What is a smartport macro?
Let's assume that you have some devices and you plan to connect it to your network, you have some switch ports where you are going to plug this devices. You also have some configuration for this kind of device and any time you plug this device on an appropriate port this this configuration should be applied after link-up. Of cource after link-down you wish the configuration to be deleted from this port.
In everyday scenario this devices are switches, routers, IPphones, access points, IPcameras, printers, laptops or desktops and any devices that have an Ethernet network adapter.
Smartport macros allow you to achieve the goal.
For a little lab we have a simple scenario.
Scenario 1:
" There are some access cisco-switches with default configuration that we should connect to our network in our offices around the world. You need to configure interfaces where you are going to plug these devices and here are some smartport macros that can really help you."
How it works:
Smartport macro
Device Classifier (DC) enabled by default. DC helps you to recognize a device. Every device can have parameters such a CDP TLVs or LLDP TLVs or you can use 802.1x to authenticate some device. Any Ethernet device have a MAC-address.
There are some built-in cisco device classifications based on CDP TLVs such as :
SWITCH_1#sh macro auto device ?
access-point Display auto configuration information for the autonomous
access point
ip-camera Display auto configuration information for the video
surveillance camera
lightweight-ap Display auto configuration information for the light weight
access point
media-player Display auto configuration information for the digital media
player
phone Display auto configuration information for the phone device
router Display auto configuration information for the router device
switch Display auto configuration information for the switch device
| Output modifiers
<cr>
access-point Display auto configuration information for the autonomous
access point
ip-camera Display auto configuration information for the video
surveillance camera
lightweight-ap Display auto configuration information for the light weight
access point
media-player Display auto configuration information for the digital media
player
phone Display auto configuration information for the phone device
router Display auto configuration information for the router device
switch Display auto configuration information for the switch device
| Output modifiers
<cr>
To recognize and classify non-Cisco devices you can use LLDP's TLVs, 802.1x messages or user-defined MAC-address groups (for devices which doesn't support 802.1x and LLDP such as printers).
Let's return to our scenario.
In our case the SWITCH classifier is that we need!
SWITCH_1#sh macro auto device switch
Device:switch
Default Macro:CISCO_SWITCH_AUTO_SMARTPORT
Current Macro:CISCO_SWITCH_AUTO_SMARTPORT
Configurable Parameters:NATIVE_VLAN
Defaults Parameters:NATIVE_VLAN=1
Current Parameters:No Parameters
Device:switch
Default Macro:CISCO_SWITCH_AUTO_SMARTPORT
Current Macro:CISCO_SWITCH_AUTO_SMARTPORT
Configurable Parameters:NATIVE_VLAN
Defaults Parameters:NATIVE_VLAN=1
Current Parameters:No Parameters
It is very interesting what exactly configuration this macro include:
SWITCH_1#show parser macro name cisco-switch
Macro name : cisco-switch
Macro type : default interface
# macro keywords $native_vlan
# Access Uplink to Distribution
# Do not apply to EtherChannel/Port Group
switchport trunk encapsulation dot1q
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan should not be 1
switchport trunk native vlan $native_vlan
# Update the allowed VLAN range such that it
# includes data, voice and native VLANs
switchport trunk allowed vlan ALL
# Hardcode trunk
switchport mode trunk
# Configure qos to trust this interface
auto qos voip trust
# 802.1w defines the link as pt-pt for rapid convergence
spanning-tree link-type point-to-point
Macro name : cisco-switch
Macro type : default interface
# macro keywords $native_vlan
# Access Uplink to Distribution
# Do not apply to EtherChannel/Port Group
switchport trunk encapsulation dot1q
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan should not be 1
switchport trunk native vlan $native_vlan
# Update the allowed VLAN range such that it
# includes data, voice and native VLANs
switchport trunk allowed vlan ALL
# Hardcode trunk
switchport mode trunk
# Configure qos to trust this interface
auto qos voip trust
# 802.1w defines the link as pt-pt for rapid convergence
spanning-tree link-type point-to-point
By default NATIVE_VLAN=1 but you can change this:
SWITCH_1(config)#macro auto device switch ?
