PortFast

1. What Is Spanning Tree PortFast?

If you’ve ever wondered what does Spanning Tree PortFast do in a real network ? You're in the right place.

Figure 1 – PortFast skips STP states for immediate forwarding

Spanning Tree PortFast is a Cisco feature that allows a switch port to skip the usual STP Listening and Learning states and jump straight to the Forwarding state.

Without Spanning Tree PortFast

By default, the Spanning Tree Protocol doesn't allow a PC connects to a switch port and send traffic right away.

The Switch port must goes through Two Spanning Tree States:

• Listening (During 15 seconds)

• Learning (During 15 seconds)

Figure 2 – Without PortFast, the port waits 30 seconds before forwarding

Only after that does the port move to Forwarding state and allow traffic. That means you get 30 seconds of delay before you device can send anything to the network...

That's something we didnt want to occurs since everyone want to be able to send traffic right away when they are connected to the switch port.

With Spanning Tree PortFast Enabled

When PortFast is enabled, the switch port skips the Listening and Learning States and goes immediately to the Forwarding allowing device to send traffic as soon as they are connected to the Switch Port.

Figure 3 – With PortFast, the port forwards traffic immediately

In simple words, that’s exactly what Spanning Tree PortFast does it bypasses the STP Listening and Learning stages and goes straight to the Forwarding State, allowing end devices to start forwarding traffic without delay.

In the diagram above, PC1 is connected to port G0/2 on switch SW2.

With PortFast enabled, that port goes directly to the Forwarding state instantly.
No 15 seconds Listening state + 15 seconds Learning state, PortFast give immediate network access.

Now that you understand what Spanning Tree PortFast does, let’s see how to configure it properly !

2. How to Configure PortFast

PortFast can be enabled in Two Ways:

1. On individual interfaces

2. Globally (applies to all access ports on the switch)

Let’s explore both methods !

Method 1 - Enabling PortFast on an Individual Interface

Let’s say PC1 is connected to port GigabitEthernet0/2 on SW2.
To give it instant access to the network, we want to enable PortFast just on this port.

Figure 4 – Enabling PortFast on a specific interface (G0/2)

Configuration Steps

1. Access the interface configuration mode:

SW2# configure terminal 
SW2(config)# interface GigabitEthernet0/2

2. Enable PortFast using spanning-tree portfast command

SW2(config-if)# spanning-tree portfast 
%Warning: portfast should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 interface  when portfast is enabled, can cause temporary bridging loops.
 Use with CAUTION

%Portfast has been configured on GigabitEthernet0/2 but will only
 have effect when the interface is in a non-trunking mode.

The switch warn you to only activate the Port Fast feature on port connected to single host, this feature should not be configured on interfaces towards switches and hubs.

Verifying PortFast

We can verify if the PortFast Feature is enabled on this interface:

SW2# show spanning-tree interface g0/2 detail
 Port 3 (GigabitEthernet0/2) of VLAN0001 is designated forwarding 
   Port path cost 4, Port priority 128, Port Identifier 128.3.
   Designated root has priority 32769, address 50e2.aa04.6b00
   Designated bridge has priority 32769, address 50e2.aa04.6b00
   Designated port id is 128.3, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   The port is in the portfast edge mode
   Link type is point-to-point by default
   BPDU: sent 82, received 0

You can notice the line: "The port is in the portfast edge mode."

This confirms that PortFast is active on the interface.

Disable PortFast on an Individual Interface

If you want to turn off the feature, this is pretty easy:

SW2(config)# int g0/2
SW2(config-if)# spanning-tree portfast disable 

If you verify the interface again, you’ll see that PortFast is no longer mentioned:

SW2# show spanning-tree interface g0/2 detail 
 Port 3 (GigabitEthernet0/2) of VLAN0001 is designated forwarding 
   Port path cost 4, Port priority 128, Port Identifier 128.3.
   Designated root has priority 32769, address 50e2.aa04.6b00
   Designated bridge has priority 32769, address 50e2.aa04.6b00
   Designated port id is 128.3, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 124, received 0

PortFast is now disabled for this interface.

Method 2 - Enabling PortFast Globally (on access port)

So far, we’ve enabled PortFast on a single interface.

But in most enterprise networks, switch ports are primarily connected to end devices like PCs and printers.
In that case, manually configuring PortFast on every port would be inefficient.

The solution is to enable PortFast globally using the command spanning-tree portfast default.

Figure 5 – Enabling PortFast globally on all access ports

Configuration Steps

1. Enable PortFast Globally on SW2 and SW3:

From global configuration mode, use the command spanning-tree portfast default

SW2(config)# spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
 should now disable portfast explicitly on switched ports leading to hubs,
 switches and bridges as they may create temporary bridging loops.

SW3(config)# spanning-tree portfast default
%Warning: this command enables portfast by default on all interfaces. You
 should now disable portfast explicitly on switched ports leading to hubs,
 switches and bridges as they may create temporary bridging loops.

Both switches now apply PortFast automatically to any interface configured as access.

Verifying PortFast

After applying this command, you can verify the configuration:

SW2# show spanning-tree interface g0/2 detail
 Port 3 (GigabitEthernet0/2) of VLAN0001 is designated forwarding 
   Port path cost 4, Port priority 128, Port Identifier 128.3.
   Designated root has priority 32769, address 50e2.aa04.6b00
   Designated bridge has priority 32769, address 50e2.aa04.6b00
   Designated port id is 128.3, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   The port is in the portfast edge mode by default
   Link type is point-to-point by default
   BPDU: sent 1174, received 0

SW3# show spanning-tree interface g0/2 detail
 Port 3 (GigabitEthernet0/2) of VLAN0001 is designated forwarding 
   Port path cost 4, Port priority 128, Port Identifier 128.3.
   Designated root has priority 32769, address 50d5.ff04.6d00
   Designated bridge has priority 32769, address 50d5.ff04.6d00
   Designated port id is 128.3, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   The port is in the portfast edge mode by default
   Link type is point-to-point by default
   BPDU: sent 264, received 0

As you can see the ports are in portfast edge mode, as indicated in the output !

3. PortFast on a Trunk Ports

You’ve learned that Spanning Tree PortFast is used to speed up connections for end devices on access ports.

What does Spanning Tree PortFast do in that case ?

Yes, there are specific situations where using PortFast on a trunk interface makes sense. Let’s take a closer look at two common examples:

Case 1 - Virtualization Server

Imagine a virtualization server connected to switch SW2 on interface G0/2. This server hosts several virtual machines, each placed in a different VLAN.

Figure 6 – Enabling PortFast on a trunk port for a virtualization server

To carry traffic for all these VLANs, the switch port must be configured as a trunk.

By default, STP applies a 30-second delay on trunk ports as they move through the Listening and Learning states before reaching Forwarding.

We can apply PortFast trunk on this interface to allow the port to immediately transition to the Forwarding state by skipping the Listening and Learning stages of STP.

This ensures virtual machines can access the switch directly whitout waiting 30 seconds !

Case 2 - Router On A Stick

Another case is when your switch is connected to a Router On A Stick (ROAS)

Figure 7 – PortFast trunk used for Router on a Stick (ROAS) setup

The router is connected to the switch via a trunk port to handle inter-VLAN routing. Since the router does not send BPDUs, we can enable PortFast trunk on the interface connecting the router to the switch.

This allows the port to immediately start forwarding traffic without waiting for the STP usual transitions.

Let's view the configuration part below.

Configuration Steps

To configure PortFast on a trunk port, it must be done on a per-interface basis using the command spanning-tree portfast trunk.

SW2(config)# int g0/2     
SW2(config-if)# spanning-tree portfast trunk
%Warning: portfast should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 interface  when portfast is enabled, can cause temporary bridging loops.
 Use with CAUTION

Verifying PortFast Trunk

SW2# show spanning-tree interface g0/2 detail
 Port 3 (GigabitEthernet0/2) of VLAN0001 is designated forwarding 
   Port path cost 4, Port priority 128, Port Identifier 128.3.
   Designated root has priority 32769, address 50e2.aa04.6b00
   Designated bridge has priority 32769, address 50e2.aa04.6b00
   Designated port id is 128.3, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   The port is in the portfast edge trunk mode
   Link type is point-to-point by default
   BPDU: sent 3789, received 0

The line "The port is in the portfast edge trunk mode" confirms that PortFast trunk is active on this port.

4. PortFast Edge Mode

When you activate PortFast on an interface using the command:

SW2(config)# interface GigabitEthernet0/2
SW2(config-if)# spanning-tree portfast

The switch automatically updates this configuration to:

SW2(config-if)# spanning-tree portfast edge

You can confirm it by checking the running configuration:

SW2# show run interface g0/2
Building configuration...

Current configuration : 107 bytes
!
interface GigabitEthernet0/2
 switchport mode access
 negotiation auto
 spanning-tree portfast edge
end

This means the port is now operating in edge mode.

What Is Edge Mode?

Edge mode is specifically designed for ports connected to end devices such as PCs, printers, or phones. These devices do not generate BPDUs, so the port can safely skip the usual Spanning Tree transitions.

When a port is in edge mode:

• It skips the Listening and Learning states

• It goes directly to the Forwarding state

• The connected device gets instant network access

Normal Edge Port Behavior

Let’s look at a typical scenario where edge mode works as expected. The interface is connected to a PC, which does not send BPDUs. The port enters the Forwarding state immediately.

Figure 8 – Edge port immediately forwards traffic when no BPDUs are received

Can Edge Ports Receive BPDUs?

Yes. Even in edge mode, the port continues to listen for BPDUs.

If a BPDU is received:

Figure 9 – When a BPDU is received, the port exits Edge mode and follows normal STP

• The port immediately loses its edge status

• It falls back to normal STP behavior

• It transitions through Listening → Learning → Forwarding

This prevents loops if a switch or malicious device is accidentally or intentionally connected.

5. Summary and Key Points

You’ve now seen what Spanning Tree PortFast does, how to configure it, and how it behaves in different scenarios. Here’s a full recap to remember the essentials:

What PortFast Does

• PortFast skips the usual 30-second STP delay by bypassing the Listening and Learning states.

• This allows end devices like PCs and printers to gain immediate network access when connected to a switch port.

Where to Use PortFast

• On access ports connected to end devices that do not send BPDUs.

• Optionally, on trunk ports connected to virtualization hosts or routers (Router on a Stick) using spanning-tree portfast trunk.

Configuration Methods

• Individually per interface:
  spanning-tree portfast (for access) or spanning-tree portfast trunk (for trunks)
  

• Globally on all access ports:
  spanning-tree portfast default

Once configured, Cisco IOS automatically updates the command to include the edge keyword, making it appear as spanning-tree portfast edge in the running configuration.

How Edge Mode Works

• An edge port transitions immediately to the Forwarding state.

• It still listens for BPDUs, to ensure safety.

• If a BPDU is received, the port loses its edge status and reverts to normal STP behavior.

Why It Matters

PortFast is crucial for:

• Speeding up boot times for end devices

• Avoiding DHCP timeouts or application delays

• Maintaining a responsive and efficient user experience

But because PortFast disables loop protection during startup, it must be used only on ports where no switches or bridges can be connected.

In the next lesson, we’ll look at BPDU Guard, a safety feature that disables a PortFast-enabled port the moment it receives a BPDU preventing misconfigurations or malicious actions from creating loops in your topology.