Spanning Tree Protocol (STP) and PortFast

The time Spanning Tree Protocol (STP) takes to transition ports over to the Forwarding state can cause problems. PortFast is a Cisco network function which can be configured to resolve this problem.

This factor of time is not an issue for many people, but it can cause problems for some. For example, if you power up my computer in the morning, power goes to the network card immediately, and the port on the switch enters the Listening state.

By the time the OS wants to start up the network card drivers and get an address from DHCP, the port on the switch is in Forwarding state, which works well most of the time.

If, however, you had unplugged the NIC on the laptop to move it to another desk, Windows will tell you that it has a problem communicating on the network. Why? The NIC connected to the port changed the link state of the port to Up, Windows immediately tried to get a DHCP address, but the port is not yet in a Forwarding state.

This is a common problem when using STP on your network. In a few more seconds, Windows will attempt to get an IP address again, and it will succeed.

The other time you may see this issue is with Pre-Boot Execution (PXE) devices, such as Windows Deployment Services. The following figure shows a typical PXE implementation. Here is what happens with PXE:

You apply power to your computer, which activates the NIC, but less than five seconds later, the computer’s POST finishes and the NIC attempts to get an IP address from DHCP so that it can load a boot image directly from the PXE server, which fails.

The computer attempts to get an IP address from a DHCP server several times within approximately 10 seconds, after which it gives up and moves onto another boot device, such as the hard drive. The unfortunate part of this process is that because it fails to get an IP address or connect with the PXE server, you are not able to install your new operating system image on that computer.

The problem with this scenario is that because STP makes the computer wait 45 seconds prior to forwarding traffic on the port, the PXE network boot has timed out.

image0.jpg

PortFast is the solution to this problem of delays when client computers are connecting to switches. PortFast is not enabled by default. With PortFast enabled on a port, you effectively take the port and tell spanning tree not to implement STP on that port.

This solution is not a bad one if only one computer is plugged into the port — so that people will not be creating accidental loops on the network, which can be frighteningly easy to do.

Setting PortFast on all ports

While there may be some ports you want to exclude from the PortFast configuration, if you want most ports to use PortFast you make that default setting. To set PortFast on all ports from Global Configuration mode, use the command spanning-tree portfast default:

Switch2> enable
Switch2# configure terminal 
Switch2(config)#spanning-tree portfast ?
  bpdufilter  Enable portfast bdpu filter on this switch
  bpduguard   Enable portfast bpdu guard on this switch
  default     Enable portfast by default on all access ports

Setting PortFast on specific ports

You can also implement PortFast on specific ports, as illustrated here, where the following command enables PortFast for FastEthernet ports 1 through 10. Notice the big warning about the dangers of PortFast.

Switch2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch2(config)#interface range
Switch2(config)#interface range fastEthernet 0/1 -10
Switch2(config-if-range)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 interface when portfast is enabled, can cause temporary bridging loops.
 Use with CAUTION
%Portfast will be configured in 10 interfaces due to the range command
 but will only have effect when the interfaces are in a non-trunking mode.
Switch2(config-if-range)#end

The BPDU Guard option removes the danger expressed in the warning. In this case, I incorrectly selected my ports, and ports 1 and 2 should have spanning tree enabled normally on them.

BPDU Guard throws up warnings right away to prevent the loop that has been created from causing a problem on my network. When a PortFast port with BPDU Guard on it sees a BPDU frame, the action causes the switch to say, “Hey, this port is configured incorrectly!” and immediately the switch puts that port in an error state.

Switch2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch2(config)#interface range fastEthernet 0/1 -10
Switch2(config-if-range)#spanning-tree bpduguard enable
Switch2(config-if-range)#
3d14h: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/2 with BPDU Guard enabled. Disabling port.
3d14h: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/2, putting Fa0/2 in err-disable state
3d14h: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet0/1 with BPDU Guard enabled. Disabling port.
3d14h: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/1, putting Fa0/1 in err-disable state
3d14h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
3d14h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
3d14h: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down
3d14h: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down
Switch2(config-if-range)#end

To correct the error state on the port, connect to that port in Interface Configuration mode and then shut down and re-enable those ports as shown here:

Switch2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch2(config)#interface range
Switch2(config)#interface range fastEthernet 0/1 -10
Switch2(config-if-range)#shutdown
Switch2(config-if-range)#no shutdown
blog comments powered by Disqus
Advertisement

Inside Dummies.com