Introduction

The purpose of this exercise is to look at PortFast, BPDUGuard and Link Bundling. This is a continuation from the VLAN exercise and the lab setup is identical:

 

STP Extended Features

PortFast

PortFast is a feature that allows end-user stations to be granted instant access to the L2 network. Instead of starting at the bottom of the Blocking-Listening-Learning-Forwarding hierarchy of states (30 seconds!), Portfast starts at the top. The port starts in Forwarding state, and if a loop is detected, STP does all its calculations and blocks the necessary ports. This feature should only be applied to ports that connect end-user stations.

It is common practice these days to configure all end user access ports with portfast to avoid delays in bringing up a link when a device is first connected to the network.

We will configure end-user ports on the Edge switches to be in PortFast mode:

interface range fast1/0 - 13
 spanning-tree portfast

Alternatively it's possible to configure all non-trunk ports as portfast, using the global configuration spanning-tree portfast default

BPDUGuard

With PortFast, end-user ports still participate in STP. That means that anything connected to those ports can send BPDUs and participate in (and affect the status of) the spanning tree calculations. For example, if the device connected to the edge port is configured with a lower bridge priority, it becomes the root switch and the tree topology becomes suboptimal.

Another useful Cisco feature that avoids this situation is BPDUGuard. At the reception of BPDUs, the BPDU guard operation disables the port that has PortFast configured.

BPDUGuard is enabled on all ports with PortFast enabled using the following command:

spanning-tree portfast bpduguard

The effect of enabling bpduguard on all ports with portfast enabled is that it is no longer possible to plug in a switch into these ports. This is a useful security device to stop end users from plugging “unauthorised” switches into the campus network.

 

Port Bundling

We now want more capacity and link redundancy between the edge switch and distribution switches. The network diagram below shows the second link between the distribution switch and the first edge switch in each building.

Configure a Port Channel between dist1-bN.campusX and edge1-bN.campusX (so, for example, between dist1-b1 and edge1-b1, and between dist1-b2 and edge1-b2, etc). Don't forget that we need to make the Port Channel interface a trunk port too - the Aggregated Link interface (known as a LAG - Link Aggregation Group) has to be of the same type as the original underlying interfaces.

On dist1-bN.campusX:

interface fast 1/12
 description First Link to edge1-bN.campusX
 switchport mode trunk
!
interface fast 1/13
 description Second Link to edge1-bN.campusX
 switchport mode trunk
!
interface port-channel 1
 description dist1-bN.campusX to edge1-bN.campusX aggregate link
 switchport mode trunk
!
interface range fast 1/12 - 13
 channel-group 1 mode on

On edge1-bN.campusX:

interface fast 1/14
 description First Link to edge1-bN.campusX
 switchport mode trunk
!
interface fast 1/15
 description Second Link to edge1-bN.campusX
 switchport mode trunk
!
interface port-channel 1
 description dist1-bN.campusX to edge1-bN.campusX aggregate link
 switchport mode trunk
!
interface range fast1/14 - 15
 channel-group 1 mode on

Verify the status:

show interface port-channel 1

What capacity do you have now on the new trunk? Hint: Look for the line that says BW ... Kbit/sec

Disable one of the ports in the bundle on dist1-b1.campusX:

interface fast 1/12
 shutdown

Is the channel still up?

Enable it again:

interface fast 1/12
 no shutdown

Note: There is a standard protocol for port bundling. It's called "LACP" (Link Aggregation Control Protocol). All modern switches support LACP, so we strongly recommend using that, instead of any proprietary versions.

 

Conclusion

This brings us to the end of the L2 exercises. In them we have: