Working in a datacenter, it is often required to apply the same intereface configuration on many ports; Cisco has an embedded useful command to do it: the smartports macros.
Smartports macros provide a convenient way to save and share common configurations. You can use Smartports macros to enable features and settings based on the location of a switch in the network and for mass configuration deployments across the network.
Each Smartports macro is a set of CLI commands that you define. Smartports macros do not contain new CLI commands; they are simply a group of existing CLI commands.
When you apply a Smartports macro on an interface, the CLI commands within the macro are configured on the interface. When the macro is applied to an interface, the existing interface configurations are not lost. The new commands are added to the interface and are saved in the running configuration file.
Use Smartports Macros
It’s easy to configure and to use smartports macros:
- configure smartports macros
- apply the smartports macros
- (optional) see smartports macros configuration
1. To create a smartport macro, use the command macro name ‘macro-name’; then enter the macro commands with one command per line. Use the @ character to end the macro. Use the # character at the beginning of a line to enter comment text within the macro. You can define keywords within a macro by using a help string to specify the keywords. Enter # macro keywords word to define the keywords that are available for use with the macro. Separated by a space, you can enter up to three help string keywords in a macro.
Remember:
- Macro names are case sensitive. For example, the commands macro name Sample-Macro and macro name sample-macro will result in two separate macros.
- A macro definition can contain up to 3000 characters.
2. To apply each individual command defined in the macro to the interface by entering macro apply ‘macro-name’. Specify macro trace ‘macro-name’ to apply and print each command before it is applied to the interface.
3. (optional) To display the Smartports macros, use one or more of the privileged EXEC commands.
- show parser macro: Displays all configured macros.
- show parser macro name ‘macro-name’: Displays a specific macro.
- show parser macro brief: Displays the configured macro names.
- show parser macro description ‘interface interface-id’: Displays the macro description for all interfaces or for a specified interface.
There are Cisco-default Smartports macros embedded in the switch software. You can display these macros and the commands they contain by using the show parser macro user EXEC command.
Cisco-Default Smartports Macros
- cisco-global: Use this global configuration macro to enable load balancing across VLANs, provide rapid convergence of spanning-tree instances and to enable port error recovery.
- cisco-desktop: Use this interface configuration macro for increased network security and reliability when connecting a desktop device, such as a PC, to a switch port.
- cisco-phone: Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP Phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.
- cisco-switch: Use this interface configuration macro when connecting an access switch and a distribution switch or between access switches connected using GigaStack modules or GBICs.
- cisco-router: Use this interface configuration macro when connecting the switch and a WAN router.
- cisco-lre-cpe: Use this interface configuration macro to optimize performance when the switch is installed in apartment buildings or hotels, or when it is used to deliver Video-on-Demand (VoD), or multicast video.
- cisco-wireless: Use this interface configuration macro when connecting the switch and a wireless access point.
Below the default smartports macros existing on my cisco Catalysy 2950 (IOS 12.1(22)EA8A):
Ciscozine#sh parser macro brief default global : cisco-global default interface: cisco-desktop default interface: cisco-phone default interface: cisco-switch default interface: cisco-router default interface: cisco-wireless Switch# Switch#sh parser macro Total number of macros = 6 -------------------------------------------------------------- Macro name : cisco-global Macro type : default global # Enable dynamic port error recovery for link state # failures errdisable recovery cause link-flap errdisable recovery interval 60 # Config Cos to DSCP mappings mls qos map cos-dscp 0 8 16 26 32 46 46 56 # Enable aggressive mode UDLD on all fiber uplinks udld aggressive # Enable Rapid PVST+ and Loopguard spanning-tree mode rapid-pvst spanning-tree loopguard default spanning-tree extend system-id -------------------------------------------------------------- Macro name : cisco-desktop Macro type : default interface # macro keywords $access_vlan # Basic interface - Enable data VLAN only # Recommended value for access vlan should not be 1 switchport access vlan $access_vlan switchport mode access # Enable port security limiting port to a single # MAC address -- that of desktop switchport port-security switchport port-security maximum 1 # Ensure port-security age is greater than one minute # and use inactivity timer switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity # Configure port as an edge network port spanning-tree portfast spanning-tree bpduguard enable # Remark all inbound data packets with COS=0 & DSCP =0 mls qos cos override -------------------------------------------------------------- Macro name : cisco-phone Macro type : default interface # Cisco IP phone + desktop template # macro keywords $access_vlan $voice_vlan # VoIP enabled interface - Enable data VLAN # and voice VLAN # Recommended value for access vlan should not be 1 switchport access vlan $access_vlan switchport mode access # Update the Voice VLAN value which should be # different from data VLAN # Recommended value for voice vlan should not be 1 switchport voice vlan $voice_vlan # Enable port security limiting port to a 2 MAC # addressess -- One for desktop and one for phone switchport port-security switchport port-security maximum 2 # Ensure port-security age is greater than one minute # and use inactivity timer switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity # Enable auto-qos to extend trust to attached Cisco phone auto qos voip cisco-phone # Configure port as an edge network port spanning-tree portfast spanning-tree bpduguard enable -------------------------------------------------------------- Macro name : cisco-switch Macro type : default interface # macro keywords $native_vlan # Access Uplink to Distribution # Do not apply to EtherChannel/Port Group # Define unique Native VLAN on trunk ports # Recommended value for native vlan should not be 1 switchport trunk native vlan $native_vlan # Update the allowed VLAN range (ALL) such that it # includes data, voice and native VLANs switchport trunk allowed vlan ALL # Hardcode trunk and disable negotiation to # speed up convergence switchport mode trunk switchport nonegotiate # Configure qos to trust this interface auto qos voip trust # 802.1w defines the link as pt-pt for rapid convergence spanning-tree link-type point-to-point -------------------------------------------------------------- Macro name : cisco-router Macro type : default interface # macro keywords $native_vlan # Access Uplink to Distribution # Define unique Native VLAN on trunk ports # Recommended value for native vlan should not be 1 switchport trunk native vlan $native_vlan # Update the allowed VLAN range (ALL) such that it # includes data, voice and native VLANs switchport trunk allowed vlan ALL # Hardcode trunk and disable negotiation to # speed up convergence switchport mode trunk switchport nonegotiate # Configure qos to trust this interface auto qos voip trust mls qos trust dscp # Ensure fast access to the network when enabling the interface. # Ensure that switch devices cannot become active on the interface. spanning-tree portfast trunk spanning-tree bpduguard enable -------------------------------------------------------------- Macro name : cisco-wireless Macro type : default interface # macro keywords $native_vlan # Access Uplink to Distribution # Define unique Native VLAN on trunk ports # Recommended native vlan should NOT be 1 switchport trunk native vlan $native_vlan # Update the allowed VLAN range such that it # includes data, voice and native VLANs switchport trunk allowed vlan ALL # Hardcode trunk and disable negotiation to speed up convergence switchport mode trunk switchport nonegotiate # Configure qos to trust this interface auto qos voip trust mls qos trust cos # Ensure that switch devices cannot become active on the interface. spanning-tree bpduguard enable -------------------------------------------------------------- Ciscozine#
Remember: Cisco-default Smartports macros vary depending on the software version running on your switch.
Smartports Macro Configuration Guidelines
- When creating a macro, do not use the exit or end commands or change the command mode by using interface interface-id. This could cause commands that follow exit, end, or interface interface-id to execute in a different command mode.
- When creating a macro, all CLI commands should be in the same configuration mode.
- When creating a macro that requires the assignment of unique values, use the parameter value keywords to designate values specific to the interface. Keyword matching is case sensitive. All matching occurrences of the keyword are replaced with the corresponding value. Any full match of a keyword, even if it is part of a larger string, is considered a match and is replaced by the corresponding value.
- Macro names are case sensitive. For example, the commands macro name Sample-Macro and macro name sample-macro will result in two separate macros.
- Some macros might contain keywords that require a parameter value. You can use the macro global apply macro-name ? global configuration command or the macro apply macro-name ? interface configuration command to display a list of any required values in the macro. If you apply a macro without entering the keyword values, the commands are invalid and are not applied.
- When a macro is applied globally to a switch or to a switch interface, all existing configuration on the interface is retained. This is helpful when applying an incremental configuration.
- If you modify a macro definition by adding or deleting commands, the changes are not reflected on the interface where the original macro was applied. You need to reapply the updated macro on the interface to apply the new or changed commands.
- You can use the macro global trace macro-name global configuration command or the macro trace macro-name interface configuration command to apply and debug a macro to find any syntax or configuration errors. If a command fails because of a syntax error or a configuration error, the macro continues to apply the remaining commands.
- Some CLI commands are specific to certain interface types. If a macro is applied to an interface that does not accept the configuration, the macro will fail the syntax check or the configuration check, and the switch will return an error message.
- Applying a macro to an interface range is the same as applying a macro to a single interface. When you use an interface range, the macro is applied sequentially to each interface within the range. If a macro command fails on one interface, it is still applied to the remaining interfaces.
- When you apply a macro to a switch or a switch interface, the macro name is automatically added to the switch or interface. You can display the applied commands and macro names by using the show running-config user EXEC command.
Example
In this example, I want to configure a smartport macro named ‘test’ to the fastethernet0/2; the macro will have these features:
- vlan $VLANID, where $VLANID is the parameter
switchport mode access switchport access vlan $VLANID
- only 1 mac-address per port
switchport port-security
- port-fast features
spanning-tree portfast
- speed 100
speed 100
- duplex full
duplex full
- no shutdown
no shut
1. The command executed to create the smartport macro are:
Ciscozine(config)#macro name test Enter macro commands one per line. End with the character '@'. switchport mode access switchport access vlan $VLANID switchport port-security spanning-tree portfast speed 100 duplex full no shut #macro keywords $VLANID @ Ciscozine(config)#
2. To apply the ‘test’ macro to fasthernet0/2:
Ciscozine(config)#inter fas0/2 Ciscozine(config-if)#macro trace test $VLANID 10 Applying command... 'switchport mode access' Applying command... 'switchport access vlan 10' Applying command... 'switchport port-security' Applying command... 'spanning-tree portfast' %Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION %Portfast has been configured on FastEthernet0/2 but will only have effect when the interface is in a non-trunking mode. Applying command... 'speed 100' Applying command... 'duplex full' Applying command... 'no shut' Ciscozine(config-if)#
3. To show the new macro and the fastethernet0/2 configuration:
Ciscozine(config)#do show parser macro name test Macro name : test Macro type : customizable switchport mode access switchport access vlan $VLANID switchport port-security spanning-tree portfast speed 100 duplex full no shut #macro keywords $VLANID Ciscozine(config)#do sh run int fas0/2 Building configuration... Current configuration : 182 bytes ! interface FastEthernet0/2 switchport access vlan 10 switchport mode access switchport port-security speed 100 duplex full macro description test spanning-tree portfast end Ciscozine(config)#
References: http://www.ciscosystems.com/…/guide/swmacro.html
Great Article! Never seen this before or ran into anyone that uses it – I’ve been doing copy/paste from text for 11 years only to find this now. So much of our daily configs are the same and now that we have implemented port security it’s become a longer task just to get one port up and running to standard.
Great article indeed! This was very helpful to me as I learn more about Cisco networking.
Question– I have an ASA 5505 that acts as the router and firewall on my network. Is it appropriate to apply a smartport role to the switch ports the ASA is connected to? If so, which role– switch or router?
Use “cisco-router” macro