LINE Provide optional parameters of form [Parameters name=value]
<cr>
SWITCH_1(config)#macro auto device switch NATIVE_VALN=7 <-----Here you should be careful: parameter's value is case sensitive (mistake will cause missing this string of config
<cr>
SWITCH_1(config)#macro auto device switch NATIVE_VALN=7 <-----Here you should be careful: parameter's value is case sensitive (mistake will cause missing this string of config
Verify it:
SWITCH_1#show macro auto device switch
Device:switch
Default Macro:CISCO_SWITCH_AUTO_SMARTPORT
Current Macro:CISCO_SWITCH_AUTO_SMARTPORT
Configurable Parameters:NATIVE_VLAN
Defaults Parameters:NATIVE_VLAN=1
Current Parameters:NATIVE_VALN=7
SWITCH_1#show macro auto device switch
Device:switch
Default Macro:CISCO_SWITCH_AUTO_SMARTPORT
Current Macro:CISCO_SWITCH_AUTO_SMARTPORT
Configurable Parameters:NATIVE_VLAN
Defaults Parameters:NATIVE_VLAN=1
Current Parameters:NATIVE_VALN=7
Now you need apply this macro to appropriate interfaces:
By default autosmartport macro processing is disabled globally, but enabled per port
If you do not want every port to be configured by autosmartport macro you should disable it per port:
SWITCH_1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SWITCH_1(config)#int range gi 1/0/1-28 <---cause all interfaces
SWITCH_1(config-if-range)# no macro auto processing <-----disable processing smartport macro per interface
SWITCH_1(config-if-range)#exit
Enter configuration commands, one per line. End with CNTL/Z.
SWITCH_1(config)#int range gi 1/0/1-28 <---cause all interfaces
SWITCH_1(config-if-range)# no macro auto processing <-----disable processing smartport macro per interface
SWITCH_1(config-if-range)#exit
As you could see above there are some default profiles and you can specify what profile can or can not be applied on a port
SWITCH_1(config-if)#macro auto control device switch <----with this command smartport macro will be applied only when appropriate CDP TLV value will be "switch" but not "router" or "IPphone"
SWITCH_1(config)#macro auto global processing <----globally enable processing
After plugging your device and waiting at least one CDP massage receive:
*Mar 23 00:00:48.628: %AUTOSMARTPORT-5-INSERT: Device Switch detected on interface GigabitEthernet1/0/27, executed CISCO_SWITCH_EVENT
*Mar 23 00:00:49.501: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/27, changed state to down
*Mar 23 00:00:52.378: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/27, changed state to up
*Mar 23 00:00:49.501: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/27, changed state to down
*Mar 23 00:00:52.378: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/27, changed state to up
SWITCH_1#sh run int gi 1/0/27
Building configuration...
Current configuration : 318 bytes
!
interface GigabitEthernet1/0/27
switchport trunk encapsulation dot1q
switchport trunk native vlan 7
switchport mode trunk
speed nonegotiate
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
auto qos trust
macro description CISCO_SWITCH_EVENT
macro auto control device switch
end
Building configuration...
Current configuration : 318 bytes
!
interface GigabitEthernet1/0/27
switchport trunk encapsulation dot1q
switchport trunk native vlan 7
switchport mode trunk
speed nonegotiate
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
auto qos trust
macro description CISCO_SWITCH_EVENT
macro auto control device switch
end
Here you can see CSICO_SWITCH_EVENT related with macro description.
Use show shell trigger command and show shell function to see relation between trigger , macro and parameters:
SWITCH_1#sh shell trigger | b CISCO_SWITCH_EVENT
Trigger Id: CISCO_SWITCH_EVENT
Trigger description: Switch device event to apply port configuration
Trigger environment: Parameters that can be set in the shell - $NATIVE_VLAN=(1), The value in the parenthesis is a default value
Trigger mapping function: CISCO_SWITCH_AUTO_SMARTPORT
Trigger Id: CISCO_SWITCH_EVENT
Trigger description: Switch device event to apply port configuration
Trigger environment: Parameters that can be set in the shell - $NATIVE_VLAN=(1), The value in the parenthesis is a default value
Trigger mapping function: CISCO_SWITCH_AUTO_SMARTPORT
SWITCH_1#sh shell functions CISCO_SWITCH_AUTO_SMARTPORT
function CISCO_SWITCH_AUTO_SMARTPORT () {
if [[ $LINKUP -eq YES ]]; then
conf t
interface $INTERFACE
macro description $TRIGGER
auto qos voip trust
switchport trunk encapsulation dot1q
switchport trunk native vlan $NATIVE_VLAN
switchport trunk allowed vlan ALL
switchport mode trunk
exit
end
else
conf t
interface $INTERFACE
no macro description
no auto qos voip trust
no switchport mode trunk
no switchport trunk encapsulation dot1q
no switchport trunk native vlan $NATIVE_VLAN
no switchport trunk allowed vlan ALL
exit
end
fi
}
SWITCH_1#
function CISCO_SWITCH_AUTO_SMARTPORT () {
if [[ $LINKUP -eq YES ]]; then
conf t
interface $INTERFACE
macro description $TRIGGER
auto qos voip trust
switchport trunk encapsulation dot1q
switchport trunk native vlan $NATIVE_VLAN
switchport trunk allowed vlan ALL
switchport mode trunk
exit
end
else
conf t
interface $INTERFACE
no macro description
no auto qos voip trust
no switchport mode trunk
no switchport trunk encapsulation dot1q
no switchport trunk native vlan $NATIVE_VLAN
no switchport trunk allowed vlan ALL
exit
end
fi
}
SWITCH_1#
Scenario 2
Suppose you disabled CDP for security purposes or your access switches, laptops or another devices are not CISCO-devices not LLDP-capable devices:
You can configure mac address group to be a trigger event:
SWITCH_1(config)#macro auto mac-address-group ?
