Cisco 3500 switch, PIX 525 and PortFast

Discussion in 'Cisco' started by Gary, Apr 7, 2004.

  1. Gary

    Gary Guest

    From what I read a switch to Pix should be hardcoded 100MB/Full but as the
    PIX is layerIII should the switch also have portfast set ?

    Can this cause any problems or is it just to stop the listening/learning
    phases so should always be applied as standard ?

    Apart from 100MB Full/Portfast what else should be applied as standard if
    anything.

    Many thanks
    Gary
     
    Gary, Apr 7, 2004
    #1
    1. Advertising

  2. Gary

    Guest

    On Wed, 7 Apr 2004 18:32:15 -0400, "Gary" <>
    wrote:

    >From what I read a switch to Pix should be hardcoded 100MB/Full but as the
    >PIX is layerIII should the switch also have portfast set ?
    >
    >Can this cause any problems or is it just to stop the listening/learning
    >phases so should always be applied as standard ?
    >
    >Apart from 100MB Full/Portfast what else should be applied as standard if
    >anything.
    >
    >Many thanks
    >Gary
    >


    There's no real reason to set the portfast option. It only comes into
    play when the link first comes up. It is normally set for clients
    that use DHCP to avoid the initial blocking that interfers with a
    client sending out a DHCP request.
     
    , Apr 8, 2004
    #2
    1. Advertising

  3. Gary

    SysAdm Guest

    wrote in
    news::

    > On Wed, 7 Apr 2004 18:32:15 -0400, "Gary" <>
    > wrote:
    >
    >>From what I read a switch to Pix should be hardcoded 100MB/Full but as
    >>the PIX is layerIII should the switch also have portfast set ?
    >>
    >>Can this cause any problems or is it just to stop the
    >>listening/learning phases so should always be applied as standard ?
    >>
    >>Apart from 100MB Full/Portfast what else should be applied as standard
    >>if anything.
    >>
    >>Many thanks
    >>Gary
    >>

    >
    > There's no real reason to set the portfast option. It only comes into
    > play when the link first comes up. It is normally set for clients
    > that use DHCP to avoid the initial blocking that interfers with a
    > client sending out a DHCP request.
    >


    So what if the primary pix fails ? Do you wanna wait till SPT goes
    through its full cycle until your secondary pix becomes active ?

    Rule of thumb with connectivity to FWs is make set the L2 port as
    portfast.

    SysAdm
     
    SysAdm, Jun 27, 2004
    #3
  4. Gary

    Kevin Widner Guest

    SysAdm <> wrote in message news:<Xns95152441F631CSysAdm@217.32.252.50>...
    > wrote in
    > news::
    >
    > > On Wed, 7 Apr 2004 18:32:15 -0400, "Gary" <>
    > > wrote:
    > >
    > >>From what I read a switch to Pix should be hardcoded 100MB/Full but as
    > >>the PIX is layerIII should the switch also have portfast set ?
    > >>
    > >>Can this cause any problems or is it just to stop the
    > >>listening/learning phases so should always be applied as standard ?
    > >>
    > >>Apart from 100MB Full/Portfast what else should be applied as standard
    > >>if anything.
    > >>
    > >>Many thanks
    > >>Gary
    > >>

    > >
    > > There's no real reason to set the portfast option. It only comes into
    > > play when the link first comes up. It is normally set for clients
    > > that use DHCP to avoid the initial blocking that interfers with a
    > > client sending out a DHCP request.
    > >

    >
    > So what if the primary pix fails ? Do you wanna wait till SPT goes
    > through its full cycle until your secondary pix becomes active ?
    >
    > Rule of thumb with connectivity to FWs is make set the L2 port as
    > portfast.
    >
    > SysAdm




    Actually the secondary pix will have negotiated a link already, you
    will not have to wait for the STP negotiations for the secondary pix
    to take over. However, I would still recommend portfast on a port that
    the PIX connects to.

    When do you not want to use it? Portfast should be disabled on any
    port where you might see a spanning tree BPDU come from, this is
    generally only other switches, hubs, or routers. However, just because
    you turn portfast on, that doesn't mean that you have turned spanning
    tree off for that port, it's just that the switch will not do a check
    for loops before bringing up the port. If BPDU's are recieved on that
    port a standard STP calculation will take place and may end up putting
    the port in blocking mode, but the damage from a possible loop may
    have already been done by this point.

    Why should you use it, other than helping DHCP hosts which was
    mentioned above, and MS domain authentication, a better reason might
    be:

    Every time a link becomes active and moves to the forwarding state in
    STP, the switch will send a special STP packet named a Topology Change
    Notification (TCN). The TCN notification is passed up to the root of
    the Spanning Tree where it is propagated to all the switches in the
    VLAN. This causes all the switches to age out their table of MAC
    addresses using the forward delay parameter, which is usually set to
    15 seconds. So every time a workstation joins the bridge group, the
    MAC addresses on all the switches will be aged out after 15 seconds
    instead of the normal 300 seconds.

    When a workstation becomes active, it does not change the topology to
    any significant degree. As far as all the switches in the VLAN are
    concerned, it is unnecessary for them to have to go through the
    fast-aging TCN period. If you turn on PortFast, the switch will not
    send TCN packets when a port becomes active.
     
    Kevin Widner, Jul 16, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ka-50

    PIX 525 and two PIX-4FE-66=

    ka-50, Oct 19, 2004, in forum: Cisco
    Replies:
    1
    Views:
    588
    Walter Roberson
    Oct 19, 2004
  2. Replies:
    4
    Views:
    811
  3. Xavier
    Replies:
    2
    Views:
    4,179
  4. Nicolai

    no Portfast in cisco 85x?

    Nicolai, Jul 27, 2008, in forum: Cisco
    Replies:
    17
    Views:
    944
    Nicolai
    Aug 10, 2008
  5. APARIKH

    ASA 525, Cisco 3960 switch

    APARIKH, Mar 30, 2009, in forum: Cisco
    Replies:
    0
    Views:
    1,908
    APARIKH
    Mar 30, 2009
Loading...

Share This Page