spanning-tree portfast (global configuration)
Enabling BPDU filtering on an interface is the same as disabling spanning tree on it and can result in
Caution
spanning-tree loops.
Use the spanning-tree portfast bpduguard default global configuration command to globally enable
BPDU guard on interfaces that are in a Port Fast-operational state. In a valid configuration, Port
Fast-enabled interfaces do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled interface
signals an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard
feature puts the interface in the error-disabled state. The BPDU guard feature provides a secure response
to invalid configurations because you must manually put the interface back in service. Use the BPDU
guard feature in a service-provider network to prevent an access port from participating in the spanning
tree.
You can override the spanning-tree portfast bpduguard default global configuration command by
using the spanning-tree bdpuguard interface configuration command.
Use the spanning-tree portfast default global configuration command to globally enable the Port Fast
feature on all nontrunking interfaces. Configure Port Fast only on interfaces that connect to end stations;
otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network
operation. A Port Fast-enabled interface moves directly to the spanning-tree forwarding state when
linkup occurs without waiting for the standard forward-delay time.
You can override the spanning-tree portfast default global configuration command by using the
spanning-tree portfast interface configuration command. You can use the no spanning-tree portfast
default global configuration command to disable Port Fast on all interfaces unless they are individually
configured with the spanning-tree portfast interface configuration command.
Examples
This example shows how to globally enable the BPDU filtering feature:
Switch(config)# spanning-tree portfast bpdufilter default
This example shows how to globally enable the BPDU guard feature:
Switch(config)# spanning-tree portfast bpduguard default
This example shows how to globally enable the Port Fast feature on all nontrunking interfaces:
Switch(config)# spanning-tree portfast default
You can verify your settings by entering the show running-config privileged EXEC command.
Related Commands
Command
show running-config
spanning-tree bpdufilter
spanning-tree bpduguard
spanning-tree portfast (interface
configuration)
Catalyst 2960 Switch Command Reference
2-452
Chapter 2 Catalyst 2960 Switch Cisco IOS Commands
Description
Displays the current operating configuration. For syntax
information, select Cisco IOS Configuration Fundamentals
Command Reference, Release 12.2 > File Management
Commands > Configuration File Management Commands.
Prevents an interface from sending or receiving BPDUs.
Puts an interface in the error-disabled state when it receives a
BPDU.
Enables the Port Fast feature on an interface in all its associated
VLANs.
78-16882-01