In this tutorial, we are going to walk through a Cisco Packet Tracer environment with spanning-tree PortFast. It is important for you to learn about this for the CCNA and know why we use it. We are going to have an initial Packet Tracer lab file and then walk through how to solve it. Feel free to try it on your own first because you will learn by trying and working through it.
What You’ll Learn
- What is PortFast?
- Problem: PC can’t get IP address
- Packet Tracer simulator walk-through of the problem
- Solution with PortFast
What You’ll Need
First, what is PortFast? Let’s look at the Cisco documentation for configuring spanning-tree PortFast, which says:
PortFast causes a switch or trunk port to enter the spanning-tree forwarding state immediately, bypassing the listening and learning states.
You can use PortFast on switch or trunk ports that are connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.
You need to be careful with PortFast because if you connect it to another Layer 2 device, such as a switch or hub, it could introduce loops in your topology.
Let’s look at PortFast in practice in the next step, using Cisco Packet Tracer.
First, open your Cisco Packet Tracer application, then unzip and open the Initial Packet Tracer Lab File. Open it within the application and zoom in to see the topology a bit better.
Next, power-cycle the topology, using this button on the bottom left so that it starts afresh (answer yes to the prompt to reset the network):
Note that the interfaces are now RED.
Click PC1, and then go to Desktop and Command Prompt and type ipconfig.
You will notice that PC1 does not have an IP address. The interfaces are orange; spanning tree has not converged yet. If you type ipconfig /renew in the PC command line, you will notice that the PC does not get an IP address from the DHCP server, because traffic is blocked while the switch is moving from one mode to another.
Cisco Packet Tracer PC Command Line 1.0
C:\>
ipconfig
FastEthernet0 Connection:(default port)
Connection-specific DNS Suffix..:
Link-local IPv6 Address.........: FE80::2C0:11FF:FE11:1111
IPv6 Address....................: ::
IPv4 Address....................: 0.0.0.0
Subnet Mask.....................: 0.0.0.0
Default Gateway.................: ::
0.0.0.0
Bluetooth Connection:
Connection-specific DNS Suffix..:
Link-local IPv6 Address.........: ::
IPv6 Address....................: ::
IPv4 Address....................: 0.0.0.0
Subnet Mask.....................: 0.0.0.0
Default Gateway.................: ::
0.0.0.0
C:\>
C:\>ipconfig /renew
DHCP request failed.
C:\>DHCP request failed.
C:\>ipconfig
FastEthernet0 Connection:(default port)
Connection-specific DNS Suffix..:
Link-local IPv6 Address.........: FE80::2C0:11FF:FE11:1111
IPv6 Address....................: ::
Autoconfiguration IPv4 Address..: 169.254.17.17
Subnet Mask.....................: 255.255.0.0
Default Gateway.................: ::
0.0.0.0
Bluetooth Connection:
Connection-specific DNS Suffix..:
Link-local IPv6 Address.........: ::
IPv6 Address....................: ::
IPv4 Address....................: 0.0.0.0
Subnet Mask.....................: 0.0.0.0
Default Gateway.................: ::
0.0.0.0
C:\>
Looking at the Switch
Now, log in to Multilayer Switch0. You will need to answer no to the initial configuration dialogue, and then enter enable to get started. Issue the show spanning-tree command to see the status of the output.
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/3, changed state to up
% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: no
Press RETURN to get started!
Switch>en
Switch#show sp
Switch#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 00D0.D3D0.A2A8
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 00D0.D3D0.A2A8
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg LSN 19 128.1 P2p
Gi1/0/2 Desg LSN 19 128.2 P2p
Gi1/0/3 Desg LSN 19 128.3 P2p
Switch#
You can see the ports are forwarding now, but it took a while (30 seconds) for the interfaces to go to the forwarding state. While the PC was waiting, it could not get an IP address (DHCP request failed), so what it ended up using was a 169.254.17.17 IP address. The 169.254.x.x is what is called a link-local address. With a lot of PCs today, if they don’t get an IP address from a DHCP server, they are going to use an IP address from the address block 169.254.0.0/16. It does not allow for communication outside of the local subnet, and it can cause all kinds of problems because you cannot communicate with devices on the internet.
The Server0 in the network is configured as a DHCP server and is allocating IP addresses in the 10.1.1.0 /24 range. (You can check by going into the server, Services > DHCP to verify.)
If you check back to the PC, spanning tree has converged, so it has an IP address of 10.1.1.1 (or 10.1.1.2) from the DHCP server.
C:\> ipconfig
IP Address......................: 10.1.1.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 10.1.1.254
DNS Server......................: 10.1.1.254
Now that you have seen an overview of the scenario we are troubleshooting, let’s look at it in detail in simulation mode. Turn on simulation mode using the button on the bottom right-hand side:
Power-cycle the network again to reset everything:
Seeing the Packets with the PC
Now go to PC1 and from the command prompt, issue the ipconfig /renew command to get it to ask for an IP address.
Note: You will need to use the play controls on the right-hand side to move the simulation forward because time is no longer progressing naturally.
If you increment the play controls, you will see the packets sent.
If you click the packet, you can see the contents. The packet is broadcast from the PC to the switch.
You can also look at the details of the packet by clicking the Inbound PDU Details tab. Feel free to resize the window to make it easier to read.
You can see it is a broadcast because the destination address is FFFF.FFFF.FFFF and DST IP:255.255.255.255. The source IP address has not been allocated yet, so it isSRC IP:0.0.0.0. The UDP source port is 68 and the destination port is 67. The PC is asking for an IP address from the DHCP server, but the packet is dropped by the switch because the switch is not forwarding traffic at the moment.
If you click the switch (bypass the initial config dialogue and enter enable mode) and type show spanning-tree, what you will notice is the switch is currently in the listening state (LSN).
Switch#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 00D0.D3D0.A2A8
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 00D0.D3D0.A2A8
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg LSN 19 128.1 P2p
Gi1/0/2 Desg LSN 19 128.2 P2p
Gi1/0/3 Desg LSN 19 128.3 P2p
Switch#
Any packets sent by the PCs are going to be dropped because the switch is not forwarding any user traffic. If you continue the simulation, you will see the spanning-tree transition from listening, to learning, to forwarding state. The links will then go green, and the PC will get an IP address from the DHCP server.
The problem is that in the real world, PCs boot up very quickly. Spanning tree can take 30 seconds to go through these different states, which is way too long for modern networks. To speed things up and stop these kinds of problems, enable spanning-tree PortFast on all interfaces connected to PCs and servers, but not to switches.
Can you fix the network? We will walk through the solution in the next step. Try it on your own; you will learn best by trying to figure it out yourself!
To solve the problem demonstrated in the previous steps, we will log in to the switch (Multilayer Switch0) and make some configuration changes.
First, I like to rename the switch, even though it doesn’t solve the problem. It will help us in keeping things straight.
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname S1
S1(config)#
Next, we are going to use the interface range command to configure the two interfaces going to PC1 and PC2 (Gig 1/0/1 and Gig 1/0/2) and the interface going to the DHCP server (Gig 1/0/3) to add the spanning-tree portfast command. There will be some warnings, but we are aware of these potential dangers.
S1(config)#interface ?
Dot11Radio Dot11 interface
FastEthernet FastEthernet IEEE 802.3
GigabitEthernet GigabitEthernet IEEE 802.3z
Loopback Loopback interface
Port-channel Ethernet Channel of interfaces
Serial Serial
Tunnel Tunnel interface
Virtual-Template Virtual Template interface
Vlan Catalyst Vlans
range interface range command
S1(config)#interface range Gig
S1(config)#interface range GigabitEthernet 1/0/1 - 3
S1(config-if-range)#spanning-tree ?
bpduguard Don't accept BPDUs on this interface
cost Change an interface's spanning tree port path cost
guard Change an interface's spanning tree guard mode
link-type Specify a link type for spanning tree protocol use
portfast Enable an interface to move directly to forwarding on link up
vlan VLAN Switch Spanning Tree
S1(config-if-range)#spanning-tree portf
S1(config-if-range)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on GigabitEthernet1/0/1 but will only
have effect when the interface is in a non-trunking mode.
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on GigabitEthernet1/0/2 but will only
have effect when the interface is in a non-trunking mode.
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on GigabitEthernet1/0/3 but will only
have effect when the interface is in a non-trunking mode.
S1(config-if-range)#
Verifying the Configuration
We can now verify that the configuration is present by using the show run command at enable level:
S1(config-if-range)#end
S1#show run
Building configuration...
Current configuration : 1431 bytes
!
version 16.3.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S1
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet1/0/1
spanning-tree portfast
!
interface GigabitEthernet1/0/2
spanning-tree portfast
!
interface GigabitEthernet1/0/3
spanning-tree portfast
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
--More--
Note that our three interfaces now have spanning-tree portfast, but it is not enabled on other interfaces.
Now save the configuration with copy run start.
S1#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
S1#
Let’s test the new configuration. Power-cycle all the devices again, and the interfaces should go down; we should see all the interfaces quickly go to a forwarding state. Go to PC1 and issue an ipconfig command to verify. The ports should all be green quickly. The PC should be getting an IP address in the 10.1.1.0 /24 range, and I did not have to wait 30 seconds for the ports to transition states.
You can also verify that the switch is in the forwarding state by logging in to it and issuing a show spanning-tree command:
S1#show sp
S1#show spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 00D0.D3D0.A2A8
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 00D0.D3D0.A2A8
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg FWD 19 128.1 P2p
Gi1/0/2 Desg FWD 19 128.2 P2p
Gi1/0/3 Desg FWD 19 128.3 P2p
S1#
Learn More
Congrats! Please continue your learning through our community’s many other resources, helping folks get started on their CCNA journey.