Hi from Tokyo Japan, and welcome to Jeremy’s IT Lab. In this section of our CCNA course, we’ll cover the Spanning Tree Protocol toolkit: a set of optional features that you can use to modify and enhance Spanning Tree Protocol. This first video starts with PortFast, a handy feature that lets a switch port skip the STP Listening and Learning states and immediately start forwarding data when it’s connected. Here’s what we’ll cover. This video and the next few will cover the STP toolkit. Starting with PortFast in this video, which allows switch ports connected to end hosts to immediately enter the STP Forwarding state, bypassing listening and learning. This lets the hosts start communicating over the network as soon as they connect – no need to wait. Cisco expects you to know four other features in the STP toolkit as well: BPDU Guard, BPDU Filter, Root Guard, and Loop Guard. Feel free to read these descriptions if you want, but we’ll cover them in the next few videos of the course. So let’s get started with PortFast. First of all, what exactly is the problem that PortFast solves? Let’s connect this PC and switch to find out. When an end host connects to a switch port like this the port becomes up/up but can’t send or receive data yet. By up/up I mean the status of the port in SHOW IP INTERFACE BRIEF, as you can see here. The switch’s G0/1 interface is up/up, but any frames the PC tries to send are discarded by the switch. And why is that? Well, it’s an STP designated port but will take a total of 30 seconds before it enters the forwarding state. That is 15 seconds in the listening state, and 15 seconds in the learning state. This leads to a poor user experience. The user expects to be able to access the network immediately, but for some reason it doesn’t work. The user probably doesn’t even know STP exists. They don’t have any reason to know it. They just know the “the internet doesn’t work” for 30 seconds when they connect their computer. And that’s frustrating. And worst of all, this wait is totally unnecessary, because there is no risk of a Layer 2 loop occurring between a switch and a PC. Loops can occur between switches because of how they flood frames, but PCs don’t do that. Let’s check out the process on a real switch. Notice after I connect the cable into port 1 on this Cisco Catalyst switch, the link light above it turns on. Each port on a switch has a light like this, called a link light, to indicate its status. The two blinking green lights on the bottom right indicate that those two ports are active, and are sending and receiving data. But the link light for port 1, which I just connected to my PC, is blinking an amber color. This means the port is up and receiving data from my PC, but the data is blocked by STP. My PC can’t access the network yet. Finally, after 30 seconds, the light turns green, meaning it is in the Forwarding state and is ready to send and receive data. Now that we’ve seen the problem, let’s see how PortFast solves it. Once again, I’ll connect this PC to the switch. When PortFast is configured on a port, it immediately enters the Forwarding state when connected to another device – when the port is enabled. So, it bypasses listening and learning, and can send and receive data right away without waiting 30 seconds. This obviously provides a much better user experience: the user’s device can immediately access the network. Let’s see PortFast in action on a real switch. This time I’ve enabled it on port 1 of my switch, so let’s connect the cable. And as you can see, the link light turns green right away – the port is in the STP forwarding state and can send and receive data immediately. No more 30 second wait. So, how can we configure PortFast? It’s quite simple, but there are two ways to do it. The first is in interface config mode with the command SPANNING-TREE PORTFAST. This enables PortFast only on the individual interface: the interface you configured this command on. But you can also enable it in global config mode with SPANNING-TREE PORTFAST DEFAULT. Instead of enabling PortFast on an individual port, this enables PortFast on all access ports. In most cases, this will enable PortFast on all connections to end hosts, but not on connections to other switches. This is because connections between switches are almost always trunk links, since most modern LANs use multiple VLANs. But connections to end hosts are almost always access links, since most hosts don’t need to send and receive traffic in multiple VLANs. As we’ll cover in a minute, it’s very important that you don’t enable PortFast on ports that connect to other switches. Let’s try that first method in the CLI. I entered interface config mode for G0/1 and used SPANNING-TREE PORTFAST to enable PortFast. When you enable PortFast, you’ll see this warning message. This is related to the point I just mentioned in the previous slide, so I’ll read it out. “PortFast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION”. Basically, this means that PortFast should not be configured on ports connected to switches, or temporary Layer 2 loops can occur. The entire point of the listening and learning states is to make 100% sure there are no loops in the LAN before a port moves to the forwarding state. Because PortFast bypasses those states and makes the port start in the forwarding state, it can cause a temporary loop if you enable it on connections to other switches. So, just remember that PortFast shouldn’t be enabled on ports that connect to other switches. Okay, in addition to that warning another message is shown here. "Portfast has been configured on GigabitEthernet0/1 but will only have effect when the interface is in a non-trunking mode”. So, even if you configure SPANNING-TREE PORTFAST on a trunk port, it won’t be active. By default, it only works on access ports. Okay, after configuring PortFast on the port, I used SHOW SPANNING-TREE INTERFACE G0/1 DETAIL to confirm. Here’s the command syntax. SHOW SPANNING-TREE INTERFACE, followed by the interface name, and then DETAIL. And here’s the output of the command. Notice the line I highlighted. “The port is in the portfast edge mode”. This requires a bit of explanation. There are two kinds of PortFast, edge and network. PortFast edge is the kind we are covering in this video. PortFast network is used for a feature called Bridge Assurance, which is not a CCNA topic. So, don’t worry about it. I just wanted to clarify the meaning of “edge” in this output. Next, let’s try the second configuration method: enabling PortFast by default in global config mode. I’ve expanded the example network a bit. SW1 and SW2 are connected by their G0/0 and G0/1 ports, which are trunks, and their G0/2 and 3 ports are connected to hosts, so they are access ports. I’m only showing SW1’s CLI here, but on both switches I configured SPANNING-TREE PORTFAST DEFAULT. Just like before, a warning message appears. Let’s read it. ”%Warning: this command enables portfast by default on all interfaces. You should now disable portfast explicitly on switched ports leading to hubs, switches and bridges as they may create temporary bridging loops”. Let me clarify the part I highlighted. It says “all interfaces”, but as I mentioned before it only activates PortFast on all access ports, not trunk ports. So this warning message is a bit misleading. Now, if you want to disable PortFast on a specific access port after enabling it by default, you can use the command SPANNING-TREE PORTFAST DISABLE in interface config mode. You should do this if you connect two switches with an access link, but that’s rare: connections between switches are usually trunks. Okay, here’s that same SHOW command I used before, looking at the output for SW1’s G0/2 interface, an access port. It says “the port is in the portfast edge mode by default”. So, PortFast has been enabled on these four ports, the access ports connected to end hosts. And what about the trunks connecting the switches? I used the same command for SW1’s G0/1 interface, and it doesn’t mention PortFast anywhere. So, PortFast isn’t enabled on the trunk ports. The key point to remember here is that, when you enable PortFast in global config mode, it is only activated on access ports, not trunk ports. We’ve covered how to configure PortFast on access ports. Now let’s cover the topic of PortFast on trunk ports, because there are some situations where it’s valid. The standard PortFast configuration commands only enable PortFast on access ports. Those are the commands we just covered. SPANNING-TREE PORFAST in interface config mode and SPANNING-TREE PORTFAST DEFAULT in global config mode. But in some cases you might want to enable PortFast on a trunk port. The network diagram above shows two examples. First is a port connected to a virtualization server with virtual machines, VMs, in different VLANs. Virtualization is a CCNA topic, but we’ll cover it later in the course. For now, just know that servers using virtualization often use trunk links to connect to switches, instead of access links like most end hosts. And the second example is a port connected to a router via router-on-a-stick. As we covered in the VLAN section of the course, router-on-a-stick is basically a trunk link between a switch and a router. A router doesn’t flood frames like a switch, and it won’t cause layer 2 loops. So, you can configure PortFast on interfaces connected to a router like this. So, how do we actually configure PortFast on a trunk? It can only be configured per-port in interface config mode. The command is SPANNING-TREE PORTFAST TRUNK. Let’s see an example in the CLI. The command shows the same message we saw before, warning that PortFast shouldn’t be enabled on ports connected to switches. And here’s SHOW SPANNING-TREE INTERFACE DETAIL, only showing the relevant line since there’s no space. It says “The port is in portfast edge trunk mode”. In most CCNA scenarios you will only need to enable PortFast on access ports, but just keep in mind that it can also be enabled on trunk ports. Finally, before we finish up, I want to briefly clarify ‘PortFast edge’, which I mentioned earlier. To review, there are two PortFast modes: PortFast edge and PortFast network. PortFast network isn’t a CCNA topic, so we’re covering PortFast edge only. In modern Cisco switches, if you use the commands covered in this lecture, the device will automatically add the EDGE keyword to the configuration. So for example, if you configure SPANNING-TREE PORTFAST on a port, in the running-config it will become SPANNING-TREE PORTFAST EDGE. If you configure SPANNING-TREE PORTFAST TRUNK, it will become SPANNING-TREE PORTFAST EDGE TRUNK. And if you configure SPANNING-TREE PORTFAST DEFAULT, it will become SPANNING-TREE PORTFAST EDGE DEFAULT in the running-config. You can use either version of the commands when configuring PortFast; it doesn’t matter. The end result is the same: EDGE will always be added in the configuration. As you probably guessed, if you want to configure PortFast network instead of edge, you have to specify the NETWORK keyword in the commands, like SPANNING-TREE PORTFAST NETWORK. I also mentioned the command SPANNING-TREE PORTFAST DISABLE before, but just note that it doesn’t use the EDGE keyword. It’s an exception. Okay, let’s verify the EDGE keyword in the CLI. I configured SPANNING-TREE PORTFAST on SW1’s G0/1 interface. I then used SHOW RUNNING-CONFIG INTERFACE G0/1. This is a handy command. You can use it to view the running-config for just the specified interface, instead of the device’s entire running-config. But unfortunately it doesn’t work in packet tracer. Anyway here is the interface’s config. Notice that the switch automatically added the EDGE keyword to the end of the command, even though I only configured SPANNING-TREE PORTFAST. Okay, to summarize, just be aware that the type of PortFast covered in the CCNA, the one we’re talking about in this video, is called PortFast Edge. For the CCNA exam, you should probably be aware of both versions of these commands: with and without EDGE. Their effect is the same. But keep in mind that if you’re doing labs in Packet Tracer, the current version doesn’t support the EDGE keyword. So don’t be confused if you try it in packet tracer and it doesn’t work. Here’s a summary of the main points covered in this video. When a host connects to a switch port, by default it takes 30 seconds before the port can send or receive data. And this can be frustrating for users, who don’t know why they can’t connect. PortFast allows a switch port to immediately enter the STP forwarding state, bypassing listening and learning. So, the connected host can access the network right away, making a much better experience for the user. PortFast can be configured in two ways. The first is in interface config mode with the SPANNING-TREE PORTFAST command, optionally with the EDGE keyword. This enables PortFast only on the individual interface, and is only active when the interface is in access mode, not trunk mode. The second option is in global config mode with SPANNING-TREE PORTFAST DEFAULT, which enables PortFast on all access ports. If necessary, you can then disable it on specific ports with SPANNING-TREE PORTFAST DISABLE. Just remember that PortFast should not be configured on ports connected to a switch, as it can cause temporary loops. It should only be used on ports connected to end hosts, or maybe a router. And keep in mind you can also configure PortFast on a trunk port with SPANNING-TREE PORTFAST TRUNK. This can be useful for router-on-a-stick or when connecting to a virtualization server with VMs in different VLANs. And that’s all for this video about PortFast. I hope it was helpful. Thanks for watching.