• Skip to main content
  • Skip to header right navigation
  • Skip to site footer

Roger Perkin

Network Automation Architect

  • Network Automation
    • Network Automation Courses
    • What is NetDevOps?
    • Workflow Orchestration
    • Ansible Automation Platform
    • Ansible Workshop
    • What is Network Automation?
    • Network Automation Tools
    • ContainerLab
    • Ansible Training
      • What is Ansible?
      • Ansible Tutorial for Beginners
      • Ansible Network Automation
      • Ansible Inventory Example
    • Python Network Automation
      • Nornir
      • Python Network Automation Course
      • Python for Network Engineers
      • Python VENV / Virtual Environment Tutorial
      • Python Tutorial for Beginners
      • pyATS
    • Network Source of Truth
      • NetBox
      • Infrahub
    • NetDevops
    • DevOps Tutorial
      • Git Training
      • Terraform Training
      • Linux Training
      • Kubernetes Training
      • Devops Training Course
      • Azure Devops Training
    • Terraform
    • GIT
      • Git Commands
      • What is GitHub?
    • Docker Training
    • Confluence
    • Microsoft Azure
  • Cisco
    • ISE
    • SD WAN Training
    • Password Recovery
    • Software-Upgrade-Guides
    • BGP
    • Data Center
    • WIRELESS
  • CCIE
  • Blog
  • About
    • My Red Special Guitar
  • Contact

Spanning-Tree Portfast – The Definitive Guide

Home » CCIE Certification » CCIE Lab Training

The spanning-tree portfast command is a very simple feature but often mis-understood.
In this short post I will explore how this feature behaves, how it works and how to configure it on a cisco switch.
Portfast is a Cisco Propietary feature that was originally developed to overcome an issue when a PC was trying to obtain a DHCP address and going past the DHCP process before the port had gone into a forwarding state. The portfast feature brought the port into a forwarding state as soon as it came up enabling the PC to obtain a DHCP address. The feature was then standardised and is now called the Edge port.

This is the main point to be remembered.

An interface that has portfast configured on it will skip the listening and learning phases of spanning tree but only when the interface comes up.

Configuring Spanning Tree Portfast

There are two ways of configuring portfast globally and per interface.

In both cases these features are conditional upon incoming BPDUs

If portfast is configured on a port and it receives a BPDU the port will disable the portfast feature.

Another mis-conception is that when portfast is enabled on a port that it will stop sending BPDUs, this is not true the only thing that enabling portfast on a cisco switch does is to disable the listening and learning phases, all other elements are still there. BPDUs will still be sent and BPDUs being received will be processed.

Interface Configuration

To configure an interface with portfast, under the interface configuration simply enter the command spanning-tree portfast
you will receive a warning which I will explain later.

SW1#conf t
SW1#int fa0/23
SW#(config-if)#spanning-tree portfast

%Warning: Portfast should only be enabled on ports connected to a single host. 
Connecting hubs, concentrators, switches, bridges, etc... to this interface 
when portfast is enabled, can cause temporary bridging loops.
Use with caution
%Portfast has been configured on FastEthernet0/23 but will only have effect 
when the interfaceis in a non-trunking mode.

When configuring per-interface you also have the option to configure trunk mode.

SW1(config-if)#spanning-tree portfast ?
disable Disable portfast for this interface
trunk Enable portfast on the interface even in trunk mode
<cr>

SW1(config-if)#spanning-tree portfast

This will also enable portfast on trunk links also.

Global Configuration

To configure portfast globally under global configuration mode enter the command spanning-tree portfast default

This will enable portfast on all operational access ports.

SW1(config)#spanning-tree port
SW1(config)#spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
should now disable portfast explicitly on switched ports leading to hubs,
switches and bridges as they may create temporary bridging loops.

SW1(config)#

Now this is how you actually configure it, but you also have to be very aware of the operational portfast status of a port. Other features depend on the operational status of portfast for correct operation. One of these is bpduguard.

If configured globally bpduguard will only take effect on ports that have their ports in a portfast operational status.

Irrespective of the configuration on a port the command below will show you the actual portfast operational status.

SW1#sh spanning-tree interface fa0/23 portfast 
VLAN0010 disabled

If we show the configuration on this port you will see that we have actually configured portfast

SW1#sh run int fa0/23
Building configuration...
!
interface FastEthernet0/23
 switchport access vlan 10
 switchport mode access
 spanning-tree portfast
end

So why is it disabled? The reason is because the other end of fa0/23 is connected to SW2 the port has received a BPDU and disabled the portfast status

So if we tried to enable bpduguard globally this would  have no effect at all as the portfast status is disabled. This is what we want as if this was an access port and not connected to a switch it would not be receiving BPDUs and thus the portfast status would be enabled. Then when enabling bpduguard it would be operational and be ready to shut down the port if it received any BPDUs on that port indicating that someone had connected a switch to an access port.

BPDU Guard – any received BPDU will cause the port to go into err-disabled state.

Another  feature that interacts with the operational portfast status of a port is BPDU Filter 

The video below from Marco explains the interaction better than I can.

Category: CCIE Lab Training, Spanning Tree, switchingTag: portfast, spanning tree
ansible course for network engineers
Get Access to my Ansible Course NOW
Previous Post:EIGRP Named Mode – Configuration Tutorial
Next Post:Peering with Route Serversbgp route server

Sidebar

Hi I'm Roger Perkin,
Based in the UK working as a Network Automation Architect, CCIE #50038
About Roger | Twitter | Linkedin

python course for network engineers

Topics

Network Automation
Ansible
Python for Network Automation
CCIE
Cisco ISE
F5 Certification
BGP
OSPF
Network Automation Conferences
auvik promo banner
Pluralsight Trial

Git for Network Engineers

Ansible vs Nornir

Start learning today with my Network Automation Courses

Master Ansible, Python, Git, Nornir, Jenkins and more..


Buy me a coffeeBuy me a coffee

ansible network automation course

Have you seen my YouTube Channel?

YouTube Subscribe

Let’s get started

Take a look at my premium courses on Ansible, Nornir & Git or buy them all with the Network Automation Bundle!

Network Automation Courses

Navigation

Python VENV Tutorial
Python for Network Engineers

Network Automation
Network Automation Courses
Network Discovery Tools
Network Automation Conferences
Ansible Training
What is Ansible?
Devops Tutorial
Network Source of Truth
DevOps Glossary
Network Monitoring Software

Contact

Contact

Get in touch with me here

[email protected]

  • Twitter
  • LinkedIn
  • YouTube
Buy me a coffeeBuy me a coffee

Copyright © 2025 · Roger Perkin · All Rights Reserved · Privacy Policy – Terms