2.1.f Implement and troubleshoot spanning-tree

2.1.f [iii] port fast, BPDUguard, BPDUfilter

If you connect an end-host with a single NIC card or an IP phone to a switch port, the connection cannot create a physical loop. These connections are considered leaf nodes. There is no reason to make the workstation wait 30 seconds (15 seconds listening and 15 seconds learning) while the switch checks for loops if the workstation cannot cause a loop. Cisco added the PortFast or fast-start feature. With this feature, the STP for this port assumes that the port is not part of a loop and immediately moves to the forwarding state and does not go through the blocking, listening, discarding, or learning states . You should never use the PortFast feature on switch ports (e.g. root or designated) that connect to other switches, hubs, or routers.

The STP PortFast BPDU guard enhancement allows network designers to enforce the STP domain borders and keep the active topology predictable. The devices behind the ports that have STP PortFast enabled are not able to influence the STP topology. At the reception of BPDUs, the BPDU guard operation disables the port that has PortFast configured. The BPDU guard transitions the port into errdisable state, and a message appears on the console. This message is an example:

%SPANTREE-2-RX_PORTFAST:Received BPDU on PortFast enable port.

Disabling 2/ 1

%PAGP-5-PORTFROMSTP:Port 2/ 1 left bridge port 2/ 1

BPDU filtering allows you to avoid transmitting BPDU on PortFast-enabled ports that are connected to an end system. When you enable PortFast on the switch, spanning tree immediately places ports in the forwarding state, instead of cycling through the listening, learning, and forwarding states. By default, spanning tree sends BPDUs from all ports regardless of whether PortFast is enabled. BDPU filtering is on a per-switch basis; after you enable BPDU filtering, it applies to all PortFast-enabled ports on the switch effectively disabling STP for those ports.

Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 1818-1819).  . Kindle Edition.