=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2006.02.14 05:58:59 =~=~=~=~=~=~=~=~=~=~=~= Router con0 is now available Press RETURN to get started. Router> RACK9AS>6 [Resuming connection 6 to r6 ... ] S6#sh pars macro Total number of macros = 6 -------------------------------------------------------------- Macro name : cisco-global Macro type : default global # Enable dynamic port error recovery for link state failures. errdisable recovery cause link-flap errdisable recovery interval 60 # Config Cos to DSCP mappings mls qos map cos-dscp 0 8 16 26 32 46 46 56 # Enable aggressive mode UDLD on all fiber uplinks udld aggressive # Enable Rapid PVST+ and Loopguard spanning-tree mode rapid-pvst spanning-tree loopguard default spanning-tree extend system-id -------------------------------------------------------------- Macro name : cisco-desktop Macro type : default interface # macro keywords $access_vlan # Basic interface - Enable data VLAN only # Recommended value for access vlan should not be 1 --More--  switchport access vlan $access_vlan switchport mode access # Enable port security limiting port to a single # MAC address -- that of desktop switchport port-security switchport port-security maximum 1 # Ensure port-security age is greater than one minute # and use inactivity timer switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity # Configure port as an edge network port spanning-tree portfast spanning-tree bpduguard enable -------------------------------------------------------------- Macro name : cisco-phone Macro type : default interface # Cisco IP phone + desktop template # macro keywords $access_vlan $voice_vlan --More--   # VoIP enabled interface - Enable data VLAN # and voice VLAN # Recommended value for access vlan should not be 1 switchport access vlan $access_vlan switchport mode access # Update the Voice VLAN value which should be # different from data VLAN # Recommended value for voice vlan should not be 1 switchport voice vlan $voice_vlan # Enable port security limiting port to a 3 MAC # addressess -- One for desktop and two for phone switchport port-security switchport port-security maximum 3 # Ensure port-security age is greater than one minute # and use inactivity timer switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity --More--   # Enable auto-qos to extend trust to attached Cisco phone auto qos voip cisco-phone # Configure port as an edge network port spanning-tree portfast spanning-tree bpduguard enable -------------------------------------------------------------- Macro name : cisco-switch Macro type : default interface # macro keywords $native_vlan # Access Uplink to Distribution # Do not apply to EtherChannel/Port Group switchport trunk encapsulation dot1q # Define unique Native VLAN on trunk ports # Recommended value for native vlan should not be 1 switchport trunk native vlan $native_vlan # Update the allowed VLAN range such that it # includes data, voice and native VLANs switchport trunk allowed vlan ALL --More--  # Hardcode trunk switchport mode trunk # Configure qos to trust this interface auto qos voip trust # 802.1w defines the link as pt-pt for rapid convergence spanning-tree link-type point-to-point -------------------------------------------------------------- Macro name : cisco-router Macro type : default interface # macro keywords $native_vlan # Access Uplink to Distribution switchport trunk encapsulation dot1q # Define unique Native VLAN on trunk ports # Recommended value for native vlan should not be 1 switchport trunk native vlan $native_vlan # Update the allowed VLAN range such that it # includes data, voice and native VLANs switchport trunk allowed vlan ALL --More--  # Hardcode trunk switchport mode trunk # Configure qos to trust this interface auto qos voip trust mls qos trust dscp # Ensure fast access to the network when enabling the interface. # Ensure that switch devices cannot become active on the interface. spanning-tree portfast trunk spanning-tree bpduguard enable -------------------------------------------------------------- Macro name : cisco-wireless Macro type : default interface # macro keywords $native_vlan # Access Uplink to Distribution switchport trunk encapsulation dot1q # Define unique Native VLAN on trunk ports # Recommended native vlan should NOT be 1 switchport trunk native vlan $native_vlan # Update the allowed VLAN range such that it --More--  # includes data, voice and native VLANs switchport trunk allowed vlan ALL # Hardcode trunk and disable negotiation to speed up convergence switchport mode trunk switchport nonegotiate # Configure qos to trust this interface auto qos voip trust mls qos trust cos # Ensure that switch devices cannot become active on the interface. spanning-tree bpduguard enable -------------------------------------------------------------- S6#config t Enter configuration commands, one per line. End with CNTL/Z. S6(config)#int fa 0/2 S6(config-if)#swu i S6(config-if)#switchport ? access Set access mode characteristics of the interface block Disable forwarding of unknown uni/multi cast addresses host Set port host mode Set trunking mode of the interface nonegotiate Device will not engage in negotiation protocol on this interface port-security Security related command priority Set appliance 802.1p priority protected Configure an interface to be a protected port trunk Set trunking characteristics of the interface voice Voice appliance attributes S6(config-if)#switchport            end S6# 20:14:24: %SYS-5-CONFIG_I: Configured from console by console S6# RACK9AS>4 5 [Resuming connection 5 to r5 ... ] S5#configt    t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#ion  nt fa 0/21 S5(config-if)#swi S5(config-if)#switchport ? access Set access mode characteristics of the interface block Disable forwarding of unknown uni/multi cast addresses host Set port host mode Set trunking mode of the interface nonegotiate Device will not engage in negotiation protocol on this interface port-security Security related command priority Set appliance 802.1p priority protected Configure an interface to be a protected port trunk Set trunking characteristics of the interface voice Voice appliance attributes S5(config-if)#switchport            str o S5(config-if)#storm-control ? action Action to take for storm-control broadcast Broadcast address storm control multicast Multicast address storm control unicast Unicast address storm control S5(config-if)#storm-control br S5(config-if)#storm-control broadcast       S5(config-if)#storm-control broadcast ? level Set storm suppression level on this interface S5(config-if)#storm-control broadcast level ? <0.00 - 100.00> Enter rising threshold pps Enter suppression level in packets per second S5(config-if)#storm-control broadcast level 50 ? <0.00 - 100.00> Enter falling threshold S5(config-if)#storm-control broadcast level 50 S5(config-if)#storm-control broadcast level 50                    mu S5(config-if)#storm-control multicast level 62 S5(config-if)#end S5#sh r 22:38:14: %SYS-5-CONFIG_I: Configured from console by console S5#sh run int fa 0/21 Building configuration... Current configuration : 143 bytes ! interface FastEthernet0/21 switchport mode dynamic desirable storm-control broadcast level 50.00 storm-control multicast level 62.00 end S5# S5#config t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#access-list 100 per tcpo    any any eq ? <0-65535> Port number bgp Border Gateway Protocol (179) chargen Character generator (19) cmd Remote commands (rcmd, 514) daytime Daytime (13) discard Discard (9) domain Domain Name Service (53) echo Echo (7) exec Exec (rsh, 512) finger Finger (79) ftp File Transfer Protocol (21) ftp-data FTP data connections (20) gopher Gopher (70) hostname NIC hostname server (101) ident Ident Protocol (113) irc Internet Relay Chat (194) klogin Kerberos login (543) kshell Kerberos shell (544) login Login (rlogin, 513) lpd Printer service (515) nntp Network News Transport Protocol (119) pim-auto-rp PIM Auto-RP (496) --More--   S5(config)#access-list 100 per tcp any any eq ident S5(config)#vlan acc S5(config)#vlan access-map ? WORD Vlan access map tag S5(config)#vlan access-map Prob12 ? <0-65535> Sequence to insert to/delete from existing vlan access-map entry S5(config)#vlan access-map Prob12 S5(config-access-map)#match ? ip IP based match mac MAC based match S5(config-access-map)#match ip ? address Match IP address to access control. S5(config-access-map)#match ip acc  dd 100 ? <1-199> IP access list (standard or extended) <1300-2699> IP expanded access list (standard or extended) WORD Access-list name S5(config-access-map)#match ip add 100 S5(config-access-map)#act S5(config-access-map)#action ? drop Drop packets forward Forward packets S5(config-access-map)#action drop ? S5(config-access-map)#action drop S5(config-access-map)#action drop match ip add 100 vlan access-map Prob12 20 S5(config-access-map)#actio for S5(config-access-map)#actio forward ? S5(config-access-map)#actio forward S5(config-access-map)#exit S5(config)#vlan ? WORD ISL VLAN IDs 1-4094 access-map Create vlan access-map or enter vlan access-map command mode dot1q dot1q parameters filter Apply a VLAN Map internal internal VLAN S5(config)#vlan fil S5(config)#vlan filter ? WORD VLAN map name S5(config)#vlan filter Prob12 ? vlan-list VLANs to apply filter to S5(config)#vlan filter Prob12 vlan S5(config)#vlan filter Prob12 vlan-list ? <1-4094> VLAN id all Remove this filter from all VLANs S5(config)#vlan filter Prob12 vlan-list all S5(config)#vlan filter Prob12 vlan-list all   1-400 94 S5(config)#vlan filter Prob12 vlan-list 1-4094nvlan filter Prob12 vlan-list 1-4094ovlan filter Prob12 vlan-list 1-4094 vlan filter Prob12 vlan-list 1-4094 S5(config)#no vlan filter Prob12 vlan-list 1-4094vlan filter Prob12 vlan-list 1-4094 all  S5(config)#do    ^Z S5#sh vlan fi S5#sh vlan filter 22:52:35: %SYS-5-CONFIG_I: Configured from console by console S5#sh vlan filter ? access-map Show the VLANs filtered by this map vlan Show the filter for a vlan | Output modifiers S5#sh vlan filter VLAN Map Prob12 is filtering VLANs: 1-4094 S5#sh run | b vlan acc vlan access-map Prob12 10 action drop match ip address 100 vlan access-map Prob12 20 action forward vlan filter Prob12 vlan-list 1-4094 ! ! interface FastEthernet0/1 switchport access vlan 10 switchport mode access ! interface FastEthernet0/2 switchport mode dynamic desirable shutdown ! interface FastEthernet0/3 switchport access vlan 30 switchport mode access ! interface FastEthernet0/4 switchport mode dynamic desirable shutdown --More--  ! interface FastEthernet0/5 switchport mode dynamic desirable ! interface FastEthernet0/6 switchport mode dynamic desirable ! interface FastEthernet0/7 switchport mode dynamic desirable ! interface FastEthernet0/8 switchport mode dynamic desirable ! interface FastEthernet0/9 switchport mode dynamic desirable ! interface FastEthernet0/10 switchport mode dynamic desirable ! interface FastEthernet0/11 switchport mode dynamic desirable ! interface FastEthernet0/12 --More--   switchport mode dynamic desirable ! interface FastEthernet0/13 switchport mode dynamic desirable ! interface FastEthernet0/14 switchport mode dynamic desirable ! interface FastEthernet0/15 switchport mode dynamic desirable ! interface FastEthernet0/16 switchport mode dynamic desirable ! interface FastEthernet0/17 switchport mode dynamic desirable ! interface FastEthernet0/18 switchport mode dynamic desirable ! interface FastEthernet0/19 switchport mode dynamic desirable ! --More--  interface FastEthernet0/20 switchport mode dynamic desirable ! interface FastEthernet0/21 switchport mode dynamic desirable storm-control broadcast level 50.00 storm-control multicast level 62.00 ! interface FastEthernet0/22 switchport mode dynamic desirable ! interface FastEthernet0/23 switchport mode dynamic desirable shutdown ! interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,20,30 switchport mode trunk switchport nonegotiate ! interface GigabitEthernet0/1 switchport mode dynamic desirable --More--  ! interface GigabitEthernet0/2 switchport mode dynamic desirable ! interface Vlan1 no ip address shutdown ! interface Vlan10 ip address 208.28.1.65 255.255.255.240 ! interface Vlan20 ip address 208.28.1.130 255.255.255.224 ! ip classless ip http server ip http secure-server ! ! access-list 100 permit tcp any any eq ident ! control-plane ! --More--   S5#config t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#iu  int fa 0/20 S5(config-if)#sw S5(config-if)#switchport ? access Set access mode characteristics of the interface block Disable forwarding of unknown uni/multi cast addresses host Set port host mode Set trunking mode of the interface nonegotiate Device will not engage in negotiation protocol on this interface port-security Security related command priority Set appliance 802.1p priority protected Configure an interface to be a protected port trunk Set trunking characteristics of the interface voice Voice appliance attributes S5(config-if)#switchport blo S5(config-if)#switchport block ? multicast Block unknown multicast addresses unicast Block unknown unicast addresses S5(config-if)#switchport block un S5(config-if)#switchport block unicast ? S5(config-if)#switchport block unicast S5(config-if)#^Z S5#sh run in 22:58:19: %SYS-5-CONFIG_I: Configured from console by console S5#sh run int fa 0/20 Building configuration... Current configuration : 95 bytes ! interface FastEthernet0/20 switchport mode dynamic desirable switchport block unicast end S5# S5#config t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#int fa 0/21 S5(config-if)#po  swi S5(config-if)#switchport port S5(config-if)#switchport port-security mac ? H.H.H 48 bit mac address sticky Configure dynamic secure addresses as sticky S5(config-if)#switchport port-security mac 0021  23.1123.4443 Port-security not enabled on interface FastEthernet0/21. S5(config-if)#do sh run int fa 0/21 Building configuration... Current configuration : 143 bytes ! interface FastEthernet0/21 switchport mode dynamic desirable storm-control broadcast level 50.00 storm-control multicast level 62.00 end S5(config-if)#swqi   S5(config-if)#switchport port S5(config-if)#switchport port-security Command rejected: FastEthernet0/21 is a dynamic port. S5(config-if)#swi S5(config-if)#switchport mode acc S5(config-if)#switchport mode access S5(config-if)#switchport mode access port-security S5(config-if)#do shswitchport port-security ~mode access port-security do sh run int fa 0/21 switchport port-security mac 0023.1123.4443do sh run int fa 0/21  Building configuration... Current configuration : 158 bytes ! interface FastEthernet0/21 switchport mode access switchport port-security storm-control broadcast level 50.00 storm-control multicast level 62.00 end S5(config-if)#do sh run int fa 0/21switchport port-security mode access port-security do sh run int fa 0/21 switchport port-security mac 0023.1123.4443 S5(config-if)#switchport port-security mac 0023.1123.4443 do sh int     o port S5(config-if)#do sh port Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------- Fa0/21 1 1 0 Shutdown --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 5120 S5(config-if)#^Z S5#sh po S5#sh po 23:02:06: %SYS-5-CONFIG_I: Configured from console by console S5#sh pom S5#sh pom rt S5#sh port-security m S5#sh port-security m ? address Show secure address interface Show secure interface | Output modifiers S5#sh port-security add S5#sh port-security address ? vlan Vlan limits | Output modifiers S5#sh port-security address Secure Mac Address Table ------------------------------------------------------------------------ Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 0023.1123.4443 SecureConfigured Fa0/21 - ------------------------------------------------------------------------ Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 5120 S5#sh run int fa 0/21 Building configuration... Current configuration : 211 bytes ! interface FastEthernet0/21 switchport mode access switchport port-security switchport port-security mac-address 0023.1123.4443 storm-control broadcast level 50.00 storm-control multicast level 62.00 end S5# S5#config t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#int fa 0/22 S5(config-if)#sqw  w S5(config-if)#switchport mode acc S5(config-if)#s sw S5(config-if)#switchport po S5(config-if)#switchport port-security S5(config-if)#sw S5(config-if)#switchport po S5(config-if)#switchport port-security vi S5(config-if)#switchport port-security violation ? protect Security violation protect mode restrict Security violation restrict mode shutdown Security violation shutdown mode S5(config-if)#switchport port-security violation re S5(config-if)#switchport port-security violation restrict ? S5(config-if)#switchport port-security violation restrict S5(config-if)#switchport port-security violation restrict                    mac 1111.2222.3333 Invalid secure mac-address 1111.2222.3333. S5(config-if)#switchport port-security mac 1111.2222.3333              12122 .1212.1212 S5(config-if)#^Z S5#sh run 23:13:36: %SYS-5-CONFIG_I: Configured from console by console S5#sh run int fa 0/22 Building configuration... Current configuration : 182 bytes ! interface FastEthernet0/22 switchport mode access switchport port-security switchport port-security violation restrict switchport port-security mac-address 1212.1212.1212 end S5# S5#config t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#ma S5(config)#macro S5(config)#macro > ? global Enter global macro apply name Name of the macro S5(config)#macro name ? WORD Name of the macro to create S5(config)#macro name PortSetup ? S5(config)#macro name PortSetup Enter macro commands one per line. End with the character '@'. ? @ S5(config)#@?macro name PortSetup nmacro name PortSetup omacro name PortSetup  macro name PortSetup  S5(config)# S5# 23:18:17: %SYS-5-CONFIG_I: Configured from console by console S5#config t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#int fa 0/19 S5(config-if)#so S5(config-if)#so t S5(config-if)#storm-control ? action Action to take for storm-control broadcast Broadcast address storm control multicast Multicast address storm control unicast Unicast address storm control S5(config-if)#storm-control br S5(config-if)#storm-control broadcast o ? level Set storm suppression level on this interface S5(config-if)#storm-control broadcast le S5(config-if)#storm-control broadcast level ? <0.00 - 100.00> Enter rising threshold pps Enter suppression level in packets per second S5(config-if)#storm-control broadcast level 25 S5# 23:19:03: %SYS-5-CONFIG_I: Configured from console by console S5#config t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#int fa 0/19no macro name PortSetup int fa 0/19  S5(config-if)#si S5(config-if)#si w S5(config-if)#switchport pro S5(config-if)#switchport protected           ? access Set access mode characteristics of the interface block Disable forwarding of unknown uni/multi cast addresses host Set port host mode Set trunking mode of the interface nonegotiate Device will not engage in negotiation protocol on this interface port-security Security related command priority Set appliance 802.1p priority protected Configure an interface to be a protected port trunk Set trunking characteristics of the interface voice Voice appliance attributes S5(config-if)#switchport pro S5(config-if)#switchport protected ? S5(config-if)#switchport protected S5# 23:22:59: %SYS-5-CONFIG_I: Configured from console by console S5#config t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#int fa 0/19 S5(config-if)#swi S5(config-if)#switchport port S5(config-if)#switchport port-security max S5(config-if)#switchport port-security maximum ? <1-5120> Maximum addresses S5(config-if)#switchport port-security maximum S5# 23:23:55: %SYS-5-CONFIG_I: Configured from console by console S5#config t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#macro name PortSetup Enter macro commands one per line. End with the character '@'. storm-control broadcast level 25 switchport mode access switchport access vlan $VLAN switchport protected swichport port-security switchport port-security maximum $MAC @ S5(config)#int fa 0/12 S5(config-if)#ma S5(config-if)#macr S5(config-if)#macro ? apply Apply a macro description Macro description for this interface trace Apply a macro with tracing on S5(config-if)#macro a   trac S5(config-if)#macro trace ? WORD Name of the macro to apply S5(config-if)#macro trace PortSetup ? WORD Keyword to replace with a value S5(config-if)#macro trace PortSetup $VLAN 22 $MAC 4 Applying command... 'storm-control broadcast level 25' Applying command... 'switchport mode access' Applying command... 'switchport access vlan 22' % Access VLAN does not exist. Creating vlan 22 Applying command... 'switchport protected' Applying command... 'swichport port-security' swichport port-security ^ % Invalid input detected at '^' marker. Applying command... 'switchport port-security maximum 4' S5(config-if)#exit S5(config)#exitmacro trace PortSetup $VLAN 22 $MAC 4int fa 0/12 @ switchport port-security maximum $MACchport port-security tchport protected access vlan $VLANmode access torm-control broadcast level 25witchport mode access access vlan $VLANprotected chport port-securitytchport port-security maximum $MAC@ int fa 0/12macro trace PortSetup $VLAN 22 $MAC 4exit  no macro name PortSetup S5(config)#macro name PortSetup Enter macro commands one per line. End with the character '@'. storm-control broadcast level 25 switchport mode access switchport access vlan $VLAN switchport protected switchport port-security switchport port-security maximum $MAC @ S5(config)#int fa 0/13 S5(config-if)#int fa 0/13@ switchport port-security maximum $MAC rotected access vlan $VLANprotected ort-security maximum $MAC@ int fa 0/13 int fa 0/13 2 S5(config-if)#int fa 0/123@ switchport port-security maximum $MAC rotected access vlan $VLANmode access torm-control broadcast level 25macro name PortSetup storm-control broadcast level 25witchport mode access access vlan $VLANprotected ort-security maximum $MAC@ int fa 0/132 macro tra S5(config-if)#macro trace PortSetup $v  $VLAN 22 $MAC 4 Applying command... 'storm-control broadcast level 25' Applying command... 'switchport mode access' Applying command... 'switchport access vlan 22' Applying command... 'switchport protected' Applying command... 'switchport port-security' Applying command... 'switchport port-security maximum 4' S5(config-if)#do sh run int fa 0/12 Building configuration... Current configuration : 247 bytes ! interface FastEthernet0/12 switchport access vlan 22 switchport mode access switchport protected switchport port-security maximum 4 switchport port-security macro description PortSetup | PortSetup storm-control broadcast level 25.00 end S5(config-if)#no macro description PortSetup S5(config-if)#no macro description PortSetupdo sh run int fa 0/12  Building configuration... Current configuration : 206 bytes ! interface FastEthernet0/12 switchport access vlan 22 switchport mode access switchport protected switchport port-security maximum 4 switchport port-security storm-control broadcast level 25.00 end S5(config-if)#int fa 0/13 S5(config-if)#int fa 0/13do sh run int fa 0/12no macro description PortSetupdo sh run int fa 0/12 macro trace PortSetup $VLAN 22 $MAC 4int fa 0/12 32macro trace PortSetup $VLAN 22 $MAC 4 6 $MAC 6 4 $MAC 6 Applying command... 'storm-control broadcast level 25' Applying command... 'switchport mode access' Applying command... 'switchport access vlan 24' % Access VLAN does not exist. Creating vlan 24 Applying command... 'switchport protected' Applying command... 'switchport port-security' Applying command... 'switchport port-security maximum 6' S5(config-if)#macro trace PortSetup $VLAN 24 $MAC 6int fa 0/13 do sh run int fa 0/12no macro description PortSetupdo sh run int fa 0/12  3 Building configuration... Current configuration : 235 bytes ! interface FastEthernet0/13 switchport access vlan 24 switchport mode access switchport protected switchport port-security maximum 6 switchport port-security macro description PortSetup storm-control broadcast level 25.00 end S5(config-if)#exit S5(config)# S5(config)#macro name JBbaseline Enter macro commands one per line. End with the character '@'. interface range fa 0/2 - 24 speed 100 duplex full interface fa 0/1 speed 10 duplex half interface range fa 0/1 - 23 switchport mode access spanning-tree portfast interface fa 0/24 switchport trunk encap dot1q switchport mode trunk @ S5(config)#macro global trace JBbaseline Applying command... 'interface range fa 0/2 - 24' Applying command... 'speed 100' Applying command... 'duplex full' Applying command... 'interface fa 0/1' Applying command... 'speed 10' Applying command... 'duplex half' Applying command... 'interface range fa 0/1 - 23' Applying command... 'switchport mode access' Applying command... 'spanning-tree portfast' %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast will be configured in 23 interfaces due to the range command but will only have effect when the interfaces are in a non-trunking mode. Applying command... 