WORD Auto Smart Ports MAC address-group name
WORD Auto Smart Ports MAC address-group name
SWITCH_1(config)#macro auto mac-address-group MY_ACCESS_SWITCHES
SWITCH_1(config-addr-grp-mac)#mac-address list 0012.d986.ae83 <----------------------mac address of your device
SWITCH_1(config-addr-grp-mac)#mac-address list 0012.d986.ae83 <----------------------mac address of your device
SWITCH_1#sh macro auto address-group
MAC Address Group Configuration:
Group Name OUI MAC ADDRESS
--------------------------------------------------------------
MY_ROUTERS 0001.0001.0001
MY_ACCESS_SWITCHES 0012.D986.AE83
CISCO_DMP_EVENT 0023.AC
000F.44
MAC Address Group Configuration:
Group Name OUI MAC ADDRESS
--------------------------------------------------------------
MY_ROUTERS 0001.0001.0001
MY_ACCESS_SWITCHES 0012.D986.AE83
CISCO_DMP_EVENT 0023.AC
000F.44
You can make per-interface control how to classify devices:
SWITCH_1(config-if)#macro auto control ?
detection Enable device detection based on methods like cdp or lldp
device Enable macro auto execution for devices
trigger Enable macro auto execution for configured triggers
SWITCH_1(config-if)#macro auto control detection mac-address ?
cdp Enable cdp based auto configuration
lldp Enable lldp based auto configuration
<cr>
SWITCH_1(config-if)#macro auto control detection mac-address
SWITCH_1(config-if)#do sh run int gi 1/0/27
Building configuration...
Current configuration : 102 bytes
!
interface GigabitEthernet1/0/27
speed nonegotiate
macro auto control detection mac-address
end
SWITCH_1(config-if)#do sh mac add dyn int gi 1/0/27
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0012.d986.ae83 DYNAMIC Gi1/0/27
Total Mac Addresses for this criterion: 1
Verify mac-address-group we created
SWITCH_1#sh macro auto ?
address-group Display configured address groups
device Display device macro information
event macro event related commands
global Display global macro information
interface Display interface auto smart port status
SWITCH_1#sh macro auto address-group
MAC Address Group Configuration:
Group Name OUI MAC ADDRESS
--------------------------------------------------------------
MY_ROUTERS 0001.0001.0001
MY_ACCESS_SWITCHES 0012.D986.AE83
CISCO_DMP_EVENT 0023.AC
000F.44
Now we have a trigger (mac-access-group) configured and we cen configure user defined macro.
device Enable macro auto execution for devices
trigger Enable macro auto execution for configured triggers
SWITCH_1(config-if)#macro auto control detection mac-address ?
cdp Enable cdp based auto configuration
lldp Enable lldp based auto configuration
<cr>
SWITCH_1(config-if)#macro auto control detection mac-address
SWITCH_1(config-if)#do sh run int gi 1/0/27
Building configuration...
Current configuration : 102 bytes
!
interface GigabitEthernet1/0/27
speed nonegotiate
macro auto control detection mac-address
end
SWITCH_1(config-if)#do sh mac add dyn int gi 1/0/27
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0012.d986.ae83 DYNAMIC Gi1/0/27
Total Mac Addresses for this criterion: 1
Verify mac-address-group we created
SWITCH_1#sh macro auto ?
address-group Display configured address groups
device Display device macro information
event macro event related commands
global Display global macro information
interface Display interface auto smart port status
SWITCH_1#sh macro auto address-group
MAC Address Group Configuration:
Group Name OUI MAC ADDRESS
--------------------------------------------------------------
MY_ROUTERS 0001.0001.0001
MY_ACCESS_SWITCHES 0012.D986.AE83
CISCO_DMP_EVENT 0023.AC
000F.44
Now we have a trigger (mac-access-group) configured and we cen configure user defined macro.
