Spanning Tree's convergence is fast on RSTP - but it is not instant. When you bring up an access port, STP normally puts it through 15+ seconds of Discarding/Learning before Forwarding, just in case it is connected to another switch. For end-host ports (PCs, servers, printers), that delay is annoying and unnecessary. PortFast skips it. BPDU Guard then protects against the situation where someone plugs a switch into a PortFast port and accidentally creates a loop. This lab configures both.
What you will learn
- What PortFast does and why it is safe on end-host ports
- How to configure PortFast on a single port and globally
- What BPDU Guard does and why it is mandatory on PortFast ports
- How to read the "P2p Edge" type in
show spanning-treeoutput - What happens when BPDU Guard triggers (err-disable + log message)
What this lab does NOT cover
- BPDU Filter (a more aggressive sibling to BPDU Guard; rarely used)
- Root Guard - that is the next lab, na-10
- Loop Guard
Topology
Download the STP+VLAN Reference Lab .yaml
Three IOSvL2 switches in a triangle with VLANs 10/20/99, dot1q trunks, rapid-PVST root election (SW1 root, SW2 backup), and an LACP EtherChannel between SW1 and SW2.
