Subject: RE: 3550 Smartport Macro Macros are fairly simple. Basically all they are, is a collection of interface level commands grouped together and applied with a single named macro. It's just something to save typing effort, not fancy programming or technology behind it. This example shows how to define the desktop-config macro for an access switch interface, apply the macro to Fast Ethernet interface 0/9, add a description to the interface, and verify the configuration. You can substitute any interface level command you want for the ones I've listed here to get the desired effect. The key parts are the global config of macro name xxx to create the macro and macro apply to put those commands on the interface. Switch(config)# macro name desktop-config switchport mode access spanning-tree portfast spanning-tree bpduguard enable switchport port-security maximum 1 switchport access vlan 1 @ Switch(config)# interface fastethernet0/9 Switch(config-if)# macro apply desktop-config Switch(config-if)# macro description desktop-config Switch(config-if)# end Show parser are the show command roots for this. Switch# show parser macro name desktop-config Switch# show parser macro description This can also be applied to an interface range as follows, where unused is the interface range macro name SW-61(config)#define interface-range unused fa0/17 - 20 SW-61(config)#interface range macro unused SW-61(config-if-range)#macro apply desktop-config Chris --- Subject: Re: Difference between bpduguard & bpdufilter Matthew, Here are some of my notes: BPDU Guard: error-disables port if a portfast port receives a bpdu enable on all portfast ports: spanning-tree portfast bpduguard default enable per port: spanning-tree bpduguard [enable disable] BPDU Filtering: When enabled globally prevents portfast ports from sending bpdus. If bpdu is received, port becomes non-portfast and filtering is disabled spanning-tree portfast bpdufilter default On interface: DISABLES STP on the port: very dangerous! spanning-tree bpdufilter enable Global is recommended, per interface is dangerous. --- ---------- Forwarded message ---------- From: Gary Ring To: Anthony Sequeira Date: Wed, 18 Jan 2006 22:13:18 -0600 Subject: Re: DTP Good catch Anthony. It's like you just got your CCIE or something ;-) It's right there in the command reference. I saw it as soon as I read your post. Staring me in the face. Would the port still listen for DTP frames in trunk mode? Thanks. Gary Ring On 1/18/06, Anthony Sequeira wrote: > > You will find many threads on this in the archives - but here is the > short answer - > > You need to set the interfaces to either trunk mode or access mode - > AND THEN - you need to use the switchport nonegotiate command. For > some reason - everyone seemed to forget that here in this thread! > > Here is a DOC-CD snippet - > > switchport nonegotiate - Prevents the interface from generating DTP > frames. You can use this command only when the interface switchport > mode is access or trunk. You must manually configure the neighboring > interface as a trunk interface to establish a trunk link. ---