'interface fa 0/24' Applying command... 'switchport trunk encap dot1q' Applying command... 'switchport mode trunk' S5(config)#^Z S5# RACK9AS>6 [Resuming connection 6 to r6 ... ] S6#config t Enter configuration commands, one per line. End with CNTL/Z. S6(config)# S6(config)#macro name JBbaseline Enter macro commands one per line. End with the character '@'. interface range fa 0/2 - 24 speed 100 duplex full interface fa 0/1 speed 10 duplex half interface range fa 0/1 - 23 switchport mode access spanning-tree portfast interface fa 0/24 switchport trunk encap dot1q switchport mode trunk @ S6(config)#macro global trace JBbaseline Applying command... 'interface range fa 0/2 - 24' Applying command... 'speed 100' Applying command... 'duplex full' Applying command... 'interface fa 0/1' Applying command... 'speed 10' Applying command... 'duplex half' Applying command... 'interface range fa 0/1 - 23' Applying command... 'switchport mode access' Command rejected: Fa0/1 not a switching port. Applying command... 'spanning-tree portfast' Applying command... 'interface fa 0/24' Applying command... 'switchport trunk encap dot1q' Applying command... 'switchport mode trunk' S6(config)# 22:02:05: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down S6(config)# 22:02:06: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down S6(config)# 22:02:08: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to up 22:02:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up S6(config)# 22:02:16: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/2 (not half duplex), with R2 FastEthernet0/1 (half duplex). 22:02:16: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/2 (not half duplex), with R2 FastEthernet0/1 (half duplex). 22:02:16: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/2 (not half duplex), with R2 FastEthernet0/1 (half duplex). S6(config)#^Z S6# RACK9AS>1 [Resuming connection 1 to r1 ... ] R1# RACK9AS>2 [Resuming connection 2 to r2 ... ] *M R2#config t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#int fa 0/1 R2(config-if)#se peed 100 R2(config-if)#dupl ful R2(config-if)# *Mar 1 23:29:37.689: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down R2(config-if)#^Z R2# *Mar 1 23:29:40.077: %SYS-5-CONFIG_I: Configured from console by console R2# RACK9AS>3 [Resuming connection 3 to r3 ... ] R3#config t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#int fa 0/0 R3(config-if)#speed 100 R3(config-if)#du full R3(config-if)# *Mar 1 23:30:10.951: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down R3(config-if)#^Z R3# RACK9AS>4 [Resuming connection 4 to r4 ... ] R4#config t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#int fa 0/0 R4(config-if)#speed 100 R4(config-if)#du full R4(config-if)#^Z R4# *Mar 1 15:08:34.552: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down *Mar 1 15:08:34.952: %SYS-5-CONFIG_I: Configured from console by console R4# *Mar 1 15:08:38.964: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R4# *Mar 1 15:08:50.112: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/0 (not half duplex), with S6 FastEthernet0/4 (half duplex). R4# RACK9AS>6 [Resuming connection 6 to r6 ... ] 22: S6#sh run int fa 0/4 Building configuration... Current configuration : 84 bytes ! interface FastEthernet0/4 switchport access vlan 30 switchport mode access end S6#sh run Building configuration... Current configuration : 2708 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname S6 ! ! no aaa new-model ip subnet-zero no ip domain-lookup ! ! ! ! ! macro name JBbaseline interface range fa 0/2 - 24 speed 100 --More--  duplex full interface fa 0/1 speed 10 duplex half interface range fa 0/1 - 23 switchport mode access spanning-tree portfast interface fa 0/24 switchport trunk encap dot1q switchport mode trunk @ ! macro global description JBbaseline no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! interface FastEthernet0/1 no switchport ip address 17.57.100.2 255.255.255.0 --More--   speed 10 duplex half ! interface FastEthernet0/2 switchport access vlan 20 switchport mode access speed 100 duplex full ! interface FastEthernet0/3 switchport mode dynamic desirable shutdown ! interface FastEthernet0/4 switchport access vlan 30 switchport mode access ! interface FastEthernet0/5 switchport mode dynamic desirable ! interface FastEthernet0/6 switchport mode dynamic desirable ! --More--  interface FastEthernet0/7 switchport mode dynamic desirable ! interface FastEthernet0/8 switchport mode dynamic desirable ! interface FastEthernet0/9 switchport mode dynamic desirable ! interface FastEthernet0/10 switchport mode dynamic desirable ! interface FastEthernet0/11 switchport mode dynamic desirable ! interface FastEthernet0/12 switchport mode dynamic desirable ! interface FastEthernet0/13 switchport mode dynamic desirable ! interface FastEthernet0/14 switchport mode dynamic desirable --More--   S6#cofniug         config t Enter configuration commands, one per line. End with CNTL/Z. S6(config)#macro global trace JBbaseline Applying command... 'interface range fa 0/2 - 24' Applying command... 'speed 100' Applying command... 'duplex full' Applying command... 'interface fa 0/1' Applying command... 'speed 10' Applying command... 'duplex half' Applying command... 'interface range fa 0/1 - 23' Applying command... 'switchport mode access' Command rejected: Fa0/1 not a switching port. Applying command... 'spanning-tree portfast' Applying command... 'interface fa 0/24' Applying command... 'switchport trunk encap dot1q' Applying command... 'switchport mode trunk' S6(config)#^Z S6#sh run int 22:05:09: %SYS-5-CONFIG_I: Configured from console by console S6#sh run int fa 0/4 Building configuration... Current configuration : 84 bytes ! interface FastEthernet0/4 switchport access vlan 30 switchport mode access end S6# 22:05:12: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/4 (not full duplex), with R4 FastEthernet0/0 (full duplex). S6# RACK9AS>5 [Resuming connection 5 to r5 ... ] 23: S5#sh run Building configuration... Current configuration : 3804 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname S5 ! ! no aaa new-model ip subnet-zero no ip domain-lookup ! ! ! ! ! macro name PortSetup storm-control broadcast level 25 switchport mode access --More--  switchport access vlan $VLAN switchport protected switchport port-security switchport port-security maximum $MAC @ macro name JBbaseline interface range fa 0/2 - 24 speed 100 duplex full interface fa 0/1 speed 10 duplex half interface range fa 0/1 - 23 switchport mode access spanning-tree portfast interface fa 0/24 switchport trunk encap dot1q switchport mode trunk @ ! macro global description JBbaseline no file verify auto spanning-tree mode pvst --More--  spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan access-map Prob12 10 action drop match ip address 100 vlan access-map Prob12 20 action forward vlan filter Prob12 vlan-list 1-4094 ! ! interface FastEthernet0/1 switchport access vlan 10 switchport mode access speed 10 duplex half spanning-tree portfast ! interface FastEthernet0/2 switchport mode dynamic desirable shutdown speed 100 --More--   duplex full ! interface FastEthernet0/3 switchport access vlan 30 switchport mode access ! interface FastEthernet0/4 switchport mode dynamic desirable shutdown ! interface FastEthernet0/5 switchport mode dynamic desirable ! interface FastEthernet0/6 switchport mode dynamic desirable ! interface FastEthernet0/7 switchport mode dynamic desirable ! interface FastEthernet0/8 switchport mode dynamic desirable ! interface FastEthernet0/9 --More--   S5#q config t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#int ran S5(config)#int range fa 0/2 - 24 S5(config-if-range)# 23:36:42: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/3 (not full duplex), with R3 FastEthernet0/0 (full duplex). S5(config-if-range)#int range fa 0/2 - 2424  S5(config-if-range)# 23:37:42: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/3 (not full duplex), with R3 FastEthernet0/0 (full duplex). S5(config-if-range)#eit ^ % Invalid input detected at '^' marker. S5(config-if-range)#exit S5(config)# S5(config)# S5(config)#no macro name JBbaseline S5(config)#macro name JBbaseline Enter macro commands one per line. End with the character '@'. interface range fa 0/2 -24 speed 100 duplex full interface fa 0/1 speed 10 duplex half interface range fa 0/1 -23 switchport mode access spanning-tree portfast interface fa 0/24 switchport trunk encap dot1q switchport mode trunk @ S5(config)#macro global trace JBbaseline Applying command... 'interface range fa 0/2 -24' Applying command... 'speed 100' Applying command... 'duplex full' Applying command... 'interface fa 0/1' Applying command... 'speed 10' Applying command... 'duplex half' Applying command... 'interface range fa 0/1 -23' Applying command... 'switchport mode access' Applying command... 'spanning-tree portfast' Applying command... 'interface fa 0/24' Applying command... 'switchport trunk encap dot1q' Applying command... 'switchport mode trunk' S5(config)#^Z S5#s 23:38:01: %SYS-5-CONFIG_I: Configured from console by console S5#sh run Building configuration... Current configuration : 3815 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname S5 ! ! no aaa new-model ip subnet-zero no ip domain-lookup ! ! ! ! ! macro name PortSetup storm-control broadcast level 25 switchport mode access --More--  switchport access vlan $VLAN switchport protected switchport port-security switchport port-security maximum $MAC @ macro name JBbaseline interface range fa 0/2 -24 speed 100 duplex full interface fa 0/1 speed 10 duplex half interface range fa 0/1 -23 switchport mode access spanning-tree portfast interface fa 0/24 switchport trunk encap dot1q switchport mode trunk @ ! macro global description JBbaseline | JBbaseline no file verify auto spanning-tree mode pvst --More--  spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan access-map Prob12 10 action drop match ip address 100 vlan access-map Prob12 20 action forward vlan filter Prob12 vlan-list 1-4094 ! ! interface FastEthernet0/1 switchport access vlan 10 switchport mode access speed 10 duplex half spanning-tree portfast ! interface FastEthernet0/2 switchport mode dynamic desirable shutdown speed 100 --More--   duplex full ! interface FastEthernet0/3 switchport access vlan 30 switchport mode access ! interface FastEthernet0/4 switchport mode dynamic desirable shutdown ! interface FastEthernet0/5 switchport mode dynamic desirable ! interface FastEthernet0/6 switchport mode dynamic desirable ! interface FastEthernet0/7 switchport mode dynamic desirable ! interface FastEthernet0/8 switchport mode dynamic desirable ! interface FastEthernet0/9 --More-- 23:38:42: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/3 (not full duplex), with R3 FastEthernet0/0 (full duplex). --More--   S5#config t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#int ran fa 0/2-24 S5(config-if-range)#speed 100 S5(config-if-range)# 23:39:27: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down 23:39:27: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to down 23:39:27: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to down 23:39:27: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down S5(config-if-range)# 23:39:28: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to down S5(config-if-range)# 23:39:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up 23:39:29: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up S5(config-if-range)#du full S5(config-if-range)# 23:39:37: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to down S5(config-if-range)# 23:39:38: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to down S5(config-if-range)# 23:39:40: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state to up 23:39:41: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up S5(config-if-range)#^Z S5# RACK9AS>5 [Resuming connection 5 to r5 ... ] 2 S5#confif t ^ % Invalid input detected at '^' marker. S5#config t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#int 23:39:49: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/24 (not half duplex), with S6 FastEthernet0/24 (half duplex). S5(config)#int fa    rang fa 0/2 - 24 S5(config-if-range)#speed 100 S5(config-if-range)#du fu S5(config-if-range)#^Z S5# 23:40:08: %SYS-5-CONFIG_I: Configured from console by console S5# 23:40:09: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up S5# 23:40:49: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/24 (not half duplex), with S6 FastEthernet0/24 (half duplex). S5#sh run Building configuration... Current configuration : 4343 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname S5 ! ! no aaa new-model ip subnet-zero no ip domain-lookup ! ! ! ! ! macro name PortSetup storm-control broadcast level 25 switchport mode access --More--  switchport access vlan $VLAN switchport protected switchport port-security switchport port-security maximum $MAC @ macro name JBbaseline interface range fa 0/2 -24 speed 100 duplex full interface fa 0/1 speed 10 duplex half interface range fa 0/1 -23 switchport mode access spanning-tree portfast interface fa 0/24 switchport trunk encap dot1q switchport mode trunk @ ! macro global description JBbaseline | JBbaseline no file verify auto spanning-tree mode pvst --More--  spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan access-map Prob12 10 action drop match ip address 100 vlan access-map Prob12 20 action forward vlan filter Prob12 vlan-list 1-4094 ! ! interface FastEthernet0/1 switchport access vlan 10 switchport mode access speed 10 duplex half spanning-tree portfast ! interface FastEthernet0/2 switchport mode dynamic desirable shutdown speed 100 --More--   duplex full ! interface FastEthernet0/3 switchport access vlan 30 switchport mode access speed 100 duplex full ! interface FastEthernet0/4 switchport mode dynamic desirable shutdown speed 100 duplex full ! interface FastEthernet0/5 switchport mode dynamic desirable speed 100 duplex full ! interface FastEthernet0/6 switchport mode dynamic desirable speed 100 duplex full --More--  ! interface FastEthernet0/7 switchport mode dynamic desirable speed 100 duplex full ! interface FastEthernet0/8 switchport mode dynamic desirable speed 100 duplex full ! interface FastEthernet0/9 switchport mode dynamic desirable speed 100 duplex full ! interface FastEthernet0/10 switchport mode dynamic desirable speed 100 duplex full ! interface FastEthernet0/11 switchport mode dynamic desirable --More--   speed 100 duplex full ! interface FastEthernet0/12 switchport access vlan 22 switchport mode access switchport protected switchport port-security maximum 4 switchport port-security speed 100 duplex full storm-control broadcast level 25.00 ! interface FastEthernet0/13 switchport access vlan 24 switchport mode access switchport protected switchport port-security maximum 6 switchport port-security speed 100 duplex full macro description PortSetup storm-control broadcast level 25.00 --More--  ! interface FastEthernet0/14 switchport mode dynamic desirable speed 100 duplex full ! interface FastEthernet0/15 switchport mode dynamic desirable speed 100 duplex full ! interface FastEthernet0/16 switchport mode dynamic desirable speed 100 duplex full ! interface FastEthernet0/17 switchport mode dynamic desirable speed 100 duplex full ! interface FastEthernet0/18 switchport mode dynamic desirable --More--   speed 100 duplex full ! interface FastEthernet0/19 switchport mode dynamic desirable speed 100 duplex full ! interface FastEthernet0/20 switchport mode dynamic desirable switchport block unicast speed 100 duplex full ! interface FastEthernet0/21 switchport mode access switchport port-security switchport port-security mac-address 0023.1123.4443 speed 100 duplex full storm-control broadcast level 50.00 storm-control multicast level 62.00 ! --More--  interface FastEthernet0/22 switchport mode access switchport port-security switchport port-security violation restrict switchport port-security mac-address 1212.1212.1212 speed 100 duplex full ! interface FastEthernet0/23 switchport mode dynamic desirable shutdown speed 100 duplex full ! interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,20,30 switchport mode trunk switchport nonegotiate speed 100 duplex full ! interface GigabitEthernet0/1 --More--   switchport mode dynamic desirable ! interface GigabitEthernet0/2 switchport mode dynamic desirable ! interface Vlan1 no ip address shutdown ! interface Vlan10 ip address 208.28.1.65 255.255.255.240 ! interface Vlan20 ip address 208.28.1.130 255.255.255.224 ! ip classless ip http server ip http secure-server ! ! access-list 100 permit tcp any any eq ident ! control-plane --More-- RACK9AS> [Resuming connection 5 to r5 ... ]  ! --More-- RACK9AS>6 [Resuming connection 6 to r6 ... ] 22: S6#sh run int fa 0/24 Building configuration... Current configuration : 159 bytes ! interface FastEthernet0/24 switchport trunk encapsulation dot1q switchport trunk allowed vlan 10,20,30 switchport mode trunk switchport nonegotiate end S6#sh run int fa 0/24 3 Building configuration... Current configuration : 79 bytes ! interface FastEthernet0/23 switchport mode dynamic desirable shutdown end S6#config t Enter configuration commands, one per line. End with CNTL/Z. S6(config)#macro global trace JBbaseline@ macro global trace JBbaseline int rang fa 0/2 - 24 S6(config-if-range)#speed 100 S6(config-if-range)#du f 22:11:49: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to down 22:11:49: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to down S6(config-if-range)#du fu S6(config-if-range)#^Z S6# 22:11:51: %SYS-5-CONFIG_I: Configured from console by console S6# 22:11:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up 22:11:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up S6# RACK9AS>5 [Resuming connection 5 to r5 ... ] 23: ! --More--   S5#sh run | b macro macro name PortSetup storm-control broadcast level 25 switchport mode access switchport access vlan $VLAN switchport protected switchport port-security switchport port-security maximum $MAC @ macro name JBbaseline interface range fa 0/2 -24 speed 100 duplex full interface fa 0/1 speed 10 duplex half interface range fa 0/1 -23 switchport mode access spanning-tree portfast interface fa 0/24 switchport trunk encap dot1q switchport mode trunk @ ! --More--   S5# 23:42:32: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up S5#sh run int fa 0/12 Building configuration... Current configuration : 230 bytes ! interface FastEthernet0/12 switchport access vlan 22 switchport mode access switchport protected switchport port-security maximum 4 switchport port-security speed 100 duplex full storm-control broadcast level 25.00 end S5#sh run int fa 0/12 3 Building configuration... Current configuration : 259 bytes ! interface FastEthernet0/13 switchport access vlan 24 switchport mode access switchport protected switchport port-security maximum 6 switchport port-security speed 100 duplex full macro description PortSetup storm-control broadcast level 25.00 end S5# S5#config t Enter configuration commands, one per line. End with CNTL/Z. S5(config)#sp S5(config)#spanning-tree ? backbonefast Enable BackboneFast Feature etherchannel Spanning tree etherchannel specific configuration extend Spanning Tree 802.1t extensions logging Enable Spanning tree logging loopguard Spanning tree loopguard options mode Spanning tree operating mode mst Multiple spanning tree configuration pathcost Spanning tree pathcost options portfast Spanning tree portfast options transmit STP transmit parameters uplinkfast Enable UplinkFast Feature vlan VLAN Switch Spanning Tree S5(config)#spanning-tree m mst ? WORD MST instance range, example: 0-3,5,7-9 configuration Enter MST configuration submode forward-time Set the forward delay for the spanning tree hello-time Set the hello interval for the spanning tree max-age Set the max age interval for the spanning tree max-hops Set the max hops value for the spanning tree S5(config)#spanning-tree mst config ? S5(config)#spanning-tree mst config S5(config-mst)#? abort Exit region configuration mode, aborting changes exit Exit region configuration mode, applying changes instance Map vlans to an MST instance name Set configuration name no Negate a command or set its defaults private-vlan Set private-vlan synchronization revision Set configuration revision number show Display region configurations S5(config-mst)#^Z S5#sh sp 23:53:25: %SYS-5-CONFIG_I: Configured from console by console S5#sh span VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 32778 Address 000a.f49a.3580 Cost 19 Port 24 (FastEthernet0/24) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 000b.fd8f.7e00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/1 Desg FWD 100 128.1 Edge Shr Fa0/24 Root FWD 19 128.24 P2p --More--   S5#sh span de VLAN0010 is executing the ieee compatible Spanning Tree protocol Bridge Identifier has priority 32768, sysid 10, address 000b.fd8f.7e00 Configured hello time 2, max age 20, forward delay 15 Current root has priority 32778, address 000a.f49a.3580 Root port is 24 (FastEthernet0/24), cost of root path is 19 Topology change flag not set, detected flag not set Number of topology changes 14 last change occurred 00:11:11 ago from FastEthernet0/24 Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Timers: hello 0, topology change 0, notification 0, aging 300 Port 1 (FastEthernet0/1) of VLAN0010 is forwarding Port path cost 100, Port priority 128, Port Identifier 128.1. Designated root has priority 32778, address 000a.f49a.3580 Designated bridge has priority 32778, address 000b.fd8f.7e00 Designated port id is 128.1, designated path cost 19 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 The port is in the portfast mode Link type is shared by default BPDU: sent 689, received 0 --More--   S5#sh span de  sum Switch is in pvst mode Root bridge for: none Extended system ID is enabled Portfast Default is disabled PortFast BPDU Guard Default is disabled Portfast BPDU Filter Default is disabled Loopguard Default is disabled EtherChannel misconfig guard is enabled UplinkFast is disabled BackboneFast is disabled Configured Pathcost method used is short Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- VLAN0010 0 0 0 2 2 VLAN0020 0 0 0 1 1 VLAN0030 0 0 0 2 2 ---------------------- -------- --------- -------- ---------- ---------- 3 vlans 0 0 0 5 5 S5#sh par mac Total number of macros = 8 -------------------------------------------------------------- Macro name : cisco-global Macro type : default global # Enable dynamic port error recovery for link state failures. errdisable recovery cause link-flap errdisable recovery interval 60 # Config Cos to DSCP mappings mls qos map cos-dscp 0 8 16 26 32 46 46 56 # Enable aggressive mode UDLD on all fiber uplinks udld aggressive # Enable Rapid PVST+ and Loopguard spanning-tree mode rapid-pvst spanning-tree loopguard default spanning-tree extend system-id -------------------------------------------------------------- Macro name : cisco-desktop Macro type : default interface # macro keywords $access_vlan # Basic interface - Enable data VLAN only # Recommended value for access vlan should not be 1 --More--   S5#sh par mac Total number of macros = 8 -------------------------------------------------------------- Macro name : cisco-global Macro type : default global # Enable dynamic port error recovery for link state failures. errdisable recovery cause link-flap errdisable recovery interval 60 # Config Cos to DSCP mappings mls qos map cos-dscp 0 8 16 26 32 46 46 56 # Enable aggressive mode UDLD on all fiber uplinks udld aggressive # Enable Rapid PVST+ and Loopguard spanning-tree mode rapid-pvst spanning-tree loopguard default spanning-tree extend system-id -------------------------------------------------------------- Macro name : cisco-desktop Macro type : default interface # macro keywords $access_vlan # Basic interface - Enable data VLAN only # Recommended value for access vlan should not be 1 --More--   S5#[Ash par macspan sum Switch is in pvst mode Root bridge for: none Extended system ID is enabled Portfast Default is disabled PortFast BPDU Guard Default is disabled Portfast BPDU Filter Default is disabled Loopguard Default is disabled EtherChannel misconfig guard is enabled UplinkFast is disabled BackboneFast is disabled Configured Pathcost method used is short Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- VLAN0010 0 0 0 2 2 VLAN0020 0 0 0 1 1 VLAN0030 0 0 0 2 2 ---------------------- -------- --------- -------- ---------- ---------- 3 vlans 0 0 0 5 5 S5#sh span sumpar mac span sumde   VLAN0010 Spanning tree enabled protocol ieee Root ID Priority 32778 Address 000a.f49a.3580 Cost 19 Port 24 (FastEthernet0/24) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 000b.fd8f.7e00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/1 Desg FWD 100 128.1 Edge Shr Fa0/24 Root FWD 19 128.24 P2p --More--