Rapid-PVST, PortFast, and BPDU Guard are three layer 2 technology that work together to prevent accidental loops in the network and also enhance immediate access to the network when a host device is plugged into a switchport.
When connecting multiple switches together, they undergo a negotiation process to determine the root bridge and non-root bridges. This process, known as the Spanning Tree Protocol, helps to prevent loops within a network topology.
During the negotiation process, the link lights typically appear yellow, and the switches exchange Bridge Protocol Data Units (BPDUs). After this negotiation, the root bridge is elected, and the switches can now forward traffic without introducing loops.
By default, Cisco switches utilize an algorithm to elect the root bridge. However, it is possible to manually configure a root bridge on a specific switch by designating it as the primary root and others as secondary roots.
While the Spanning Tree Protocol is a good layer 2 protocol, it may take up to 50 seconds for the root bridge election to complete when a new device is plugged into a switch port. The delay is contributed by the switch transitioning from listening to learning and then to a forwarding state. Although this delay might not be problematic when connecting switches, it’s worth noting that non-switch devices like laptops may also connect to switch ports, and they require immediate network access to the network. To address this, configuring inactive port as an access port and enabling PortFast ensures prompt communication when access devices are plugged in.
While configuring PortFast on unused interfaces resolves access device connection delays, it’s essential to consider scenarios where switches might accidentally be plugged into these ports. This could potentially cause network loops as the switch wouldn’t re-elect the root bridge. To mitigate such situations, enabling BPDU guards is necessary. BPDU guard disables ports configured as access ports upon receiving a BPDU, which is part of the Spanning Tree Protocol, thereby preventing network loops.
In this post, we will be configuring Rapid-PVST, PortFast, and BPDU Guard in Cisco Switch on a sample network topology to learn how they help prevent loops.
Network Topology
The network topology we will be making use of in this post is shown below. As you can see, it consists of three interconnected switches. The default root bridge switch is Sw1. In this demonstration, we will change the spanning tree mode to RSTP and then configure SW2 to be the root bridge.
Configuring Rapid-PVST, PortFast and BPDU Guard in Cisco Switch
Here are the steps to configure Rapid-PVST, Sw2 as the root bridge, PortFast and BPDU on the network topology above.
Step 1: Configure RSTP on the Switches
Login to SW1, SW2, SW3 and make the protocol mode RSTP.
SW1
SW1(config)#spanning-tree mode rapid-pvst
SW2
SW2(config)#spanning-tree mode rapid-pvst
SW3
SW3(config)#spanning-tree mode rapid-pvst
Step 2: Check which of the Switch is the root bridge for VLAN 1
SW1
SW1#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp <-- Rapid-PVST mode
Root ID Priority 32769
Address aabb.cc00.1a00
This bridge is the root <-- SW1 is the root bridge for VLAN1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address aabb.cc00.1a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 Shr
Et0/1 Desg FWD 100 128.2 Shr
Et0/2 Desg FWD 100 128.3 Shr
Et0/3 Desg FWD 100 128.4 Shr
SW2
SW2#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp <-- Rapid-PVST mode
Root ID Priority 32769
Address aabb.cc00.1a00
Cost 100
Port 1 (Ethernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address aabb.cc00.2a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Root FWD 100 128.1 Shr
Et0/1 Desg FWD 100 128.2 Shr
Et0/2 Desg FWD 100 128.3 Shr
Et0/3 Desg FWD 100 128.4 Shr
SW3
SW3#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp <-- Rapid-PVST mode
Root ID Priority 32769
Address aabb.cc00.1a00
Cost 100
Port 2 (Ethernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address aabb.cc00.3a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 Shr
Et0/1 Root FWD 100 128.2 Shr
Et0/2 Altn BLK 100 128.3 Shr
Et0/3 Desg FWD 100 128.4 Shr
As shown above, SW1 is the current root bridge.
Step 3: Configure SW2 as the root bridge for VLAN1
You can do this using the command below;
SW2(config)#spanning-tree vlan 1 priority 28672 <-- (A lower priority value will be considered as the Root bridge.)
OR
SW2(config)#spanning-tree vlan 1 root primary
Step 4: Verify that SW2 has taken up the root bridge for VLAN1
This can be done using the below show command
SW2#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 28673
Address aabb.cc00.2a00
This bridge is the root <-- SW2 is the root bridge for VLAN1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)
Address aabb.cc00.2a00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Desg FWD 100 128.1 Shr
Et0/1 Desg FWD 100 128.2 Shr
Et0/2 Desg FWD 100 128.3 Shr
Et0/3 Desg FWD 100 128.4 Shr
As highlighted in above, Sw2 has taken up the root bridge role.
Step 5: Configure PortFast
Make the ports that are connected to the PCs as Edge ports (Portfast)
SW2
SW2(config)#interface ethernet0/1
SW2(config-if)#switchport mode access
SW2(config-if)#spanning-tree portfast
SW3
SW3(config)#interface ethernet0/0
SW3(config-if)#switchport mode access
SW3(config-if)#spanning-tree portfast
Step 6: Configure BPDU Guard
Prevent other switches, which are not PCs, from connecting to this interface using BPDU Guard.
SW2
SW2(config-if)#spanning-tree bpduguard enable
SW3
SW3(config-if)#spanning-tree bpduguard enable
I am a passionate Networking Associate specializing in Telecommunications.
With a degree in Electronic engineering, I possess a strong understanding of electronic systems and the intricacies of telecommunications networks. I gained practical experience and valuable insights working for a prominent telecommunications company.
Additionally, I hold certifications in networking, which have solidified my expertise in network architecture, protocols, and optimization.
Through my writing skills, I aim to provide accurate and valuable knowledge in the networking field.
Connect with me on social media using the links below for more insights.
You can contact me using [email protected] or connect with me using any of the social media account linked below