even if the port connects to a host device, such as a workstation.

Thus, powering on or off a workstation will cause TCNs to reach the Root Bridge, which will send out configuration BPDUs in response. Because the switching topology did not technically change, no outage will occur.

However, all switches will reduce the CAM aging timer to 15 seconds, thus purging MAC addresses from the table very quickly. This will increase frame flooding and reduce the efficiency and performance.

PortFast eliminates this unnecessary BPDU traffic and frame flooding. A TCN will not be generated for state changes on a PortFast-enabled port.

Portfast is disabled by default. To enable PortFast on a switch port:
SwitchD(config)# int gi1/14
SwitchD(config-if)# spanning-tree portfast
PortFast can also be globally enabled for all interfaces:
SwitchD(config)# spanning-tree portfast default

No comments:

Post a Comment

Note: only a member of this blog may post a comment.