Configuring SmartPort Macros
This chapter describes how to configure and apply SmartPort macros on your switch.
Note For complete syntax and usage information for the switch commands used in this chapter, refer to the Catalyst 4500 Series Switch Cisco IOS Command Reference and related publications at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/index.htm.
This chapter consists of these sections:
•Understanding SmartPort Macros
•Configuring Smart-Port Macros
•Displaying SmartPort Macros
Understanding SmartPort Macros
SmartPort macros provide a convenient way to save and share common configurations. You can use SmartPort macros to enable features and settings based on the location of a switch in the network and for mass configuration deployments across the network.
Each SmartPort macro is a set of CLI commands that you define. SmartPort macro sets do not contain new CLI commands; Each SmartPort macro is a group of existing CLI commands.
When you apply a SmartPort macro on an interface, the CLI commands contained within the macro are configured on the interface. When the macro is applied to an interface, the existing interface configurations are not lost. The new commands are added to interface and are saved in the running configuration file.
Configuring Smart-Port Macros
You can create a new SmartPort macro or use an existing macro as a template to create a new macro that is specific to your application. After you create the macro, you can apply it to an interface or a range of interfaces.
This section includes information about these topics:
•Default SmartPort Macro Configuration
•SmartPort Macro Configuration Guidelines
•Creating and Applying SmartPort Macros
Default SmartPort Macro Configuration
This section illustrates the default configurations for the four supported macros. These macros can only be viewed and applied; they cannot be modified by the user.
•cisco-desktop
•cisco-phone
•cisco-switch
•cisco-router
cisco-desktop
# Basic interface - Enable data VLAN only
# Recommended value for access vlan (AVID) should not be 1
switchport access vlan $AVID
# Enable port security limiting port to a single
# MAC address -- that of desktop
# Ensure port-security age is greater than one minute
# and use inactivity timer
# "Port-security maximum 1" is the default and will not
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
# Configure port as an edge network port
spanning-tree bpduguard enable
cisco-phone
# VoIP enabled interface - Enable data VLAN
# Recommended value for access vlan (AVID) should not be 1\
switchport access vlan $AVID
# Update the Voice VLAN (VVID) value which should be
# different from data VLAN
# Recommended value for voice vlan (VVID) should not be 1
switchport voice vlan $VVID
# Enable port security limiting port to a 3 MAC
# addressess -- One for desktop and two for phone
switchport port-security maximum 3
# Ensure port-security age is greater than one minute
# and use inactivity timer
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
# Enable auto-qos to extend trust to attached Cisco phone
auto qos voip cisco-phone
# Configure port as an edge network port
spanning-tree bpduguard enable@
cisco-switch
# Access Uplink to Distribution
switchport trunk encapsulation dot1q
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan (NVID) should not be 1
switchport trunk native vlan $NVID
# Update the allowed VLAN range (VRANGE) such that it
# includes data, voice and native VLANs
# switchport trunk allowed vlan $VRANGE
# Hardcode trunk and disable negotiation to
# Configure qos to trust this interface
# 802.1w defines the link as pt-pt for rapid convergence
spanning-tree link-type point-to-point
cisco-router
# Access Uplink to Distribution
switchport trunk encapsulation dot1q
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan (NVID) should not be 1
switchport trunk native vlan $NVID
# Update the allowed VLAN range (VRANGE) such that it
# includes data, voice and native VLANs
# switchport trunk allowed vlan $VRANGE
# Hardcode trunk and disable negotiation to
# Hardcode speed and duplex to router
# Configure qos to trust this interface
# Ensure fast access to the network when enabling the interface.
# Ensure that switch devices cannot become active on the interface.
spanning-tree bpduguard enable
SmartPort Macro Configuration Guidelines
Follow these guidelines when configuring macros on your switch:
•Do not use exit or end commands when creating a macro. This action could cause commands that follow exit or end to execute in a different command mode.
•When creating a macro, all CLI commands should be interface configuration mode commands.
•Some CLI commands are specific to certain interface types. The macro will fail the syntax check or the configuration check, and the switch will return an error message if it is applied to an interface that does not accept the configuration.
•When a macro is applied to an interface, all existing configuration on the interface is retained. This is helpful when applying an incremental configuration to an interface.
•If you modify a macro definition by adding or deleting commands, the changes are not reflected on the interface where the original macro was applied. You need to reapply the updated macro on the interface to apply the new or changed commands.
•You can use the macro trace macro-name interface configuration command to show what macros are running on an interface or to debug the macro to determine any syntax or configuration errors.
•If a command fails when you apply a macro, either due to a syntax error or to a configuration error, the macro continues to apply the remaining commands to the interface.
•Applying a macro to an interface range is the same as applying a macro to a single interface. When you use an interface range, the macro is applied sequentially to each individual interface within the range. If a macro command fails on one interface, it is still applied to the remaining interfaces.
Creating and Applying SmartPort Macros
To create and apply a SmartPort macro, perform the following task:
|
|
|
Step 1 |
Switch # configure terminal
|
Enters global configuration mode. |
Step 2 |
Switch(config)# macro name
macro-name
|
Creates a macro definition, and enters a macro name. A macro definition can contain up to 3000 characters. Enters the macro commands with one command per line. Use the @ character to end the macro. Use the # character at the beginning of a line to enter comment text within the macro. Do not use the exit or end commands in a macro. This action could cause any commands following exit or end to execute in a different command mode. For best results, all commands in a macro should be interface configuration mode commands. |
Step 3 |
Switch(config)# interface interface-id
|
Enters interface configuration mode and specifies the interface on which to apply the macro. |
Step 4 |
Switch(config-if)# macro {apply |
trace} macro-name
|
Applies each command defined in the macro to the interface. |
Step 5 |
Switch(config-if)# macro description
text
|
(Optional) Enters a description about the macro that is applied to the interface. |
Step 6 |
|
Returns to privileged EXEC mode. |
Step 7 |
Switch# show parser macro
|
Verifies that the macro was created. |
Step 8 |
Switch# show running-config
interface interface-id
|
Verifies that the macro is applied to an interface. |
Step 9 |
Switch# copy running-config
startup-config
|
(Optional) Saves your entries in the configuration file. |
The no form of the macro name global configuration command only deletes the macro definition. It does not affect the configuration of those interfaces on which the macro is already applied. You can delete a macro-applied configuration on an interface by entering the default interface interface-id interface configuration command. Alternatively, you can create an anti-macro for an existing macro that contains the no form of all the corresponding commands in the original macro. Then apply the anti-macro to the interface.
The following sections illustrate how to apply and display the attachments on each of the supported macros:
•cisco-desktop
•cisco-phone
•cisco-switch
•cisco-router
cisco-desktop
This example shows how to apply the cisco-desktop macro to interface Fast Ethernet interface 2/9:
Switch(config)# interface fastethernet2/9
Switch(config-if)# macro apply cisco-desktop $AVID 35
Switch# show parser macro name cisco-desktop
Macro name : cisco-desktop
Macro type : customizable
# Basic interface - Enable data VLAN only
# Recommended value for access vlan (AVID) should not be 1
switchport access vlan $AVID [access_vlan_id]
# Enable port security limiting port to a single
# MAC address -- that of desktop
# Ensure port-security age is greater than one minute
# and use inactivity timer
# "Port-security maximum 1" is the default and will not
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
# Configure port as an edge network port
spanning-tree bpduguard enable
Switch# show parser macro description
Interface Macro Description
--------------------------------------------------------------
--------------------------------------------------------------
cisco-phone
This example shows how to apply the cisco-phone macro to interface Fast Ethernet interface 2/9:
Switch(config)# interface fastethernet2/9
Switch(config-if)# macro apply cisco-phone
Switch(config-if)# macro description cisco-phone $AVID 35 $VVID 56
Switch# show parser macro name cisco-phone
Macro type : customizable
# VoIP enabled interface - Enable data VLAN
# Recommended value for access vlan (AVID) should not be 1\
switchport access vlan $AVID [access_vlan_id]
# Update the Voice VLAN (VVID) value which should be
# different from data VLAN
# Recommended value for voice vlan (VVID) should not be 1
switchport voice vlan $VVID [voice_vlan_id]
# Enable port security limiting port to a 3 MAC
# addressess -- One for desktop and two for phone
switchport port-security maximum 3
# Ensure port-security age is greater than one minute
# and use inactivity timer
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
# Enable auto-qos to extend trust to attached Cisco phone
auto qos voip cisco-phone
# Configure port as an edge network port
spanning-tree bpduguard enable@
Switch# show parser macro description
Interface Macro Description
--------------------------------------------------------------
--------------------------------------------------------------
cisco-switch
This example shows how to apply the cisco-switch macro to interface Fast Ethernet interface 2/9:
Switch(config)# interface fastethernet2/9
Switch(config-if)# macro apply cisco-switch
Switch(config-if)# macro description cisco-switch $NVID 38
Switch# show parser macro name cisco-switch
Macro name : cisco-switch
Macro type : customizable
# Access Uplink to Distribution
switchport trunk encapsulation dot1q
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan (NVID) should not be 1
switchport trunk native vlan $NVID [native_vlan_id]
# Update the allowed VLAN range (VRANGE) such that it
# includes data, voice and native VLANs
# switchport trunk allowed vlan $VRANGE [vlan_range]
# Hardcode trunk and disable negotiation to
# Configure qos to trust this interface
# 802.1w defines the link as pt-pt for rapid convergence
spanning-tree link-type point-to-point
Switch# show parser macro description
Interface Macro Description
--------------------------------------------------------------
--------------------------------------------------------------
cisco-router
This example shows how to apply the cisco-router macro to interface Fast Ethernet interface 2/9:
Switch(config)# interface fastethernet2/9
Switch(config-if)# macro apply cisco-router
Switch(config-if)# macro description cisco-router $NVID 45I
Switch# show parser macro name cisco-router
Macro name : cisco-router
Macro type : customizable
# Access Uplink to Distribution
switchport trunk encapsulation dot1q
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan (NVID) should not be 1
switchport trunk native vlan $NVID [native_vlan_id]
# Update the allowed VLAN range (VRANGE) such that it
# includes data, voice and native VLANs
# switchport trunk allowed vlan $VRANGE [vlan_range]
# Hardcode trunk and disable negotiation to
# Hardcode speed and duplex to router
# Configure qos to trust this interface
# Ensure fast access to the network when enabling the interface.
# Ensure that switch devices cannot become active on the interface.
spanning-tree bpduguard enable
Switch# show parser macro description
Interface Macro Description
--------------------------------------------------------------
--------------------------------------------------------------
Displaying SmartPort Macros
To display the SmartPort macros, use one or more of the privileged EXEC commands in Table 13-1.
Table 13-1 Commands for Displaying SmartPort Macros
|
|
show parser macro |
Displays all configured macros. |
show parser macro name macro-name |
Displays a specific macro. |
show parser macro brief |
Displays the configured macro names. |
show parser macro description [interface interface-id] |
Displays the macro description for all interfaces or for a specified interface. |