STP / Portfast

Been reading up on STP and Portfast. Is it not trunk ports only between switches that take part in STP? If so, why do we have portfast on access ports? Do these ports also go through the listen, learning stages? I've not fully grasped STP yet so apologies if this comes across as a daft question.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

ayori

What portfast does is skip the states of STP (blocking, listening, learning - in terms of PVST) and almost immediately start forwarding frames. If you know that your access ports are only connected to workstations/servers, then why waste the time of going through the states if you know that there would be no loop on those ports? A good example is when you're doing PXE boot - sometimes you'll notice that the PC is not able to get the OS image before the timeout because it didn't get a DHCP lease which is due to the fact that port is going through its STP states to prevent a potential loop in the network and is actually not passing frames.

Portfast is typically configured with BPDUguard which disables to port of it receives a bpdu.

control

ayori wrote: »

What portfast does is skip the states of STP (blocking, listening, learning - in terms of PVST) and almost immediately start forwarding frames. If you know that your access ports are only connected to workstations/servers, then why waste the time of going through the states if you know that there would be no loop on those ports? A good example is when you're doing PXE boot - sometimes you'll notice that the PC is not able to get the OS image before the timeout because it didn't get a DHCP lease which is due to the fact that port is going through its STP states to prevent a potential loop in the network and is actually not passing frames.

Portfast is typically configured with BPDUguard which disables to port of it receives a bpdu.

Thanks for the info. Do all ports (Access and Trunks) go through STP process then when they first come online, regardless of what's connected on the other end? and If I connected another switch say to an exisiting LAN, would STP process take place again to recalculate loops on the whole LAN?

ayori

Depends on how your ports are configured (there's also the concept of rootguard) but quick answer is yes and yes. I'll let you do the fun part of studying and LABing it

mella060

control wrote: »

Do all ports (Access and Trunks) go through STP process then when they first come online, regardless of what's connected on the other end?

By default, yes. All ports on a switch will go through the STP process when you power on the switch. When you configure portfast, then the STP process is skipped. A good example of using portfast is on a port connected to a users desktop computer. These days most computers boot faster then 30 seconds so if portfast wasn't configured, then the computer might not be able to get an IP address from a DHCP server and login. Basically, portfast should be configured on any switchport that is not participating in the STP topology. So ports connected to routers, servers, desktops, since these devices don't send STP messages (BPDUs)

control wrote: »

and If I connected another switch say to an exisiting LAN, would STP process take place again to recalculate loops on the whole LAN?

Yep each time you connect a new switch to an existing LAN, then all the switches go through the STP process again and re-elect the root bridge in case the new switch has a lower ID, as well as recalculating the best paths to the root and so on.

control

Thanks for the info both. Still waiting on some X Over cables to get these switches connected together! Got a few things I need to LAB.

MickQ

Any time you're faced with a question like this, take a step back and think.

Think: if you were the switch, and a link just came up, how do you treat it? Do you allow traffic through, or not?
If you do, it might cause a loop. Then again, it might be ok.
The stages of STPs do all the checking, and as a result take time to settle down.

But hey! I know what's on the other end! (says you). Well, then you can just tell it to go portfast into a trunk link, or an access port.

Play with it yourself. Cause a broadcast storm* and watch those pretty lights.

*Do not try this on a production network.

m3zilla

Portfast also prevent a port from generating a TCN. If your user are turning their computer on/off, you don't want a TCN sent out every time they do it, causing all the switches to flush their mac address table.