Chapter 8: Speeding Configuration with Smartport Macros
In This Chapter
Defining and understanding the role of Smartport macros
Creating your own Smartport macros
Working with existing Smartport macros
Deleting macros and cleaning up your old work
For people who actually plan things out — which should be everyone out there — when implementing changes or deploying new network interfaces, Smartport macros can save you a lot of time. As you probably know from previous experience (for example, with the Microsoft Word macros), a macro allows you to record and store a series of steps that you can then replay or use later. A macro allows you to execute a keyboard shortcut or click a custom button to perform an entire series of steps with consistent results. In Microsoft Word, you might use a macro to insert your signature block at the end of a letter, to reformat a table, or to fill in a series of placeholders in a report with actual values stored in a different location.
Two of the main benefits of Smartport macros are related to speed and consistency. With a macro in hand, you can quickly and efficiently apply a specific configuration to a series of ports on your network switches with a minimal amount of effort, making configuration changes easier and quicker to implement and helping to ensure that configurations between ports are consistent. In this chapter, I walk you through the process of creating, applying, and monitoring your Smartport macros.
Viewing Existing Smartport Macros
To examine your existing Smartport macros, you use the ever-popular show
command — specifically, you use show parser macro
. This shows you how many macros are on the switch and exactly what commands are in those macros. Some of these macros are easy to execute, whereas others may require parameters to operate correctly.
Viewing macros using the brief option
The first version of this command that I show includes the brief
option, which lists the macros found on the system and illustrates the types of devices for which a macro can apply, in either Global Configuration mode or Interface Configuration mode.
Switch1>
enable
Switch1#
configure terminal
Switch1#
show parser macro brief
default global : cisco-global
default interface: cisco-desktop
default interface: cisco-phone
default interface: cisco-switch
default interface: cisco-router
default interface: cisco-wireless
Viewing macros without the brief option
If you do not use the brief
option, you see the following output related to all the macros found on your system. The output of the command includes a count of the macros, as well as full details about each macro, from its name to all the commands that make up the macro. This code sample is the output of the default macros found on an IOS 12.x Catalyst 2960 switch:
Switch1>
enable
Switch1#
configure terminal
Switch1#
show parser macro
Total number of macros = 6
--------------------------------------------------------------
Macro name : cisco-global
Macro type : default global
# Enable dynamic port error recovery for link state
# failures
errdisable recovery cause link-flap
errdisable recovery interval 60
# Enable aggressive mode UDLD on all fiber uplinks
udld aggressive
# Enable Rapid PVST+ and Loopguard
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
--------------------------------------------------------------
Macro name : cisco-desktop
Macro type : default interface
# macro keywords $access_vlan
# Basic interface - Enable data VLAN only
# Recommended value for access vlan should not be 1
switchport access vlan $access_vlan
switchport mode access
# Enable port security limiting port to a single
# MAC address -- that of desktop
switchport port-security
switchport port-security maximum 1
# Ensure port-security age is greater than one minute
# and use inactivity timer
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
# Configure port as an edge network port
spanning-tree portfast
spanning-tree bpduguard enable
# Remark all inbound data packets with COS=0 & DSCP =0
mls qos cos override
--------------------------------------------------------------
Macro name : cisco-phone
Macro type : default interface
# Cisco IP phone + desktop template
# macro keywords $access_vlan $voice_vlan
# VoIP enabled interface - Enable data VLAN
# and voice VLAN
# Recommended value for access vlan should not be 1
switchport access vlan $access_vlan
switchport mode access
# Update the Voice VLAN value which should be
# different from data VLAN
# Recommended value for voice vlan should not be 1
switchport voice vlan $voice_vlan
# Enable port security limiting port to 2 MAC
# addresses -- One for desktop and one for phone
switchport port-security
switchport port-security maximum 2
# Ensure port-security age is greater than one minute
# and use inactivity timer
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
# Enable qos to extend trust to attached Cisco phone
mls qos trust device cisco-phone
# Configure port as an edge network port
spanning-tree portfast
spanning-tree bpduguard enable
--------------------------------------------------------------
Macro name : cisco-switch
Macro type : default interface
# macro keywords $native_vlan
# Access Uplink to Distribution
# Do not apply to EtherChannel/Port Group
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan should not be 1
switchport trunk native vlan $native_vlan
# Update the allowed VLAN range (ALL) such that it
# includes data, voice and native VLANs
switchport trunk allowed vlan ALL
# Hardcode trunk and disable negotiation to
# speed up convergence
switchport mode trunk
switchport nonegotiate
# Configure qos to trust this interface
mls qos trust cos
# 802.1w defines the link as pt-pt for rapid convergence
spanning-tree link-type point-to-point
--------------------------------------------------------------
Macro name : cisco-router
Macro type : default interface
# macro keywords $native_vlan
# Access Uplink to Distribution
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan should not be 1
switchport trunk native vlan $native_vlan
# Update the allowed VLAN range (ALL) such that it
# includes data, voice and native VLANs
switchport trunk allowed vlan ALL
# Hardcode trunk and disable negotiation to
# speed up convergence
switchport mode trunk
switchport nonegotiate
# Configure qos to trust this interface
mls qos trust cos
# Ensure fast access to the network when enabling the interface.
# Ensure that switch devices cannot become active on the interface.
spanning-tree portfast trunk
spanning-tree bpduguard enable
--------------------------------------------------------------
Macro name : cisco-wireless
Macro type : default interface
# macro keywords $native_vlan
# Access Uplink to Distribution
# Define unique Native VLAN on trunk ports
# Recommended native vlan should NOT be 1
switchport trunk native vlan $native_vlan
# Update the allowed VLAN range such that it
# includes data, voice and native VLANs
switchport trunk allowed vlan ALL
# Hardcode trunk and disable negotiation to speed up convergence
switchport mode trunk
switchport nonegotiate
# Configure qos to trust this interface
mls qos trust cos
# Ensure that switch devices cannot become active on the interface.
spanning-tree bpduguard enable
--------------------------------------------------------------
That was a lot of data! Now imagine having to type in each set of configuration commands every time you wanted to configure a switch interface for another job role! Macros can save your limbs from unwanted carpal tunnel syndrome.
Viewing details for a single macro
To see the details for only one macro, rather than displaying all the macros every time, use the name
option, as shown here, to display just the cisco-desktop
macro:
Switch1>
enable
Switch1#
show parser macro name cisco-desktop
Macro name : cisco-desktop
Macro type : default interface
# macro keywords $access_vlan
# Basic interface - Enable data VLAN only
# Recommended value for access vlan should not be 1
switchport access vlan $access_vlan
switchport mode access
# Enable port security limiting port to a single
# MAC address -- that of desktop
switchport port-security
switchport port-security maximum 1
# Ensure port-security age is greater than one minute
# and use inactivity timer
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
# Configure port as an edge network port
spanning-tree portfast
spanning-tree bpduguard enable
# Remark all inbound data packets with COS=0 & DSCP =0
mls qos cos override
Working with Macros
Macros are a great time saving tool for you to use to help with your switch configurations. To make them even more powerful, I will show you how to create your own macros from scratch. Before I dive into showing you how to create your macro, you need to be aware of a few things, such as the rules that Cisco has regarding macros.
Before boring you with Cisco’s rules though, you should note the following things about macros:
• When a macro is applied to an interface, all existing configuration on the interface is retained. This is not a total replacement of the configuration, but an augmentation to the existing configuration.
• A macro can contain up to 3,000 characters of text. This is not as limiting as a tweet, say, but it does mean that you need to pay attention to what you want to accomplish and get to the point with your macro.
• Macros are case-sensitive, so watch your use of case in the macro name. For example, MyMacro is not the same macro as Mymacro or mymacro, all of which could perform completely different operations.
• They will not tie your shoes for you.
Rules for creating your own Smartport macro
You have a lot of latitude when using Smartport macros, but here are a few Do not’s!
• You are not allowed to use exit
or end
, which would exit you from Interface Configuration mode or Global Configuration mode. The macro needs to run in the context of one interface.
• Similar to the previous rule, you are not allowed to change the command mode with a command such as the interface
command. All commands for a macro need to execute in the current command mode.
• To create a macro, you need to enter the Macro Editor mode using the macro name
command.
• When you want to complete your macro, end it with an @ symbol.
• You use the # sign to issue a comment line within a macro. Use comment lines to identify the purpose of your macro statements.
Smartport macros and parameters
When working with Smartport macros, you have the option of creating parameters to use within the macros. You identify these parameters in the macro by using the macro keywords
directive in your macro. When you run this macro you will use the macro apply
command to provide the macro your parameters. By using parameters, you can make your macros much more flexible and useful.
Creating a sample macro
You are now ready to create a macro; I created Awesome_Macro for this purpose. This macro uses parameters and assigns some of the settings that are applied with the cisco-desktop
macro in the earlier “Viewing details for a single macro” section.
Switch1>
enable
Switch1#
configure terminal
Switch1(config)#
macro name Awesome_Macro
Enter macro commands one per line. End with the character ‘@’.
# macro keywords $VLAN_ID
# Basic interface - Enable data VLAN only
# Recommended value for VLAN_ID should not be 1
switchport access vlan $VLAN_ID
switchport mode access
# Configure port as an edge network port
spanning-tree bpduguard enable
@
Switch1(config)#
exit
Switch1#
show parser macro name Awesome_Macro
Macro name : Awesome_Macro
Macro type : customizable
# macro keywords $VLAN_ID
# Basic interface - Enable data VLAN only
# Recommended value for VLAN_ID should not be 1
switchport access vlan $VLAN_ID
switchport mode access
# Configure port as an edge network port
spanning-tree bpduguard enable
Applying a Smartport macro to an interface
Applying a macro to an interface is as easy as creating a macro. You can apply a macro to either a single interface or a range of interfaces. When you apply a macro to an interface range, the macro is individually applied to each interface in the range, sequentially. Even if the macro fails to be applied to an interface, the processing will continue on the other interfaces in the range.
First, look at the interface to which you want to apply Awesome_Macro (in my case interface FastEthernet0/4
) to see whether any configuration is currently applied to the interface. The interface is completely unconfigured, as seen by the lack of commands between the lines interface FastEthernet0/4
and end
.
Switch1>
enable
Switch1#
show running-config interface FastEthernet 0/4
Building configuration...
Current configuration : 33 bytes
!
interface FastEthernet0/4
end
To apply a Smartport macro to an interface, you access Interface Configuration mode on the interface to which you want to apply the macro. As shown in the following output, you use the macro apply
command to apply a specific macro to the selected interface. In the following example, notice how the VLAN_ID
parameter is applied, as well as how it is identified when using the context-sensitive help (first shown in Book I, Chapter 5).
Switch1>
enable
Switch1#
configure terminal
Switch1(config)#
interface FastEthernet 0/4
Switch1(config-if)#
macro apply Awesome_Macro ?
WORD Keyword to replace with a value e.g. $VLAN_ID
<cr>
Switch1(config-if)#
macro apply Awesome_Macro $VLAN_ID 5
Switch1(config-if)#
end
Viewing ports that are using your macro
With the macro applied, you now may be curious to find out which ports are using the new macro. To do so, use the following command, which lists exactly what macro(s) have been applied to which ports:
Switch1>
enable
Switch1#
configure terminal
Switch1#
show parser macro description
Global Macro(s): cisco-global
Interface Macro Description(s)
--------------------------------------------------------------
Fa0/4 Awesome_Macro
Fa0/7 cisco-switch
Fa0/12 cisco-router
--------------------------------------------------------------
In reverse, you can use the show
command to find out which macros are applied to a specific port, as illustrated here:
Switch1>
enable
Switch1#
configure terminal
Switch1#
show parser macro description interface FastEthernet 0/4
Global Macro(s): cisco-global
Interface Macro Description(s)
--------------------------------------------------------------
Fa0/4 Awesome_Macro
--------------------------------------------------------------
Now that you know that Awesome_Macro is applied to interface FastEthernet 0/4
, you can review the running-config
and see exactly what has been applied. Notice that in addition to the actual macro commands, one additional line appears in the interface configuration: the macro description
line. This additional line names the macro that has been applied to the port.
Switch1>
enable
Switch1#
configure terminal
Switch1#
show running-config interface FastEthernet 0/4
Building configuration...
Current configuration : 326 bytes
!
interface FastEthernet0/4
switchport access vlan 5
switchport mode access
macro description Awesome_Macro
spanning-tree portfast
spanning-tree bpduguard enable
end
Removing a macro
Removing a macro from an interface is a little more complicated than applying it in the first place. Nevertheless, you can easily remove the macro from the switch. To remove Awesome_Macro from the switch, use the following command:
Switch1>
enable
Switch1#
configure terminal
Switch1#
no macro Awesome_Macro
The no macro Awesome_Macro
command does not remove the macro configuration from the interfaces where it has already been applied, it only deletes the macro. To remove the commands from where they were applied, you can either reset the interface to the default configuration using a command such as default interface
or create a reversal macro that has a no
command for every macro command. The latter option increases the number of macros that exist on the switch because you will have both a macro and a reversing macro but this allows you to be surgical in removing the macro configuration. Here you reset interface FastEthernet 0/4
to the default configuration.
Switch1>
enable
Switch1#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch1(config)#
default interface FastEthernet 0/4
Interface FastEthernet0/4 set to default configuration
Switch1(config)#
end
To verify that the interface has been reset to the factory default configuration, use the show running-config
.
Switch1>
enable
Switch1#
show running-config interface FastEthernet 0/4
Building configuration...
Current configuration : 33 bytes
!
interface FastEthernet0/4
end