PortFast
Course Contents
1. What Is Spanning Tree PortFast?
If you’ve ever wondered what does Spanning Tree PortFast do in a real network ? You’re in the right place.
Spanning Tree PortFast is a Cisco feature that allows a switch port to skip the usual STP Listening and Learning states and jump straight to the Forwarding state.
Normally? You wait 30 seconds…
In a standard STP process, when a PC connects to a switch, the Spanning Tree Protocol doesn’t allow traffic right away.
Instead, the port goes through two intermediate states:
- Listening (15 seconds)
- Learning (15 seconds)
Only after that does the port move to Forwarding state and allow traffic.
That means you get 30 seconds of delay before you device can send anything to the network.
But with PortFast? No delay
When PortFast is enabled, the port skips Listening and Learning states and immediately starts forwarding traffic.
In other words, that’s exactly what Spanning Tree PortFast does it bypasses the STP Listening and Learning stages, allowing end devices to start forwarding traffic without delay.
In the diagram above, PC1 is connected to port G0/2 on switch SW2.
With PortFast enabled, that port goes directly to the Forwarding state instantly.
No 15 seconds Listening state + 15 seconds Learning state, PortFast give immediate network access.
Now that you understand what Spanning Tree PortFast does, let’s see how to configure it properly !
2. How to Configure Spanning Tree PortFast
PortFast can be enabled in two ways:
- On individual interfaces
- Globally (applies to all access ports on the switch)
Let’s explore both methods !
Enabling PortFast on an Individual Interface
Let’s say PC1 is connected to port GigabitEthernet0/2 on SW2.
To give it instant access to the network, we want to enable PortFast just on this port
Configuration Steps
- Access the interface configuration mode:
SW2# configure terminal SW2(config)# interface GigabitEthernet0/2
2. Enable PortFast:
SW2(config-if)#spanning-tree portfast %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on GigabitEthernet0/2 but will only have effect when the interface is in a non-trunking mode.
Verifying PortFast
After configuring PortFast, you can verify its status with the following command:
SW2#show spanning-tree interface g0/2 detail
Port 3 (GigabitEthernet0/2) of VLAN0001 is designated forwarding
Port path cost 4, Port priority 128, Port Identifier 128.3.
Designated root has priority 32769, address 50e2.aa04.6b00
Designated bridge has priority 32769, address 50e2.aa04.6b00
Designated port id is 128.3, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
The port is in the portfast edge mode
Link type is point-to-point by default
BPDU: sent 82, received 0
Notice the line: “The port is in the portfast edge mode.”
This confirms that PortFast is active on the interface.
Disable PortFast on an Individual Interface
Need to turn it off? Just run:
SW2(config)#int g0/2 SW2(config-if)#spanning-tree portfast disable
If you verify the interface again, you’ll see that PortFast is no longer mentioned:
SW2#show spanning-tree interface g0/2 detail Port 3 (GigabitEthernet0/2) of VLAN0001 is designated forwarding Port path cost 4, Port priority 128, Port Identifier 128.3. Designated root has priority 32769, address 50e2.aa04.6b00 Designated bridge has priority 32769, address 50e2.aa04.6b00 Designated port id is 128.3, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 124, received 0
PortFast is now disabled for this interface.
Enabling PortFast Globally
So far, we’ve enabled PortFast on individual interfaces.
But if your switch is full of end-user devices like PCs, printers or phones, you probably don’t want to configure every port manually.
In that case, you can enable PortFast globally !
This way, all access ports on the switch will automatically use PortFast 🙂
Configuration Steps
- Enable PortFast Globally on SW2 and SW3:
From global configuration mode, use the following command:
SW2(config)#spanning-tree portfast default %Warning: this command enables portfast by default on all interfaces. You should now disable portfast explicitly on switched ports leading to hubs, switches and bridges as they may create temporary bridging loops.
SW3(config)#spanning-tree portfast default %Warning: this command enables portfast by default on all interfaces. You should now disable portfast explicitly on switched ports leading to hubs, switches and bridges as they may create temporary bridging loops.
Verifying PortFast
After applying this command, you can verify the configuration:
SW2#show spanning-tree interface g0/2 detail
Port 3 (GigabitEthernet0/2) of VLAN0001 is designated forwarding
Port path cost 4, Port priority 128, Port Identifier 128.3.
Designated root has priority 32769, address 50e2.aa04.6b00
Designated bridge has priority 32769, address 50e2.aa04.6b00
Designated port id is 128.3, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
The port is in the portfast edge mode by default
Link type is point-to-point by default
BPDU: sent 1174, received 0
SW3#show spanning-tree interface g0/2 detail
Port 3 (GigabitEthernet0/2) of VLAN0001 is designated forwarding
Port path cost 4, Port priority 128, Port Identifier 128.3.
Designated root has priority 32769, address 50d5.ff04.6d00
Designated bridge has priority 32769, address 50d5.ff04.6d00
Designated port id is 128.3, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
The port is in the portfast edge mode by default
Link type is point-to-point by default
BPDU: sent 264, received 0
As you can see the ports are in portfast edge mode, as indicated in the output !
PortFast on a Trunk Interface
You’ve learned that Spanning Tree PortFast is used to speed up connections for end devices on access ports.
> What does Spanning Tree PortFast do in that case ?
Yes, there are specific situations where using PortFast on a trunk interface makes sense. Let’s take a closer look at two common examples: Virtualization servers and Router on a Stick configurations.
Virtualization Server
Imagine a virtualization server connected to switch SW2 on interface G0/2. This server hosts several virtual machines, each placed in a different VLAN.
To carry traffic for all these VLANs, the switch port must be configured as a trunk.
By default, STP applies a 30-second delay on trunk ports as they move through the Listening and Learning states before reaching Forwarding.
We can apply PortFast trunk on this interface to allow the port to immediately transition to the Forwarding state by skipping the Listening and Learning stages of STP.
This ensures virtual machines can access the switch directly whitout waiting 30 seconds !
Router On A Stick
Another case is when your switch is connected to a Router On A Stick (ROAS)
The router is connected to the switch via a trunk port to handle inter-VLAN routing.
Since the router does not send BPDUs, we can enable PortFast trunk on the interface connecting the router to the switch.
This allows the port to immediately start forwarding traffic without waiting for the STP usual transitions.
Let’s view the configuration part below ! 🙂
Configuration Steps
To configure PortFast on a trunk port, it must be done on a per-interface basis using the command spanning-tree portfast trunk.
Router-on-a-Stick Port Configuration
SW2(config)#int g0/0 SW2(config-if)#spanning-tree portfast trunk %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION
Virtualization Server Port Configuration
SW2(config)#int g0/2 SW2(config-if)#spanning-tree portfast trunk %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION
Verifying PortFast Trunk
Router-on-a-Stick Port Verification
SW2#show spanning-tree interface g0/0 detail Port 1 (GigabitEthernet0/0) of VLAN0001 is designated forwarding Port path cost 4, Port priority 128, Port Identifier 128.1. Designated root has priority 32769, address 50e2.aa04.6b00 Designated bridge has priority 32769, address 50e2.aa04.6b00 Designated port id is 128.1, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 The port is in the portfast edge trunk mode Link type is point-to-point by default BPDU: sent 3787, received 0
In the output above, you can see the line “The port is in the portfast edge trunk mode”, which confirms that PortFast trunk is successfully enabled on the interface.
Virtualization Server Port Verification
SW2#show spanning-tree interface g0/2 detail Port 3 (GigabitEthernet0/2) of VLAN0001 is designated forwarding Port path cost 4, Port priority 128, Port Identifier 128.3. Designated root has priority 32769, address 50e2.aa04.6b00 Designated bridge has priority 32769, address 50e2.aa04.6b00 Designated port id is 128.3, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 The port is in the portfast edge trunk mode Link type is point-to-point by default BPDU: sent 3789, received 0
Similarly, for the virtualization server, the line “The port is in the portfast edge trunk mode” confirms that PortFast trunk is active on this port.
3. PortFast Edge
Now that you’ve seen how to enable PortFast globally and on individual interfaces, let’s explore an interesting detail: the edge keyword that appears automatically in the configuration.
When we configure PortFast on an individual interface, such as GigabitEthernet0/2 using the command spanning-tree portfast:
SW2# configure terminal SW2(config)# interface GigabitEthernet0/2 SW2(config-if)#spanning-tree portfast
After applying this command, if we review the running configuration, the spanning-tree portfast command is automatically updated to spanning-tree portfast edge, indicating that the port is operating in edge mode:
SW2#show run int g0/2 Building configuration... Current configuration : 107 bytes ! interface GigabitEthernet0/2 switchport mode access negotiation auto spanning-tree portfast edge end
Edge Mode
By default, PortFast operates in edge mode which is specifically designed for ports connected directly to end devices such as PCs, printers or IP phones.
These ports are considered safe because they don’t connect to other switches meaning they can’t cause bridging loops. That’s why STP allows them to immediately enter the Forwarding State, skipping the usual Listening and Learning states.
Key Points:
- The edge keyword is automatically added when PortFast is enabled, en if you don’t type it yourself.
- Edge mode is the default behavior of PortFast.
- Other modes, like network, do exist but are not part of the CCNA exam. You only need to understand edge mode.
- In simulators such as Packet Tracer, the edge keyword may not appear in the running configuration. That’s normal. The feature still works as expected.
Command Examples
Let’s look at how PortFast appears in the running configuration in different scenarios.
- Enabling PortFast on an interface:
SW1(config-if)# spanning-tree portfast Building configuration... Current configuration : 107 bytes ! interface GigabitEthernet0/2 switchport mode access negotiation auto spanning-tree portfast edge end
Running configuration:
spanning-tree portfast edge
As you can see, the edge keyword is automatically added, even if you didn’t specify it !
2. Enabling PortFast on a trunk interface:
SW1(config-if)# spanning-tree portfast trunk
Running configuration:
spanning-tree portfast edge trunk
This tells the switch taht the trunk port should behave as an edge port while still allowing tagged VLAN traffic !
3. Enabling PortFast globally:
SW1(config-if)# spanning-tree portfast default
Running configuration:
spanning-tree portfast edge
If you don’t specify edge mode, the edge keyword will always appear in the running configuration.
The only exception is when you disable PortFast:
- Disabling PortFast on individual interface:
SW1(config-if)# spanning-tree portfast disable
Behavior of Edge Ports
Even tough edge ports can skip STP Listening and Learning states and begin forwarding traffic immediately, they still listen for BPDUs (Bridge Protocol Data Units).
If a BPDU is received on a PortFast-enabled Port :
- The port immediately loses its edge status
- It falls back to normal STP behavior, going through Listening and Learning before forwarding traffic
This ensure the switch port can still react if a device sends unexpected STP messages.
4. Conclusion
So, next time someone asks you:
“Hey, what does Spanning Tree PortFast do? 😄”
You can confidently say:
“It skips the STP Listening and Learning stages, so end devices like my PC can start sending traffic right away.”
But this speed comes with a risk.
PortFast-enabled ports assume they are connected to devices that never send BPDU.
But what happens if someone plugs in a switch or malicious device ?
Imagine a hacker trying to send BPDUs to make their device act as the root bridge.
To prevent this kind of problem, there’s a feature called BPDU Guard.
It immediately disables any PortFast-enabled port that receives a BPDU, effectively preventing accidental or malicious loops
In the next course, we’ll explore how BPDU Guard protects can protect your STP topology !