Chapter 8: Speeding Configuration with Smartport Macros

In This Chapter

Defining and understanding the role of Smartport macros

Creating your own Smartport macros

Working with existing Smartport macros

Deleting macros and cleaning up your old work

For people who actually plan things out — which should be everyone out there — when implementing changes or deploying new network interfaces, Smartport macros can save you a lot of time. As you probably know from previous experience (for example, with the Microsoft Word macros), a macro allows you to record and store a series of steps that you can then replay or use later. A macro allows you to execute a keyboard shortcut or click a custom button to perform an entire series of steps with consistent results. In Microsoft Word, you might use a macro to insert your signature block at the end of a letter, to reformat a table, or to fill in a series of placeholders in a report with actual values stored in a different location.

Two of the main benefits of Smartport macros are related to speed and consistency. With a macro in hand, you can quickly and efficiently apply a specific configuration to a series of ports on your network switches with a minimal amount of effort, making configuration changes easier and quicker to implement and helping to ensure that configurations between ports are consistent. In this chapter, I walk you through the process of creating, applying, and monitoring your Smartport macros.

In Book III, Chapter 3, where I introduce the concept of Smartport macros, you examine Smartport macros from the perspective of the web-based management GUI. This chapter discusses how you can modify Smartport macros and use them in many more ways.

If every network interface you bring up is a custom job, and you find yourself using a ton of macros, consider making your network design standardized and start using macros to reach a goal of network standardization.

Viewing Existing Smartport Macros

To examine your existing Smartport macros, you use the ever-popular show command — specifically, you use show parser macro. This shows you how many macros are on the switch and exactly what commands are in those macros. Some of these macros are easy to execute, whereas others may require parameters to operate correctly.

Viewing macros using the brief option

The first version of this command that I show includes the brief option, which lists the macros found on the system and illustrates the types of devices for which a macro can apply, in either Global Configuration mode or Interface Configuration mode.

Switch1> enable

Switch1# configure terminal

Switch1#show parser macro brief

    default global   : cisco-global

    default interface: cisco-desktop

    default interface: cisco-phone

    default interface: cisco-switch

    default interface: cisco-router

    default interface: cisco-wireless

Viewing macros without the brief option

If you do not use the brief option, you see the following output related to all the macros found on your system. The output of the command includes a count of the macros, as well as full details about each macro, from its name to all the commands that make up the macro. This code sample is the output of the default macros found on an IOS 12.x Catalyst 2960 switch:

Switch1> enable

Switch1# configure terminal

Switch1# show parser macro

Total number of macros = 6

--------------------------------------------------------------

Macro name : cisco-global

Macro type : default global

# Enable dynamic port error recovery for link state

# failures

errdisable recovery cause link-flap

errdisable recovery interval 60

# Enable aggressive mode UDLD on all fiber uplinks

udld aggressive

# Enable Rapid PVST+ and Loopguard

spanning-tree mode rapid-pvst

spanning-tree loopguard default

spanning-tree extend system-id

--------------------------------------------------------------

Macro name : cisco-desktop

Macro type : default interface

# macro keywords $access_vlan

# Basic interface - Enable data VLAN only

# Recommended value for access vlan should not be 1

switchport access vlan $access_vlan

switchport mode access

# Enable port security limiting port to a single

# MAC address -- that of desktop

switchport port-security

switchport port-security maximum 1

# Ensure port-security age is greater than one minute

# and use inactivity timer

switchport port-security violation restrict

switchport port-security aging time 2

switchport port-security aging type inactivity

# Configure port as an edge network port

spanning-tree portfast

spanning-tree bpduguard enable

# Remark all inbound data packets with COS=0 & DSCP =0

mls qos cos override

--------------------------------------------------------------

Macro name : cisco-phone

Macro type : default interface

# Cisco IP phone + desktop template

# macro keywords $access_vlan $voice_vlan

# VoIP enabled interface - Enable data VLAN

# and voice VLAN

# Recommended value for access vlan should not be 1

switchport access vlan $access_vlan

switchport mode access

# Update the Voice VLAN value which should be

# different from data VLAN

# Recommended value for voice vlan should not be 1

switchport voice vlan $voice_vlan

# Enable port security limiting port to 2 MAC

# addresses -- One for desktop and one for phone

switchport port-security

switchport port-security maximum 2

# Ensure port-security age is greater than one minute

# and use inactivity timer

switchport port-security violation restrict

switchport port-security aging time 2

switchport port-security aging type inactivity

# Enable qos to extend trust to attached Cisco phone

mls qos trust device cisco-phone

# Configure port as an edge network port

spanning-tree portfast

spanning-tree bpduguard enable

--------------------------------------------------------------

Macro name : cisco-switch

Macro type : default interface

# macro keywords $native_vlan

# Access Uplink to Distribution

# Do not apply to EtherChannel/Port Group

# Define unique Native VLAN on trunk ports

# Recommended value for native vlan should not be 1

switchport trunk native vlan $native_vlan

# Update the allowed VLAN range (ALL) such that it

# includes data, voice and native VLANs

switchport trunk allowed vlan ALL

# Hardcode trunk and disable negotiation to

# speed up convergence

switchport mode trunk

switchport nonegotiate

# Configure qos to trust this interface

mls qos trust cos

# 802.1w defines the link as pt-pt for rapid convergence

spanning-tree link-type point-to-point

--------------------------------------------------------------

Macro name : cisco-router

Macro type : default interface

# macro keywords $native_vlan

# Access Uplink to Distribution

# Define unique Native VLAN on trunk ports

# Recommended value for native vlan should not be 1

switchport trunk native vlan $native_vlan

# Update the allowed VLAN range (ALL) such that it

# includes data, voice and native VLANs

switchport trunk allowed vlan ALL

# Hardcode trunk and disable negotiation to

# speed up convergence

switchport mode trunk

switchport nonegotiate

# Configure qos to trust this interface

mls qos trust cos

# Ensure fast access to the network when enabling the interface.

# Ensure that switch devices cannot become active on the interface.

spanning-tree portfast trunk

spanning-tree bpduguard enable

--------------------------------------------------------------

Macro name : cisco-wireless

Macro type : default interface

# macro keywords $native_vlan

# Access Uplink to Distribution

# Define unique Native VLAN on trunk ports

# Recommended native vlan should NOT be 1

switchport trunk native vlan $native_vlan

# Update the allowed VLAN range such that it

# includes data, voice and native VLANs

switchport trunk allowed vlan ALL

# Hardcode trunk and disable negotiation to speed up convergence

switchport mode trunk

switchport nonegotiate

# Configure qos to trust this interface

mls qos trust cos

# Ensure that switch devices cannot become active on the interface.

spanning-tree bpduguard enable

--------------------------------------------------------------

That was a lot of data! Now imagine having to type in each set of configuration commands every time you wanted to configure a switch interface for another job role! Macros can save your limbs from unwanted carpal tunnel syndrome.

Viewing details for a single macro

To see the details for only one macro, rather than displaying all the macros every time, use the name option, as shown here, to display just the cisco-desktop macro:

Switch1> enable

Switch1#show parser macro name cisco-desktop

Macro name : cisco-desktop

Macro type : default interface

# macro keywords $access_vlan

# Basic interface - Enable data VLAN only

# Recommended value for access vlan should not be 1

switchport access vlan $access_vlan

switchport mode access

# Enable port security limiting port to a single

# MAC address -- that of desktop

switchport port-security

switchport port-security maximum 1

# Ensure port-security age is greater than one minute

# and use inactivity timer

switchport port-security violation restrict

switchport port-security aging time 2

switchport port-security aging type inactivity

# Configure port as an edge network port

spanning-tree portfast

spanning-tree bpduguard enable

# Remark all inbound data packets with COS=0 & DSCP =0

mls qos cos override

Working with Macros

Macros are a great time saving tool for you to use to help with your switch configurations. To make them even more powerful, I will show you how to create your own macros from scratch. Before I dive into showing you how to create your macro, you need to be aware of a few things, such as the rules that Cisco has regarding macros.

Before boring you with Cisco’s rules though, you should note the following things about macros:

• When a macro is applied to an interface, all existing configuration on the interface is retained. This is not a total replacement of the configuration, but an augmentation to the existing configuration.

• A macro can contain up to 3,000 characters of text. This is not as limiting as a tweet, say, but it does mean that you need to pay attention to what you want to accomplish and get to the point with your macro.

• Macros are case-sensitive, so watch your use of case in the macro name. For example, MyMacro is not the same macro as Mymacro or mymacro, all of which could perform completely different operations.

• They will not tie your shoes for you.

Rules for creating your own Smartport macro

You have a lot of latitude when using Smartport macros, but here are a few Do not’s!

• You are not allowed to use exit or end, which would exit you from Interface Configuration mode or Global Configuration mode. The macro needs to run in the context of one interface.

• Similar to the previous rule, you are not allowed to change the command mode with a command such as the interface command. All commands for a macro need to execute in the current command mode.

• To create a macro, you need to enter the Macro Editor mode using the macro name command.

• When you want to complete your macro, end it with an @ symbol.

• You use the # sign to issue a comment line within a macro. Use comment lines to identify the purpose of your macro statements.

Smartport macros and parameters

When working with Smartport macros, you have the option of creating parameters to use within the macros. You identify these parameters in the macro by using the macro keywords directive in your macro. When you run this macro you will use the macro apply command to provide the macro your parameters. By using parameters, you can make your macros much more flexible and useful.

Creating a sample macro

You are now ready to create a macro; I created Awesome_Macro for this purpose. This macro uses parameters and assigns some of the settings that are applied with the cisco-desktop macro in the earlier “Viewing details for a single macro” section.

Switch1> enable

Switch1# configure terminal

Switch1(config)# macro name Awesome_Macro

Enter macro commands one per line. End with the character ‘@’.

# macro keywords $VLAN_ID

# Basic interface - Enable data VLAN only

# Recommended value for VLAN_ID should not be 1

switchport access vlan $VLAN_ID

switchport mode access

# Configure port as an edge network port

spanning-tree bpduguard enable

@

Switch1(config)#exit

Switch1#show parser macro name Awesome_Macro

Macro name : Awesome_Macro

Macro type : customizable

# macro keywords $VLAN_ID

# Basic interface - Enable data VLAN only

# Recommended value for VLAN_ID should not be 1

switchport access vlan $VLAN_ID

switchport mode access

# Configure port as an edge network port

spanning-tree bpduguard enable

After creating the Smartport macro, use the show command to verify that the macro was typed correctly.

Applying a Smartport macro to an interface

Applying a macro to an interface is as easy as creating a macro. You can apply a macro to either a single interface or a range of interfaces. When you apply a macro to an interface range, the macro is individually applied to each interface in the range, sequentially. Even if the macro fails to be applied to an interface, the processing will continue on the other interfaces in the range.

First, look at the interface to which you want to apply Awesome_Macro (in my case interface FastEthernet0/4) to see whether any configuration is currently applied to the interface. The interface is completely unconfigured, as seen by the lack of commands between the lines interface FastEthernet0/4 and end.

Switch1> enable

Switch1#show running-config interface FastEthernet 0/4

Building configuration...

Current configuration : 33 bytes

!

interface FastEthernet0/4

end

To apply a Smartport macro to an interface, you access Interface Configuration mode on the interface to which you want to apply the macro. As shown in the following output, you use the macro apply command to apply a specific macro to the selected interface. In the following example, notice how the VLAN_ID parameter is applied, as well as how it is identified when using the context-sensitive help (first shown in Book I, Chapter 5).

Switch1> enable

Switch1# configure terminal

Switch1(config)#interface FastEthernet 0/4

Switch1(config-if)#macro apply Awesome_Macro ?

  WORD  Keyword to replace with a value e.g. $VLAN_ID

  <cr>

Switch1(config-if)# macro apply Awesome_Macro $VLAN_ID 5

Switch1(config-if)#end

Viewing ports that are using your macro

With the macro applied, you now may be curious to find out which ports are using the new macro. To do so, use the following command, which lists exactly what macro(s) have been applied to which ports:

Switch1> enable

Switch1# configure terminal

Switch1#show parser macro description

Global Macro(s): cisco-global

Interface    Macro Description(s)

--------------------------------------------------------------

Fa0/4        Awesome_Macro

Fa0/7        cisco-switch

Fa0/12       cisco-router

--------------------------------------------------------------

In reverse, you can use the show command to find out which macros are applied to a specific port, as illustrated here:

Switch1> enable

Switch1# configure terminal

Switch1#show parser macro description interface FastEthernet 0/4

Global Macro(s): cisco-global

Interface    Macro Description(s)

--------------------------------------------------------------

Fa0/4        Awesome_Macro

--------------------------------------------------------------

Now that you know that Awesome_Macro is applied to interface FastEthernet 0/4, you can review the running-config and see exactly what has been applied. Notice that in addition to the actual macro commands, one additional line appears in the interface configuration: the macro description line. This additional line names the macro that has been applied to the port.

Switch1> enable

Switch1# configure terminal

Switch1#show running-config interface FastEthernet 0/4

Building configuration...

Current configuration : 326 bytes

!

interface FastEthernet0/4

switchport access vlan 5

switchport mode access

macro description Awesome_Macro

spanning-tree portfast

spanning-tree bpduguard enable

end

Removing a macro

Removing a macro from an interface is a little more complicated than applying it in the first place. Nevertheless, you can easily remove the macro from the switch. To remove Awesome_Macro from the switch, use the following command:

Switch1> enable

Switch1# configure terminal

Switch1# no macro Awesome_Macro

The no macro Awesome_Macro command does not remove the macro configuration from the interfaces where it has already been applied, it only deletes the macro. To remove the commands from where they were applied, you can either reset the interface to the default configuration using a command such as default interface or create a reversal macro that has a no command for every macro command. The latter option increases the number of macros that exist on the switch because you will have both a macro and a reversing macro but this allows you to be surgical in removing the macro configuration. Here you reset interface FastEthernet 0/4 to the default configuration.

Switch1> enable

Switch1# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Switch1(config)# default interface FastEthernet 0/4

Interface FastEthernet0/4 set to default configuration

Switch1(config)#end

To verify that the interface has been reset to the factory default configuration, use the show running-config.

Switch1> enable

Switch1# show running-config interface FastEthernet 0/4

Building configuration...

Current configuration : 33 bytes

!

interface FastEthernet0/4

end