Requirement:Requirement and Use-case is to implement the feature of port fast and BPDU guard on edge port to avoid port entering into disabled state causing network production loss.
This feature is supported from code AOS 6.4.3.0.
• PortFast feature causes a switch or a trunk port to enter the STP forwarding-state bypassing Listening and Learning stage of the STP.
• PortFast is usually configured on an edge port, which means this port should not receive any STP BPDUs. If this port receives any STP BPDU, this port moves back to normal/regular mode and will end up participating in listening and learning states.
• BPDU Guard feature basically guards the port from receiving any STP BPDUs. However, this port can transmit STP BPDUs.
• When a STP BPDU is received on a BPDU Guard enabled port, the port is shutdown and the state of this port changes to ErrDis (Error-Disable) state.
• This port remains in the ErrDis state unless until this port is manually changed by using a configuration command “shut” followed by a “no-shut” applied on this interface
Solution:
- The Aruba controller is connected to an edge device.
- After enabling the Portfast feature, ensure that the portfast flips the port state to Forwarding immediately.
- If STP is enabled and BPDU guard is also enabled, ensure that the port is shut down, goes to ErrDis state if there is STP BPDU seen on the port.
Configuration:• Both PortFast and BPDU guard are typically configured on edge ports, which means this port should not receive any STP BPDUs.
If this port receives any STP BPDU, in case of :
Portfast - this port moves back to normal/regular mode and will end up participating in listening and learning states.
BPDU guard – this port will be disabled and move to an ErrDis state.
• Enabling BPDU Guard feature on a trunk port that forms the STP topology is also not recommended.
• These features are not dependent on each other, can be applied either together or independently.
CLI Commands
Portfast
(Aruba7240) # (config) #interface gigabitethernet 0/0/0
(Aruba7240) (config-if)# spanning-tree portfast
(Aruba7240) (config-if)# spanning-tree portfast trunk
Global RSTP Mode :
(Aruba7240) #show spanning-tree interface gigabitethernet 0/0/3
Interface GE 0/0/3 (port 4) in Spanning tree is FORWARDING
Port path cost 20000, Port priority 128
PortFast ENABLED P-to-P ENABLED
BpduGuard DISABLED
Designated root has priority 32768 address 00:0b:86:10:e3:80
Designated bridge has priority 32768 address 00:1a:1e:00:66:a0
Designated port is 4, path cost 40004
Timers: message age 0, forward delay 0, hold 0
Counts: BPDUs received 0, sent 430495
Instance RSTP(PVST) Mode :
(Aruba7240) #show spanning-tree interface gigabitethernet 0/0/3
Spanning Tree port configuration
--------------------------------
Vlan State Cost Prio PortFast BpduGuard P-to-P Role
---- ----- ---- ---- -------- --------- ------ ----
3900 Forwarding 20000 128 Enable Enable Enable Designated
BPDU Guard :
(Aruba7240) (config) #interface gigabitethernet 0/0/0
(Aruba7240) (config-if)# spanning-tree bpduguard
(Aruba7240) (config) #show spanning-tree interface gigabitethernet 0/0/0
Interface GE 0/0/3 (port 4) in Spanning tree is FORWARDING
Port path cost 20000, Port priority 128
PortFast ENABLED P-to-P ENABLED
BpduGuard ENABLED
Designated root has priority 32768 address 00:0b:86:10:e3:80
Designated bridge has priority 32768 address 00:1a:1e:00:66:a0
Designated port is 4, path cost 40004
Timers: message age 0, forward delay 0, hold 0
Counts: BPDUs received 0, sent 430575
BPDU Guard Error State:
(Aruba7240) (config) #interface gigabitethernet 0/0/0
(Aruba7240) (config-if)# spanning-tree bpduguard
(Aruba7240) (config) #show spanning-tree interface gigabitethernet 0/0/0
Interface GE 0/0/0 (port 1) in Spanning tree is DISCARDING
Port path cost 20000, Port priority 128
PortFast DISABLED P-to-P ENABLED
BpduGuard ErrDis
Designated root has priority 32768 address 00:1a:1e:00:66:a0
Designated bridge has priority 32768 address 00:1a:1e:00:66:a0
Designated port is 1, path cost 0
Timers: message age 0, forward delay 20, hold 0
Counts: BPDUs received 427915, sent 61
Counts: BPDUs received 0, sent 430575
VerificationDebug commands:
(Aruba7240) #show spanning-tree interface gigabitethernet 0/0/3
Interface GE 0/0/3 (port 4) in Spanning tree is FORWARDING
Port path cost 20000, Port priority 128
PortFast ENABLED P-to-P ENABLED
BpduGuard DISABLED
Designated root has priority 32768 address 00:0b:86:10:e3:80
Designated bridge has priority 32768 address 00:1a:1e:00:66:a0
Designated port is 4, path cost 40004
Timers: message age 0, forward delay 0, hold 0
Counts: BPDUs received 0, sent 430495
Instance RSTP(PVST) Mode :
(Aruba7240) #show spanning-tree interface gigabitethernet 0/0/3
Spanning Tree port configuration
--------------------------------
Vlan State Cost Prio PortFast BpduGuard P-to-P Role
---- ----- ---- ---- -------- --------- ------ ----
3900 Forwarding 20000 128 Enable Enable Enable Designated
BPDU Guard Error State:
(Aruba7240) (config) #interface gigabitethernet 0/0/0
(Aruba7240) (config-if)# spanning-tree bpduguard
(Aruba7240) (config) #show spanning-tree interface gigabitethernet 0/0/0
Interface GE 0/0/0 (port 1) in Spanning tree is DISCARDING
Port path cost 20000, Port priority 128
PortFast DISABLED P-to-P ENABLED
BpduGuard ErrDis
Designated root has priority 32768 address 00:1a:1e:00:66:a0
Designated bridge has priority 32768 address 00:1a:1e:00:66:a0
Designated port is 1, path cost 0
Timers: message age 0, forward delay 20, hold 0
Counts: BPDUs received 427915, sent 61
Counts: BPDUs received 0, sent 430575