Configuring Rapid-PVST, PortFast and BPDU Guard in Cisco Switch - Netizzan

Configuring Rapid-PVST, PortFast and BPDU Guard in Cisco Switch

Rapid-PVST, PortFast, and BPDU Guard are three layer 2 technology that work together to prevent accidental loops in the network and also enhance immediate access to the network when a host device is plugged into a switchport.

When connecting multiple switches together, they undergo a negotiation process to determine the root bridge and non-root bridges. This process, known as the Spanning Tree Protocol, helps to prevent loops within a network topology.

During the negotiation process, the link lights typically appear yellow, and the switches exchange Bridge Protocol Data Units (BPDUs). After this negotiation, the root bridge is elected, and the switches can now forward traffic without introducing loops.

By default, Cisco switches utilize an algorithm to elect the root bridge. However, it is possible to manually configure a root bridge on a specific switch by designating it as the primary root and others as secondary roots.

While the Spanning Tree Protocol is a good layer 2 protocol, it may take up to 50 seconds for the root bridge election to complete when a new device is plugged into a switch port. The delay is contributed by the switch transitioning from listening to learning and then to a forwarding state. Although this delay might not be problematic when connecting switches, it’s worth noting that non-switch devices like laptops may also connect to switch ports, and they require immediate network access to the network. To address this, configuring inactive port as an access port and enabling PortFast ensures prompt communication when access devices are plugged in.

While configuring PortFast on unused interfaces resolves access device connection delays, it’s essential to consider scenarios where switches might accidentally be plugged into these ports. This could potentially cause network loops as the switch wouldn’t re-elect the root bridge. To mitigate such situations, enabling BPDU guards is necessary. BPDU guard disables ports configured as access ports upon receiving a BPDU, which is part of the Spanning Tree Protocol, thereby preventing network loops.

In this post, we will be configuring Rapid-PVST, PortFast, and BPDU Guard in Cisco Switch on a sample network topology to learn how they help prevent loops.

Network Topology

The network topology we will be making use of in this post is shown below. As you can see, it consists of three interconnected switches. The default root bridge switch is Sw1. In this demonstration, we will change the spanning tree mode to RSTP and then configure SW2 to be the root bridge.

network topology for Rapid SPT

Configuring Rapid-PVST, PortFast and BPDU Guard in Cisco Switch

Here are the steps to configure Rapid-PVST, Sw2 as the root bridge, PortFast and BPDU on the network topology above.

Step 1: Configure RSTP on the Switches

Login to SW1, SW2, SW3 and make the protocol mode RSTP.

SW1

SW1(config)#spanning-tree mode rapid-pvst

SW2

SW2(config)#spanning-tree mode rapid-pvst

SW3

SW3(config)#spanning-tree mode rapid-pvst

Step 2: Check which of the Switch is the root bridge for VLAN 1

SW1

SW1#show spanning-tree

VLAN0001
  Spanning tree enabled protocol rstp	<-- Rapid-PVST mode
  Root ID    Priority    32769
             Address     aabb.cc00.1a00
             This bridge is the root	<-- SW1 is the root bridge for VLAN1
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     aabb.cc00.1a00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Desg FWD 100       128.1    Shr 
Et0/1               Desg FWD 100       128.2    Shr 
Et0/2               Desg FWD 100       128.3    Shr 
Et0/3               Desg FWD 100       128.4    Shr

 SW2

SW2#show spanning-tree 

VLAN0001
  Spanning tree enabled protocol rstp	<-- Rapid-PVST mode
  Root ID    Priority    32769
             Address     aabb.cc00.1a00
             Cost        100
             Port        1 (Ethernet0/0)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     aabb.cc00.2a00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Root FWD 100       128.1    Shr 
Et0/1               Desg FWD 100       128.2    Shr 
Et0/2               Desg FWD 100       128.3    Shr 
Et0/3               Desg FWD 100       128.4    Shr 

 SW3

SW3#show spanning-tree 

VLAN0001
  Spanning tree enabled protocol rstp	<-- Rapid-PVST mode
  Root ID    Priority    32769
             Address     aabb.cc00.1a00
             Cost        100
             Port        2 (Ethernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     aabb.cc00.3a00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Desg FWD 100       128.1    Shr 
Et0/1               Root FWD 100       128.2    Shr 
Et0/2               Altn BLK 100       128.3    Shr 
Et0/3               Desg FWD 100       128.4    Shr

As shown above, SW1 is the current root bridge.

Step 3: Configure SW2 as the root bridge for VLAN1

You can do this using the command below;

SW2(config)#spanning-tree vlan 1 priority 28672 <-- (A lower priority value will be considered as the Root bridge.)

OR

SW2(config)#spanning-tree vlan 1 root primary

Step 4: Verify that SW2 has taken up the root bridge for VLAN1

This can be done using the below show command

SW2#show spanning-tree vlan 1

VLAN0001
  Spanning tree enabled protocol rstp
  Root ID    Priority    28673
             Address     aabb.cc00.2a00
             This bridge is the root <-- SW2 is the root bridge for VLAN1
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    28673  (priority 28672 sys-id-ext 1)
             Address     aabb.cc00.2a00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Desg FWD 100       128.1    Shr 
Et0/1               Desg FWD 100       128.2    Shr 
Et0/2               Desg FWD 100       128.3    Shr 
Et0/3               Desg FWD 100       128.4    Shr 

As highlighted in above, Sw2 has taken up the root bridge role.

Step 5: Configure PortFast

Make the ports that are connected to the PCs as Edge ports (Portfast)

SW2

SW2(config)#interface ethernet0/1
SW2(config-if)#switchport mode access
SW2(config-if)#spanning-tree portfast

SW3

SW3(config)#interface ethernet0/0
SW3(config-if)#switchport mode access 
SW3(config-if)#spanning-tree portfast

Step 6: Configure BPDU Guard

Prevent other switches, which are not PCs, from connecting to this interface using BPDU Guard.

SW2

SW2(config-if)#spanning-tree bpduguard enable

SW3

SW3(config-if)#spanning-tree bpduguard enable

 

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top