Spanning Tree Portfast

PortFast is a Spanning Tree enhancement added to RSTP and MST to allow host-connected interfaces to quickly transition from blocking state to forwarding. PortFast accomplishes this by allowing edge interfaces to transition directly from blocking to forwarding, which is much faster than the normal blocking > listening > learning > forwarding process.

PortFast also prevents Spanning Tree Topology Change Notifications from being sent to the root bridge when PortFast ports change state. Normally, every time a switch interface transitions from blocking to forwarding (or vise versa) a TCN is generated, forwarded towards the Root Bridge, and the entire network must age out their MAC tables since a change has been detected. This can lead to continuous TCN flooding and MAC relearning in networks with clients that are often disconnected/reconnected. PortFast stops that cycle by preventing the TCNs from being sent on edge ports.

Also, PortFast interfaces send STP BPDUs but do not expect to receive them. BPDUs would only be received if another switch was directly connected to the interface and could lead to switching loops. If a BPDU is received, the PortFast interface will be operationally disabled and will require a shut/no shut to bring the interface back up.

A common issue with host-connected switch ports not running the PortFast feature is DHCP timeouts. If the client DHCP discovery period ends before the port transitions to the forwarding state, DHCP timeout errors can occur. Some overly sensitive DHCP clients do not wait the the 30 seconds that normal STP ports take to transition through the listening and learning states and therefore will give up prematurely. PortFast fixes that.

Configuring PortFast

There are two ways to configure the PortFast feature on a Cisco switch. PortFast can be applied at the individual port level using the spanning-tree portfast command or globally using the spanning-tree portfast default command. Keep in mind that both of these commands only apply to ports operating in access mode. The idea is that interfaces with directly-connected host would operate in access mode while interfaces connected to other switches would operate in trunk mode.

Option 1: Interface-level PortFast Configuration

SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#interface Gig1/0/10
SW1(config-if)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc… to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

%PortFast has been configured on GigabitEthernet1/0/10 but will only
have effect when the interface is in a non-trunking mode.

Notice the warnings in the output above. Cisco does a good job of making it clear that enabling PortFast should be configured on host-connected interfaces only.

Option 2: Global PortFast Configuration

SW1(config)#spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.

When PortFast is enabled globally, it can be explicitly disabled on individual ports using the spanning-tree portfast disable interface subcommand.

Additional PortFast Commands

PortFast Host Configuration

Cisco has created a handy interface-level command, switchport host, that acts like a macro to automatically optimize an interface for host connectivity. As you can see in the output below, it configures static access mode, PortFast, and disables any preexisting EtherChannel configuration on the interface by executing their individual commands.

SW1(config)#int gig1/0/10
SW1(config-if)#switchport host
switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled

Be aware that there is not a “no” option to the switchport host command. To undo its benefits, an administrator must change the mode, PortFast, or channel group configurations separately.

SW1(config-if)#no switchport host
The ‘no’ form of this command has no effect on the system.

PortFast Trunk Configuration

PortFast does not apply to interfaces operating in trunking mode, however the interface-level spanning-tree portfast trunk command was added to do just that. This is commonly used when a router or server is directly connected and multiple VLANs need to be trunked to the connected device.

SW1(config)#int gig1/0/10
SW1(config-if)#spanning-tree portfast trunk
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc… to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

Be careful to never activate PortFast on a port connected to another switch. This bypasses the normal loop prevention mechanisms in Spanning Tree and can lead to switching loops. Let modern implementations of Spanning Tree like RSTP or MST handle fast switch-to-switch negotiation.

Author Aaron

Aaron knows networks. He's been involved in building and supporting world-class data networks for the past 10 years - from international cloud service providers to Fortune 50 data centers. Aaron consults independently and is focused on building the best training platform available.

More posts by Aaron

Leave a Reply