Should portfast be used on a port potentially connecting to an unmanaged switch?

  • I understand the basics of how spanning tree works and why you would want to use portfast on user access ports.

    When dealing with a topology with a large number of dumb switches under desks and other undocumented locations do you really want to enable this on all "supposedly" access switches?

    Apart from trying to track down these unmanaged switches what is best practice? Why?

  • ytti

    ytti Correct answer

    9 years ago

    You should run 'port-fast' (in standard terms edge port) in every port not part of your switch core. Even if it is switch.

    You should NOT have L2 loop through customer switches.

    You should run BPDUGuard and BUM policers all interfaces, customer facing interfaces should be 1/5th or less of core facing limits. Unfortunately limiting unknown unicast often is not supported.

    Why running 'port-fast' or edge is crucial is performance of RSTP (and by extension MST) rely on it. How RSTP works is it asks downstream if it can go to forwarding mode, and downstream asks its downstreams until there are no more ports to ask frmo, then the permission propagates back up. Port-fast or edge port is implicit permission from RSTP point-of-view, if you remove this implicit permission, explicit permission must be gotten otherwise it'll fall back to classic STP timers. Which means even one non-portfast port will kill your subsecond RSTP converge.

    As full disclosure I got one down vote on this. If I've stated something incorrect, I would much appreciate being corrected, thanks.

    I'm curious as to what the difference between 'switch core' and 'switch' is? Is this in the context of an ISP, or an enterprise network?

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM