1.4.a PortFast
When new devices join a network via a switch that has STP enabled it can take around 30 seconds to get them connected. Devices today often boot up in significantly less time than this, so PortFast disables spanning tree on ports that don’t link to other switches.
You can only yse PortFast on non-trunking ports.
You wouldn’t want in on a port in which a loop is possible, but this isn’t always enforced like restrictions on the trunking ports are.
enable
configure terminal
#select the ports you want to enable PortFast on
interface range fastEthernet 0/1-24
spanning-tree portfast
1.4.b BPDU guard
BPDU guard ties into PortFast nicely. When enabled on a switch BPDU guard listens out for BPDU packages (which are used in STP) on interfaces with PortFast enabled. If BPDU guard detects BPDU packages coming in on a PortFast interface it will (err) disable that interface (to avoid causing a loop and downing the network).
enable
configure terminal
#select the ports you want to enable BPDU guard on
interface range fastEthernet 0/1-24
Either:
spanning-tree portfast bpdguard enable
Or:
spanning-tree bpduguard enable
Once BPDU guard has brought down an interface it will need to be brought back up manually by an administrator. Even if you put in another device that doesn’t send out BPDU packages it still requires manual intervention.
Other optional features:
Spanning-treee guard root: Prevents a new switch from being elected route from a certain port.