Smart Port Macros

note.gif

Noteblank.gif For complete syntax and usage information for the commands used in this chapter, see these publications:

http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html

  • Cisco IOS Release 15.4SY supports only Ethernet interfaces. Cisco IOS Release 15.4SY does not support any WAN features or commands.


 


Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:

http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html

Participate in the Technical Documentation Ideas forum


 

Prerequisites for Smart Port Macros

None.

Restrictions for Smart Port Macros

  • You can display all of the macros on the switch by using the show parser macro user EXEC command. Display the contents of a specific macro by using the show parser macro name macro-name user EXEC command.
  • You cannot edit a macro. If the name following the macro name command is an existing macro’s name, that macro is replaced by the new macro.
  • If a description already exists for a macro, the macro description command appends any description that you enter to the existing description; it does not replace it. The entered descriptions are separated by the pipe (“|”) character.
  • The maximum macro description length is 256 characters. When the description string becomes longer than 256 characters, the oldest descriptions are deleted to make room for new ones.
  • User-created recursive macros are not supported. You cannot define a macro that calls another macro.
  • Each user-created macro can have up to three keyword-value pairs.
  • A macro definition can contain up to 3,000 characters. Line endings count as two characters.
  • When creating a macro, do not use the exit or end commands or change the command mode by using interface interface-id. This could cause commands that follow exit, end, or interface interface-id to execute in a different command mode. When creating a macro, all CLI commands should be in the same configuration mode.
  • When creating a macro that requires the assignment of unique values, use the parameter value keywords to designate values specific to the interface. Keyword matching is case sensitive. All matching occurrences of the keyword are replaced with the corresponding value. Any full match of a keyword, even if it is part of a larger string, is considered a match and is replaced by the corresponding value.
  • Macro names are case sensitive. For example, the commands macro name Sample-Macro and macro name sample-macro will result in two separate macros.
  • Some macros might contain keywords that require a parameter value. You can use the macro global apply macro-name ? global configuration command or the macro apply macro-name ? interface configuration command to display a list of any required values in the macro. If you apply a macro without entering the keyword values, the commands are invalid and are not applied.
  • When a macro is applied globally to a switch or to a switch interface, the existing configuration on the interface is retained. This is helpful when applying an incremental configuration.
  • If you modify a macro definition by adding or deleting commands, the changes are not reflected on the interface where the original macro was applied. You need to reapply the updated macro on the interface to apply the new or changed commands.
  • You can use the macro global trace macro-name global configuration command or the macro trace macro-name interface configuration command to apply and debug a macro to find any syntax or configuration errors. If a command fails because of a syntax error or a configuration error, the macro continues to apply the remaining commands.
  • Some CLI commands are specific to certain interface types. If a macro is applied to an interface that does not accept the configuration, the macro will fail the syntax check or the configuration check, and the switch will return an error message.
  • Applying a macro to an interface range is the same as applying a macro to a single interface. When you use an interface range, the macro is applied sequentially to each interface within the range. If a macro command fails on one interface, it is still applied to the remaining interfaces.
  • When you apply a macro to a switch or a switch interface, the macro name is automatically added to the switch or interface. You can display the applied commands and macro names by using the show running-config user EXEC command.

Information About Smart Port Macros

Information about Cisco-Provided Smart Port Macros

Use the show parser macro user EXEC command to display the Cisco-provided smart port macros and the commands they contain.

 

Table 4-1 Cisco-Provided Smart Port Macros

Macro Name
Description

cisco-global

Use this global configuration macro to enable load balancing across VLANs, provide rapid convergence of spanning-tree instances and to enable port error recovery.

cisco-desktop

Use this interface configuration macro for increased network security and reliability when connecting a desktop device, such as a PC, to a switch port.

cisco-phone

Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.

cisco-switch

Use this interface configuration macro for Layer 2 connections between devices like switches and routers.

cisco-router

Use this interface configuration macro for Layer 3 connections between devices like switches and routers.

Cisco also provides a collection of pretested, Cisco-recommended baseline configuration templates for Catalyst switches. The online reference guide templates provide the CLI commands that you can use to create smart port macros based on the usage of the port. You can use the configuration templates to create smart port macros to build and deploy Cisco-recommended network designs and configurations.

Information about User-Created Smart Port Macros

Smart port macros provide a convenient way to save and share common configurations. You can use smart port macros to enable features and settings based on the location of a switch in the network and for mass configuration deployments across the network.

Each smart port macro is a user-defined set of Cisco IOS CLI commands. When you apply a smart port macro on an interface, the CLI commands within the macro are configured on the interface. When the macro is applied to an interface, the existing interface configurations are not lost. The new commands are added to the interface and are saved in the running configuration file.

Default Settings for Smart Port Macros

This example shows how to list the Cisco-provided smart port macros that are provided by default:

Router# show parser macro brief
default global : cisco-global
default interface: cisco-desktop
default interface: cisco-phone
default interface: cisco-switch
default interface: cisco-router

How to Configure Smart Port Macros

Using the Cisco-Provided Smart Port Macros

Using the cisco-global Smart Port Macro

Displaying the Contents of the cisco-global Smart Port Macro

Router# show parser macro name cisco-global
Macro name : cisco-global
Macro type : default global
# Enable dynamic port error recovery for link state
# failures
errdisable recovery cause link-flap
errdisable recovery interval 60
 
# VTP requires Transparent mode for future 802.1x Guest VLAN
# and current Best Practice
vtp domain [smartports]
vtp mode transparent
 
# Config Cos to DSCP mappings
platform qos map cos-dscp 0 8 16 26 32 46 48 56
 
# Enable aggressive mode UDLD on all fiber uplinks
udld aggressive
 
# Enable Rapid PVST+ and Loopguard
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id

Applying the cisco-global Smart Port Macro

To apply the cisco-global smart port macro, perform this task:

 

Command
Purpose

Step 1

Router# configure terminal

Enters global configuration mode.

Step 2

Router(config)# macro global apply cisco-global

Applies the cisco-global smart port macro.

Step 3

Router(config)# end

Returns to privileged EXEC mode.

This example shows how to apply the cisco-global smart port macro and display the name of the applied macro:

Router# configure terminal
Router(config)# macro global apply cisco-global
Changing VTP domain name from previous_domain_name to [smartports]
Setting device to VTP TRANSPARENT mode.
Router(config)# end
Router# show parser macro description
Global Macro(s): cisco-global
 
Interface Macro Description(s)
--------------------------------------------------------------
--------------------------------------------------------------
Router#

Using the cisco-desktop Smart Port Macro

Displaying the Contents of the cisco-desktop Smart Port Macro

Router# show parser macro name cisco-desktop
Macro name : cisco-desktop
Macro type : default interface
# macro keywords $AVID
# Basic interface - Enable data VLAN only
# Recommended value for access vlan (AVID) should not be 1
switchport
switchport access vlan $AVID
switchport mode access
 
# Enable port security limiting port to a single
# MAC address -- that of desktop
switchport port-security
switchport port-security maximum 1
 
# Ensure port-security age is greater than one minute
# and use inactivity timer
switchport port-security violation restrict
switchport port-security aging time 2
# Configure port as an edge network port
spanning-tree portfast
spanning-tree bpduguard enable

Applying the cisco-desktop Smart Port Macro

To apply the cisco-desktop smart port macro, perform this task:

 

Command
Purpose

Step 1

Router# configure terminal

Enters global configuration mode.

Step 2

Router(config)# interface type slot/port

Selects the interface to configure.

Step 3

Router(config-if)# macro apply cisco-desktop $AVID access_vlan_ID

Applies the cisco-desktop smart port macro. The recommended range for access_vlan_ID is 2–4094.

Step 4

Router(config-if)# end

Returns to privileged EXEC mode.

This example shows how to apply the cisco-desktop smart port macro to Gigabit Ethernet port 1/1 with VLAN 2 specified as the access VLAN and how to verify the result:

Router# configure terminal
Router(config)# interface gigabitethernet 1/1
Router(config-if)# macro apply cisco-desktop $AVID 2
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
 
%Portfast has been configured on GigabitEthernet1/1 but will only
have effect when the interface is in a non-trunking mode.
Router(config)# end
Router# show parser macro description interface gigabitethernet 1/1
Global Macro(s): cisco-global
 
Interface Macro Description(s)
--------------------------------------------------------------
Gi1/1 cisco-desktop
--------------------------------------------------------------
Router# show running-config interface gigabitethernet 1/1
Building configuration...
 
Current configuration : 307 bytes
!
interface GigabitEthernet1/1
switchport
switchport access vlan 2
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
shutdown
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
end
 
Router#

Using the cisco-phone Smart Port Macro

Displaying the Contents of the cisco-phone Smart Port Macro

Router# show parser macro name cisco-phone
Macro name : cisco-phone
Macro type : default interface
# macro keywords $AVID $VVID
# VoIP enabled interface - Enable data VLAN
# and voice VLAN (VVID)
# Recommended value for access vlan (AVID) should not be 1
switchport
switchport access vlan $AVID
switchport mode access
 
# Update the Voice VLAN (VVID) value which should be
# different from data VLAN
# Recommended value for voice vlan (VVID) should not be 1
switchport voice vlan $VVID
 
# Enable port security limiting port to a 3 MAC
# addressess -- One for desktop and two for phone
switchport port-security
switchport port-security maximum 3
 
# Ensure port-security age is greater than one minute
# and use inactivity timer
switchport port-security violation restrict
switchport port-security aging time 2
# Enable auto-qos to extend trust to attached Cisco phone
auto qos voip cisco-phone
 
# Configure port as an edge network port
spanning-tree portfast
spanning-tree bpduguard enable

Applying the cisco-phone Smart Port Macro

To apply the cisco-phone smart port macro, perform this task:

 

Command
Purpose

Step 1

Router# configure terminal

Enters global configuration mode.

Step 2

Router(config)# interface type slot/port

Selects the interface to configure.

Step 3

Router(config-if)# macro apply cisco-phone $AVID access_vlan_ID $VVID voice_vlan_ID

Applies the cisco-phone smart port macro. The recommended range for access_vlan_ID is 2–4094. The recommended range for voice_vlan_ID is 2–4094.

Step 4

Router(config-if)# end

Returns to privileged EXEC mode.

When applying the cisco-phone smart port macro, note the following information:

  • Some of the generated commands are in the category of PFC QoS commands that are applied to all ports controlled by a port ASIC. When one of these generated commands is applied, PFC QoS displays the messages caused by application of the command to all the ports controlled by the port ASIC. Depending on the module, these commands are applied to as many as 48 ports. See the “Number of port groups” and “Port ranges per port group” listed for each module in the Release Notes for Cisco IOS Release 15.2SY :

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html

  • You might see messages that instruct you to configure other ports to trust CoS. You must do so to enable the generated QoS commands.
  • You might not be able to apply the cisco-phone smart port macro and other macros on ports that are controlled by the same port ASIC because of conflicting port trust state requirements.

This example shows how to apply the cisco-phone smart port macro to Gigabit Ethernet port 2/2 with VLAN 2 specified as the access VLAN and how to verify the result:

Router# configure terminal
Router(config)# interface gigabitethernet 2/2
Router(config-if)# macro apply cisco-phone $AVID 2 $VVID 3
Hardware QoS is enabled
Propagating cos-map to inband port
Propagating cos-map configuration to: [port list not shown]
 

[Output for other ports controlled by the same port ASIC omitted]

Warning: rcv cosmap will not be applied in hardware.
To modify rcv cosmap in hardware, all of the interfaces below
must be put into 'trust cos' state:
[port list not shown]
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
 
%Portfast has been configured on GigabitEthernet1/2 but will only
have effect when the interface is in a non-trunking mode.
Router(config)# end
 
Router# show parser macro description interface gigabitethernet 2/2
Global Macro(s): cisco-global
 
Interface Macro Description(s)
--------------------------------------------------------------
Gi2/2 cisco-phone
--------------------------------------------------------------
 
Router# show running-config interface gigabitethernet 2/2
Building configuration...
 
Building configuration...
 
Current configuration : 307 bytes
!
interface GigabitEthernet1/2
Building configuration...
 
Current configuration : 1336 bytes
!
interface GigabitEthernet2/2
switchport
switchport access vlan 2
switchport mode access
switchport voice vlan 3
switchport port-security
switchport port-security maximum 3
switchport port-security aging time 2
switchport port-security violation restrict
shutdown
 

[QoS queuing commands omitted: these vary according to port type]

platform qos trust cos
auto qos voip cisco-phone
macro description cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
end
 
Router#

Using the cisco-switch Smart Port Macro

Displaying the Contents of the cisco-switch Smart Port Macro

Router# show parser macro name cisco-switch
Macro name : cisco-switch
Macro type : default interface
# macro keywords $NVID
# Do not apply to EtherChannel/Port Group
# Access Uplink to Distribution
 
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan (NVID) should not be 1
switchport
switchport trunk native vlan $NVID
 
# Update the allowed VLAN range (VRANGE) such that it
# includes data, voice and native VLANs
# switchport trunk allowed vlan VRANGE
 
# Hardcode trunk and disable negotiation to
# speed up convergence
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
 
# 802.1w defines the link as pt-pt for rapid convergence
spanning-tree link-type point-to-point
 
Router#

Applying the cisco-switch Smart Port Macro

To apply the cisco-switch smart port macro, perform this task:

 

Command
Purpose

Step 1

Router# configure terminal

Enters global configuration mode.

Step 2

Router(config)# interface type slot/port

Selects the interface to configure.

Step 3

Router(config-if)# macro apply cisco-switch $NVID native_vlan_ID

Applies the cisco-switch smart port macro. The recommended range for native_vlan_ID is 2–4094.

Step 4

Router(config-if)# end

Returns to privileged EXEC mode.

This example shows how to apply the cisco-switch smart port macro to Gigabit Ethernet port 1/4 with VLAN 4 specified as the native VLAN and how to verify the result:

Router# configure terminal
Router(config)# interface gigabitethernet 1/4
Router(config-if)# macro apply cisco-switch $NVID 4
Router(config-if)# end
Router# show parser macro description interface gigabitethernet 1/4
Interface Macro Description(s)
--------------------------------------------------------------
Gi1/4 cisco-switch
--------------------------------------------------------------
Router# show running-config interface gigabitethernet 1/4
Building configuration...
 
Current configuration : 247 bytes
!
interface GigabitEthernet1/4
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 4
switchport mode trunk
switchport nonegotiate
shutdown
macro description cisco-switch
spanning-tree link-type point-to-point
end
 
Router#

Using the cisco-router Smart Port Macro

Displaying the Contents of the cisco-router Smart Port Macro

Router# show parser macro name cisco-router
Macro name : cisco-router
Macro type : default interface
# macro keywords $NVID
# Do not apply to EtherChannel/Port Group
# Access Uplink to Distribution
switchport
 
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan (NVID) should not be 1
switchport trunk native vlan $NVID
 
# Update the allowed VLAN range (VRANGE) such that it
# includes data, voice and native VLANs
# switchport trunk allowed vlan VRANGE
 
# Hardcode trunk and disable negotiation to
# speed up convergence
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
 
# Configure qos to trust this interface
auto qos voip trust
platform qos trust dscp
 
# Ensure fast access to the network when enabling the interface.
# Ensure that switch devices cannot become active on the interface.
spanning-tree portfast
spanning-tree bpduguard enable
 
Router#

Applying the cisco-router Smart Port Macro

To apply the cisco-router smart port macro, perform this task:

 

Command
Purpose

Step 1

Router# configure terminal

Enters global configuration mode.

Step 2

Router(config)# interface type slot/port

Selects the interface to configure.

Step 3

Router(config-if)# macro apply cisco-router $NVID native_vlan_ID

Applies the cisco-router smart port macro. The recommended range for native_vlan_ID is 2–4094.

Step 4

Router(config-if)# end

Returns to privileged EXEC mode.

note.gif

Noteblank.gif The cisco-router smart port macro includes the auto qos voip trust command. When entered on a port configured with the switchport command, the auto qos voip trust command generates and applies the platform qos trust cos command to the port, but the cisco-router smart port macro changes the port trust state to trust DSCP with the platform qos trust dscp command. When you apply the cisco-router smart port macro, ignore messages that instruct you to enter the platform qos trust cos command on other ports controlled by the port ASIC.


This example shows how to apply the cisco-router smart port macro to Gigabit Ethernet port 1/5 and how to verify the result:

Router# configure terminal
Router(config)# interface gigabitethernet 1/5
Router(config-if)# macro apply cisco-router $NVID 5
Hardware QoS is enabled
Propagating cos-map to inband port
Propagating cos-map configuration to: [port list not shown]
 

[Output for other ports controlled by the same port ASIC omitted]

[Output from temporarily applied trust CoS command omitted]

%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
 
%Portfast has been configured on GigabitEthernet1/5 but will only
have effect when the interface is in a non-trunking mode.
Router(config-if)# end
Router# show parser macro description interface gigabitethernet 1/5
Interface Macro Description(s)
--------------------------------------------------------------
Gi1/5 cisco-router
--------------------------------------------------------------
Router# show running-config interface gigabitethernet 1/5
Building configuration...
 
Current configuration : 1228 bytes
!
interface GigabitEthernet1/5
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 5
switchport mode trunk
switchport nonegotiate
shutdown
wrr-queue bandwidth 20 100 200
 

[QoS queuing commands omitted: these vary according to port type]

platform qos trust dscp
auto qos voip trust
macro description cisco-router
spanning-tree portfast
spanning-tree bpduguard enable
end
 
Router#

Creating Smart Port Macros

Creating Smart Port Macros

To create a smart port macro, perform this task:

 

Command
Purpose

Step 1

Router# configure terminal

Enters global configuration mode.

Step 2

Router(config)# macro name macro-name

Creates a macro.

Macro names are case sensitive. For example, the commands macro name Sample-Macro and macro name sample-macro will result in two separate macros.

A macro definition can contain up to 3,000 characters. Line endings count as two characters.

There is no prompt displayed in macro creation mode.

Enter the macro commands on separate lines.

Use the # character at the beginning of a line to enter a comment within the macro.

Use the @ character to end the macro.

Do not use the exit or end commands or change the command mode with the interface interface-id in a macro. This could cause any commands following exit, end, or interface interface-id to execute in a different command mode. For best results, all commands in a macro should be in the same configuration mode.

Each user-created macro can have up to three keyword-value pairs.

Step 3

# macro keywords keyword1 keyword2 keyword3

(Optional) You can create a help string to describe the keywords that you define in the macro. You can enter up to three help string comments in a macro.

Step 4

end

Returns to privileged EXEC mode.

Step 5

show parser macro name macro-name

Verifies that the macro was created.

note.gif

Noteblank.gif The no form of the macro name global configuration command only deletes the macro definition. It does not affect the configuration of those interfaces on which the macro is already applied.


This example shows how to create a macro that defines the Layer 2 access VLAN and the number of secure MAC addresses and also includes two help string keywords by using # macro keywords :

Router(config)# macro name test
#macro keywords $VLANID $MAX
switchport access vlan $VLANID
switchport port-security maximum $MAX
@

Applying User-Created Smart Port Macros

To apply a smart port macro, perform this task:

 

Command
Purpose

Step 1

Router# configure terminal

Enters global configuration mode.

Step 2

Router(config)# default interface interface-id

(Optional) Clears all configuration from the specified interface.

Step 3

Router(config)# interface interface_id

(Required for interface macros.) Specifies the interface on which to apply the macro and enters interface configuration mode.

Step 4

Router(config)# macro [ global ] { apply | trace } macro-name [ keyword value ] [ keyword value ] [ keyword value ]

Applies or traces and applies each individual command defined in the macro.

For global macros:

  • To find any syntax or configuration errors, enter the macro global trace macro-name command to apply and debug the macro.
  • To display a list of any keyword-value pairs defined in the macro, enter the macro global apply macro-name ? command.

For interface macros:

  • To find any syntax or configuration errors, enter the macro trace macro-name command to apply and debug the macro.
  • To display a list of any keyword-value pairs defined in the macro, enter the macro apply macro-name ? command.

To successfully apply the macro, you must enter any required keyword-value pairs.

Keyword matching is case sensitive.

In the commands that the macro applies, all matching occurrences of keywords are replaced with the corresponding values.

Step 5

Router(config)# end

Returns to privileged EXEC mode.

You can delete a global macro-applied configuration on a switch only by entering the no version of each command that is in the macro. You can delete all configurations on an interface by entering the default interface interface_id interface configuration command.

This example shows how to apply the user-created macro called snmp, to set the host name address to test-server and to set the IP precedence value to 7:

Router(config)# macro global apply snmp ADDRESS test-server VALUE 7
 

This example shows how to debug the user-created macro called snmp by using the macro global trace global configuration command to find any syntax or configuration errors in the macro when it is applied to the switch:

Router(config)# macro global trace snmp VALUE 7
Applying command...‘snmp-server enable traps port-security’
Applying command...‘snmp-server enable traps linkup’
Applying command...‘snmp-server enable traps linkdown’
Applying command...‘snmp-server host’
%Error Unknown error.
Applying command...‘snmp-server ip precedence 7’
 

This example shows how to apply the user-created macro called desktop-config and to verify the configuration:

Router(config)# interface gigabitethernet1/2
Router(config-if)# macro apply desktop-config
Router(config-if)# end
Router# show parser macro description
Interface Macro Description
--------------------------------------------------------------
Gi1/2 desktop-config
--------------------------------------------------------------
 

This example shows how to apply the user-created macro called desktop-config and to replace all occurrences of vlan with VLAN ID 25:

Router(config-if)# macro apply desktop-config vlan 25

Verifying the Smart Port Macro Configuration

 

Table 4-2 Commands to Display Smartports Macros

Command
Purpose
show parser macro

Displays all configured macros.

show parser macro name macro-name

Displays a specific macro.

show parser macro brief

Displays the configured macro names.

show parser macro description [ interface interface-id ]

Displays the macro description for all interfaces or for a specified interface.


Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:

http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html

Participate in the Technical Documentation Ideas forum