- Index
- Preface
- Product Overview
- Command-Line Interfaces
- Smart Port Macros
- Virtual Switching Systems (VSS)
- Enhanced Fast Software Upgrade (eFSU)
- Fast Software Upgrades
- Stateful Switchover (SSO)
- Non-Stop Forwarding (NSF)
- RPR Supervisor Engine Redundancy
- Layer 2 LAN Port Configuration
- Flex Links
- EtherChannels
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- Spanning Tree Protocols (STP, MST)
- Optional STP Features
- IP Unicast Layer 3 Switching
- Policy Based Routing (PBR)
- Layer 3 Interface Configuration
- Unidirectional Ethernet (UDE) and unidirectional link routing (UDLR)
- Multiprotocol Label Switching (MPLS)
- MPLS VPN Support
- Ethernet over MPLS (EoMPLS)
- IPv4 Multicast Layer 3 Features
- IPv4 Multicast IGMP Snooping
- IPv4 PIM Snooping
- IPv4 Multicast VLAN Registration (MVR)
- IPv4 IGMP Filtering
- IPv4 Router Guard
- IPv4 Multicast VPN Support
- IPv6 Multicast Layer 3 Features
- IPv6 MLD Snooping
- Netflow
- NetFlow Data Export (NDE)
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- Local SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- PFC QoS
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast and Multicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Port Security
- Lawful Intercept
- Online Diagnostic Tests
Smart Port Macros
•Prerequisites for Smart Port Macros
•Restrictions for Smart Port Macros
•Information About Smart Port Macros
•Default Settings for Smart Port Macros
•How to Configure Smart Port Macros
•Verifying the Smart Port Macro Configuration
Note•For complete syntax and usage information for the commands used in this chapter, see these publications:
http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html
•Cisco IOS Release 15.1SY supports only Ethernet interfaces. Cisco IOS Release 15.1SY does not support any WAN features or commands.
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
Prerequisites for Smart Port Macros
None.
Restrictions for Smart Port Macros
•You can display all of the macros on the switch by using the show parser macro user EXEC command. Display the contents of a specific macro by using the show parser macro name macro-name user EXEC command.
•You cannot edit a macro. If the name following the macro name command is an existing macro's name, that macro is replaced by the new macro.
•If a description already exists for a macro, the macro description command appends any description that you enter to the existing description; it does not replace it. The entered descriptions are separated by the pipe ("|") character.
•The maximum macro description length is 256 characters. When the description string becomes longer than 256 characters, the oldest descriptions are deleted to make room for new ones.
•User-created recursive macros are not supported. You cannot define a macro that calls another macro.
•Each user-created macro can have up to three keyword-value pairs.
•A macro definition can contain up to 3,000 characters. Line endings count as two characters.
•When creating a macro, do not use the exit or end commands or change the command mode by using interface interface-id. This could cause commands that follow exit, end, or interface interface-id to execute in a different command mode. When creating a macro, all CLI commands should be in the same configuration mode.
•When creating a macro that requires the assignment of unique values, use the parameter value keywords to designate values specific to the interface. Keyword matching is case sensitive. All matching occurrences of the keyword are replaced with the corresponding value. Any full match of a keyword, even if it is part of a larger string, is considered a match and is replaced by the corresponding value.
•Macro names are case sensitive. For example, the commands macro name Sample-Macro and macro name sample-macro will result in two separate macros.
•Some macros might contain keywords that require a parameter value. You can use the macro global apply macro-name ? global configuration command or the macro apply macro-name ? interface configuration command to display a list of any required values in the macro. If you apply a macro without entering the keyword values, the commands are invalid and are not applied.
•When a macro is applied globally to a switch or to a switch interface, the existing configuration on the interface is retained. This is helpful when applying an incremental configuration.
•If you modify a macro definition by adding or deleting commands, the changes are not reflected on the interface where the original macro was applied. You need to reapply the updated macro on the interface to apply the new or changed commands.
•You can use the macro global trace macro-name global configuration command or the macro trace macro-name interface configuration command to apply and debug a macro to find any syntax or configuration errors. If a command fails because of a syntax error or a configuration error, the macro continues to apply the remaining commands.
•Some CLI commands are specific to certain interface types. If a macro is applied to an interface that does not accept the configuration, the macro will fail the syntax check or the configuration check, and the switch will return an error message.
•Applying a macro to an interface range is the same as applying a macro to a single interface. When you use an interface range, the macro is applied sequentially to each interface within the range. If a macro command fails on one interface, it is still applied to the remaining interfaces.
•When you apply a macro to a switch or a switch interface, the macro name is automatically added to the switch or interface. You can display the applied commands and macro names by using the show running-config user EXEC command.
Information About Smart Port Macros
•Information about Cisco-Provided Smart Port Macros
•Information about User-Created Smart Port Macros
Information about Cisco-Provided Smart Port Macros
Use the show parser macro user EXEC command to display the Cisco-provided smart port macros and the commands they contain.
Cisco also provides a collection of pretested, Cisco-recommended baseline configuration templates for Catalyst switches. The online reference guide templates provide the CLI commands that you can use to create smart port macros based on the usage of the port. You can use the configuration templates to create smart port macros to build and deploy Cisco-recommended network designs and configurations.
Information about User-Created Smart Port Macros
Smart port macros provide a convenient way to save and share common configurations. You can use smart port macros to enable features and settings based on the location of a switch in the network and for mass configuration deployments across the network.
Each smart port macro is a user-defined set of Cisco IOS CLI commands. When you apply a smart port macro on an interface, the CLI commands within the macro are configured on the interface. When the macro is applied to an interface, the existing interface configurations are not lost. The new commands are added to the interface and are saved in the running configuration file.
Default Settings for Smart Port Macros
This example shows how to list the Cisco-provided smart port macros that are provided by default:
Router# show parser macro brief
default global : cisco-global
default interface: cisco-desktop
default interface: cisco-phone
default interface: cisco-switch
default interface: cisco-router
How to Configure Smart Port Macros
•Using the Cisco-Provided Smart Port Macros
Using the Cisco-Provided Smart Port Macros
•Using the cisco-global Smart Port Macro
•Using the cisco-desktop Smart Port Macro
•Using the cisco-phone Smart Port Macro
•Using the cisco-switch Smart Port Macro
•Using the cisco-router Smart Port Macro
Using the cisco-global Smart Port Macro
•Displaying the Contents of the cisco-global Smart Port Macro
•Applying the cisco-global Smart Port Macro
Displaying the Contents of the cisco-global Smart Port Macro
Router# show parser macro name cisco-global
Macro name : cisco-global
Macro type : default global
# Enable dynamic port error recovery for link state
# failures
errdisable recovery cause link-flap
errdisable recovery interval 60
# VTP requires Transparent mode for future 802.1x Guest VLAN
# and current Best Practice
vtp domain [smartports]
vtp mode transparent
# Config Cos to DSCP mappings
mls qos map cos-dscp 0 8 16 26 32 46 48 56
# Enable aggressive mode UDLD on all fiber uplinks
udld aggressive
# Enable Rapid PVST+ and Loopguard
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
Applying the cisco-global Smart Port Macro
To apply the cisco-global smart port macro, perform this task:
This example shows how to apply the cisco-global smart port macro and display the name of the applied macro:
Router# configure terminal
Router(config)# macro global apply cisco-global
Changing VTP domain name from previous_domain_name to [smartports]
Setting device to VTP TRANSPARENT mode.
Router(config)# end
Router# show parser macro description
Global Macro(s): cisco-global
Interface Macro Description(s)
--------------------------------------------------------------
--------------------------------------------------------------
Router#
Using the cisco-desktop Smart Port Macro
•Displaying the Contents of the cisco-desktop Smart Port Macro
•Applying the cisco-desktop Smart Port Macro
Displaying the Contents of the cisco-desktop Smart Port Macro
Router# show parser macro name cisco-desktop
Macro name : cisco-desktop
Macro type : default interface
# macro keywords $AVID
# Basic interface - Enable data VLAN only
# Recommended value for access vlan (AVID) should not be 1
switchport
switchport access vlan $AVID
switchport mode access
# Enable port security limiting port to a single
# MAC address -- that of desktop
switchport port-security
switchport port-security maximum 1
# Ensure port-security age is greater than one minute
# and use inactivity timer
switchport port-security violation restrict
switchport port-security aging time 2
# Configure port as an edge network port
spanning-tree portfast
spanning-tree bpduguard enable
Applying the cisco-desktop Smart Port Macro
To apply the cisco-desktop smart port macro, perform this task:
This example shows how to apply the cisco-desktop smart port macro to Gigabit Ethernet port 1/1 with VLAN 2 specified as the access VLAN and how to verify the result:
Router# configure terminal
Router(config)# interface gigabitethernet 1/1
Router(config-if)# macro apply cisco-desktop $AVID 2
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on GigabitEthernet1/1 but will only
have effect when the interface is in a non-trunking mode.
Router(config)# end
Router# show parser macro description interface gigabitethernet 1/1
Global Macro(s): cisco-global
Interface Macro Description(s)
--------------------------------------------------------------
Gi1/1 cisco-desktop
--------------------------------------------------------------
Router# show running-config interface gigabitethernet 1/1
Building configuration...
Current configuration : 307 bytes
!
interface GigabitEthernet1/1
switchport
switchport access vlan 2
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
shutdown
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
end
Router#
Using the cisco-phone Smart Port Macro
•Displaying the Contents of the cisco-phone Smart Port Macro
•Applying the cisco-phone Smart Port Macro
Displaying the Contents of the cisco-phone Smart Port Macro
Router# show parser macro name cisco-phone
Macro name : cisco-phone
Macro type : default interface
# macro keywords $AVID $VVID
# VoIP enabled interface - Enable data VLAN
# and voice VLAN (VVID)
# Recommended value for access vlan (AVID) should not be 1
switchport
switchport access vlan $AVID
switchport mode access
# Update the Voice VLAN (VVID) value which should be
# different from data VLAN
# Recommended value for voice vlan (VVID) should not be 1
switchport voice vlan $VVID
# Enable port security limiting port to a 3 MAC
# addressess -- One for desktop and two for phone
switchport port-security
switchport port-security maximum 3
# Ensure port-security age is greater than one minute
# and use inactivity timer
switchport port-security violation restrict
switchport port-security aging time 2
# Enable auto-qos to extend trust to attached Cisco phone
auto qos voip cisco-phone
# Configure port as an edge network port
spanning-tree portfast
spanning-tree bpduguard enable
Applying the cisco-phone Smart Port Macro
To apply the cisco-phone smart port macro, perform this task:
When applying the cisco-phone smart port macro, note the following information:
•Some of the generated commands are in the category of PFC QoS commands that are applied to all ports controlled by a port ASIC. When one of these generated commands is applied, PFC QoS displays the messages caused by application of the command to all the ports controlled by the port ASIC. Depending on the module, these commands are applied to as many as 48 ports. See the "Number of port groups" and "Port ranges per port group" listed for each module in the Release Notes for Cisco IOS Release 15.1SY:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html
•You might see messages that instruct you to configure other ports to trust CoS. You must do so to enable the generated QoS commands.
•You might not be able to apply the cisco-phone smart port macro and other macros on ports that are controlled by the same port ASIC because of conflicting port trust state requirements.
This example shows how to apply the cisco-phone smart port macro to Gigabit Ethernet port 2/2 with VLAN 2 specified as the access VLAN and how to verify the result:
Router# configure terminal
Router(config)# interface gigabitethernet 2/2
Router(config-if)# macro apply cisco-phone $AVID 2 $VVID 3
Hardware QoS is enabled
Propagating cos-map to inband port
Propagating cos-map configuration to: [port list not shown]
[Output for other ports controlled by the same port ASIC omitted]
Warning: rcv cosmap will not be applied in hardware.
To modify rcv cosmap in hardware, all of the interfaces below
must be put into 'trust cos' state:
[port list not shown]
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on GigabitEthernet1/2 but will only
have effect when the interface is in a non-trunking mode.
Router(config)# end
Router# show parser macro description interface gigabitethernet 2/2
Global Macro(s): cisco-global
Interface Macro Description(s)
--------------------------------------------------------------
Gi2/2 cisco-phone
--------------------------------------------------------------
Router# show running-config interface gigabitethernet 2/2
Building configuration...
Building configuration...
Current configuration : 307 bytes
!
interface GigabitEthernet1/2
Building configuration...
Current configuration : 1336 bytes
!
interface GigabitEthernet2/2
switchport
switchport access vlan 2
switchport mode access
switchport voice vlan 3
switchport port-security
switchport port-security maximum 3
switchport port-security aging time 2
switchport port-security violation restrict
shutdown
[QoS queuing commands omitted: these vary according to port type]
platform qos trust cos
auto qos voip cisco-phone
macro description cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
end
Router#
Using the cisco-switch Smart Port Macro
•Displaying the Contents of the cisco-switch Smart Port Macro
•Applying the cisco-switch Smart Port Macro
Displaying the Contents of the cisco-switch Smart Port Macro
Router# show parser macro name cisco-switch
Macro name : cisco-switch
Macro type : default interface
# macro keywords $NVID
# Do not apply to EtherChannel/Port Group
# Access Uplink to Distribution
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan (NVID) should not be 1
switchport
switchport trunk native vlan $NVID
# Update the allowed VLAN range (VRANGE) such that it
# includes data, voice and native VLANs
# switchport trunk allowed vlan VRANGE
# Hardcode trunk and disable negotiation to
# speed up convergence
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
# 802.1w defines the link as pt-pt for rapid convergence
spanning-tree link-type point-to-point
Router#
Applying the cisco-switch Smart Port Macro
To apply the cisco-switch smart port macro, perform this task:
This example shows how to apply the cisco-switch smart port macro to Gigabit Ethernet port 1/4 with VLAN 4 specified as the native VLAN and how to verify the result:
Router# configure terminal
Router(config)# interface gigabitethernet 1/4
Router(config-if)# macro apply cisco-switch $NVID 4
Router(config-if)# end
Router# show parser macro description interface gigabitethernet 1/4
Interface Macro Description(s)
--------------------------------------------------------------
Gi1/4 cisco-switch
--------------------------------------------------------------
Router# show running-config interface gigabitethernet 1/4
Building configuration...
Current configuration : 247 bytes
!
interface GigabitEthernet1/4
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 4
switchport mode trunk
switchport nonegotiate
shutdown
macro description cisco-switch
spanning-tree link-type point-to-point
end
Router#
Using the cisco-router Smart Port Macro
•Displaying the Contents of the cisco-router Smart Port Macro
•Applying the cisco-router Smart Port Macro
Displaying the Contents of the cisco-router Smart Port Macro
Router# show parser macro name cisco-router
Macro name : cisco-router
Macro type : default interface
# macro keywords $NVID
# Do not apply to EtherChannel/Port Group
# Access Uplink to Distribution
switchport
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan (NVID) should not be 1
switchport trunk native vlan $NVID
# Update the allowed VLAN range (VRANGE) such that it
# includes data, voice and native VLANs
# switchport trunk allowed vlan VRANGE
# Hardcode trunk and disable negotiation to
# speed up convergence
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
# Configure qos to trust this interface
auto qos voip trust
mls qos trust dscp
# Ensure fast access to the network when enabling the interface.
# Ensure that switch devices cannot become active on the interface.
spanning-tree portfast
spanning-tree bpduguard enable
Router#
Applying the cisco-router Smart Port Macro
To apply the cisco-router smart port macro, perform this task:
Note The cisco-router smart port macro includes the auto qos voip trust command. When entered on a port configured with the switchport command, the auto qos voip trust command generates and applies the mls qos trust cos command to the port, but the cisco-router smart port macro changes the port trust state to trust DSCP with the mls qos trust dscp command. When you apply the cisco-router smart port macro, ignore messages that instruct you to enter the mls qos trust cos command on other ports controlled by the port ASIC.
This example shows how to apply the cisco-router smart port macro to Gigabit Ethernet port 1/5 and how to verify the result:
Router# configure terminal
Router(config)# interface gigabitethernet 1/5
Router(config-if)# macro apply cisco-router $NVID 5
Hardware QoS is enabled
Propagating cos-map to inband port
Propagating cos-map configuration to: [port list not shown]
[Output for other ports controlled by the same port ASIC omitted]
[Output from temporarily applied trust CoS command omitted]
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on GigabitEthernet1/5 but will only
have effect when the interface is in a non-trunking mode.
Router(config-if)# end
Router# show parser macro description interface gigabitethernet 1/5
Interface Macro Description(s)
--------------------------------------------------------------
Gi1/5 cisco-router
--------------------------------------------------------------
Router# show running-config interface gigabitethernet 1/5
Building configuration...
Current configuration : 1228 bytes
!
interface GigabitEthernet1/5
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 5
switchport mode trunk
switchport nonegotiate
shutdown
wrr-queue bandwidth 20 100 200
[QoS queuing commands omitted: these vary according to port type]
mls qos trust dscp
auto qos voip trust
macro description cisco-router
spanning-tree portfast
spanning-tree bpduguard enable
end
Router#
Creating Smart Port Macros
•Applying User-Created Smart Port Macros
Creating Smart Port Macros
To create a smart port macro, perform this task:
Note The no form of the macro name global configuration command only deletes the macro definition. It does not affect the configuration of those interfaces on which the macro is already applied.
This example shows how to create a macro that defines the Layer 2 access VLAN and the number of secure MAC addresses and also includes two help string keywords by using # macro keywords:
Router(config)# macro name test
#macro keywords $VLANID $MAX
switchport access vlan $VLANID
switchport port-security maximum $MAX
@
Applying User-Created Smart Port Macros
To apply a smart port macro, perform this task:
You can delete a global macro-applied configuration on a switch only by entering the no version of each command that is in the macro. You can delete all configurations on an interface by entering the default interface interface_id interface configuration command.
This example shows how to apply the user-created macro called snmp, to set the host name address to test-server and to set the IP precedence value to 7:
Router(config)#
macro global apply snmp ADDRESS test-server VALUE 7
This example shows how to debug the user-created macro called snmp by using the macro global trace global configuration command to find any syntax or configuration errors in the macro when it is applied to the switch:
Router(config)# macro global trace snmp VALUE 7
Applying command...`snmp-server enable traps port-security'
Applying command...`snmp-server enable traps linkup'
Applying command...`snmp-server enable traps linkdown'
Applying command...`snmp-server host'
%Error Unknown error.
Applying command...`snmp-server ip precedence 7'
This example shows how to apply the user-created macro called desktop-config and to verify the configuration:
Router(config)# interface gigabitethernet1/2
Router(config-if)# macro apply desktop-config
Router(config-if)# end
Router# show parser macro description
Interface Macro Description
--------------------------------------------------------------
Gi1/2 desktop-config
--------------------------------------------------------------
This example shows how to apply the user-created macro called desktop-config and to replace all occurrences of vlan with VLAN ID 25:
Router(config-if)# macro apply desktop-config vlan 25
Verifying the Smart Port Macro Configuration
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum