PortFast

加快终端主机连接入stp网络的收敛.
只适用于,在交换机与主机(电脑)相连的端口, 不应该在交换机与交换机,路由器,hub互连的网络设备的端口使用.

interface FastEthernet0/1 (交换机上,在连接主机的端口)
switchport mode access (接入链路)
spanning-tree portfast
spanning-tree portfast default //全局模式下使用,全局启用portfast

也可以在接口模式下用

spanning-tree host 代替 switchport mode access/spanning-tree portfast

portfast bpduguard (在已经是portfast端口上配置)

交换机端口的"portfast bpduguard"是指:
在交换机的端口一旦收到BPDU包时,立刻关闭端口(进入err-disable状态),避免了更大范围的广播风暴.
如果要打开必须先shutdown,再NO SH
设置自动重新启用老化时间:

(config)#errdisable recovery cause bpduguard //默认300秒
     errdisable recovery interval ?  //修改等待间隔

portfast bpdufilter (在portfast端口配置)

防止交换机在启用"portfast"的接口上发送BPDU,并且将接收到的所有BPDU都丢弃.
在特定的portfast端口上配置:

sw1(config-if)#spanning-tree bpdufilter enable
(bpdufilter: Don't send or receive BPDUs on this interface)
sw3(config)#spanning-tree portfast bpdufilter default  //全局的portfast端口上,都生效
注意:BPDU过滤可能导致环路,不推荐配置.配置过滤之后防护将不起作用.[cisco]portfast <wbr>bpduguard <wbr>,portfast <wbr>bpdufilter

 

Entering the spanning-tree bpdufilter enable command to enable BPDU filtering overrides the PortFast configuration.

When configuring Layer 2-protocol tunneling on all the service-provider edge switches, you must enable spanning-tree BPDU filtering on the 802.1Q tunnel ports by entering the spanning-tree bpdufilter enable command.

BPDU filtering prevents a port from sending and receiving BPDUs. The configuration is applicable to the whole interface, whether it is trunking or not. This command has three states:

?spanning-tree bpdufilter enable—Unconditionally enables BPDU filtering on the interface.

?spanning-tree bpdufilter disable—Unconditionally disables BPDU filtering on the interface.

?no spanning-tree bpdufilter—Enables BPDU filtering on the interface if the interface is in operational PortFast state and if you configure the spanning-tree portfast bpdufilter default command.

Use the spanning-tree portfast bpdufilter default command to enable BPDU filtering on all ports that are already configured for PortFast.