STP Features

Optional STP Features

Three proprietary additions to IEEE 802.1d STP from Cisco are: EtherChannel, PortFast, and BPDU Guard.

EtherChannel

EtherChannel provides a way to prevent STP convergence from being needed when only a single port or cable failure occurs.  EtherChannel combines multiple parallel segments of equal speed (up to eight) between the same pair of switches.  The switches treat the EtherChannel as a single interface with regard to the frame-forwarding process as well as for STP.  If one link fails but another remains up, STP convergence does not have to occur.  EtherChannel allows all parallel links to be up and working at the same time.

EtherChannel provides more network bandwidth.  All trunks in an EtherChannel are either forwarding or blocking, because STP treats all the trunks in the same EtherChannel as one trunk.  When an EtherChannel is in a Forwarding State, the switches load-balance traffic over all the trunks, providing more bandwidth.

PortFast

PortFast allows a switch to immediately place a port in Forwarding State when the port becomes physically active, bypassing any choices from the STP topology and bypassing the Listening / Learning States.  You can only safely enable PortFast on ports which no bridges, switches, or other STP-speaking devices are connected.

PortFast is most appropriate for connections to end-user devices.  Without PortFast, each port must wait while the switch confirms that the port is a DP, and then wait while the interface sits in the temporary Listening/Learning States before settling into the Forwarding State.

STP Security

Cisco BPDU Guard helps defeat attacks by disabling a port if any BPDUs are received on the port.  This feature is useful on ports that should only be used as an access port and never connected to another switch.  BPDU Guard and PortFast are often used on the same interface.

The Cisco Root Guard feature helps default problems where a rogue switch tries to become the root switch.  The Root Guard feature allows another switch to be connected to the interface, and participate in STP by sending and receiving BPDUs.  However, when the switch interface with Root Guard enabled receives a superior BPDU from the neighboring switch, a BPDU that has a lower/better BID, the switch with Root Guard reacts.  The switch will ignore the superior BPDU and disable the interface as long as the superior BPDUs keep arriving.  If the superior BPDUs stop arriving, the switch can start the interface again.