For our scenario we changed the text of default CISCO_SWITCH_AUTO_SMARTPORT and mapped it to mac-address-group trigger:
SWITCH_1(config)#macro auto execute MY_ACCESS_SWITCHES ?
LINE Input Macro Parameters [parameter_name=value] (e.g. VOICE_VLAN=100);
or to define a new macro use { macro commands }
builtin Display builtin shell functions <----you can use built-in macros
remote path to remote shell function <----- you can specify remote path for macro function
You can save your macro.txt on a remote server and load it when you need:
LINE Input Macro Parameters [parameter_name=value] (e.g. VOICE_VLAN=100);
or to define a new macro use { macro commands }
builtin Display builtin shell functions <----you can use built-in macros
remote path to remote shell function <----- you can specify remote path for macro function
You can save your macro.txt on a remote server and load it when you need:
SWITCH_1(config)#macro auto execute MY_ACCESS_SWITCHES remote ?
flash1: URL of the shell function
flash: URL of the shell function
ftp: URL of the shell function
http: URL of the shell function
https: URL of the shell function
nvram: URL of the shell function
rcp: URL of the shell function
scp: URL of the shell function
tftp: URL of the shell function
flash1: URL of the shell function
flash: URL of the shell function
ftp: URL of the shell function
http: URL of the shell function
https: URL of the shell function
nvram: URL of the shell function
rcp: URL of the shell function
scp: URL of the shell function
tftp: URL of the shell function
SWITCH_1(config)#macro auto execute MY_ACCESS_SWITCHES remote tftp://IP_ADDRESS/macro.txt
We will use localy defined macro for our scenario:
We will use localy defined macro for our scenario:
Do not forget to specify parameters. In our case it is a [NATIVE_VLAN=7] without brackets and separated by spaces:
SWITCH_1(config)#macro auto execute MY_ACCESS_SWITCHES NATIVE_VLAN=7 {
> if [[ $LINKUP -eq YES ]]; then
> conf t
> interface $INTERFACE
> macro description $TRIGGER
> auto qos voip trust
> description << ACCESS SWITCH >> <-- user-defined description
> mac access-group ALL_ARP in <---user-defined ACL
> switchport trunk encapsulation dot1q
> switchport trunk native vlan $NATIVE_VLAN
> switchport trunk allowed vlan ALL
> switchport mode trunk
> exit
> end
> else
> conf t
> interface $INTERFACE
> no macro description
> no auto qos voip trust
> no description << ACCESS SWITCH >>
> no mac access-group ALL_ARP in
> no switchport mode trunk
> no switchport trunk encapsulation dot1q
> no switchport trunk native vlan $NATIVE_VLAN
> no switchport trunk allowed vlan ALL
> exit
> end
> fi
>}
As result we have:
*Mar 23 03:27:15.649: %SYS-5-CONFIG_I: Configured from console by vty0
*Mar 23 03:27:16.144: %AUTOSMARTPORT-5-INSERT: Device with mac-address 0012.d986.ae83 detected on interface GigabitEthernet1/0/27, executed MY_ACCESS_SWITCHES
*Mar 23 03:27:16.798: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/27, changed state to down
*Mar 23 03:27:19.676: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/27, changed state to up
*Mar 23 03:27:16.144: %AUTOSMARTPORT-5-INSERT: Device with mac-address 0012.d986.ae83 detected on interface GigabitEthernet1/0/27, executed MY_ACCESS_SWITCHES
*Mar 23 03:27:16.798: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/27, changed state to down
*Mar 23 03:27:19.676: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/27, changed state to up
SWITCH_1(config)#do sh run int gi 1/0/27
Building configuration...
Current configuration : 389 bytes
!
interface GigabitEthernet1/0/27
description << ACCESS SWITCH >>
switchport trunk encapsulation dot1q
switchport trunk native vlan 7
switchport mode trunk
speed nonegotiate
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust cos
auto qos trust
macro description MY_ACCESS_SWITCHES
macro auto control detection mac-address
mac access-group ALL_ARP in
end
After disconecting the device we have a message:
*Mar 23 03:33:04.464: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan14, changed state to down
*Mar 23 03:33:05.429: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/27, changed state to down
*Mar 23 03:33:06.452: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/27, changed state to down
*Mar 23 03:33:07.929: %AUTOSMARTPORT-5-REMOVE: Device removed on interface GigabitEthernet1/0/27, executed MY_ACCESS_SWITCHES to remove the configuration
*Mar 23 03:33:05.429: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/27, changed state to down
*Mar 23 03:33:06.452: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/27, changed state to down
*Mar 23 03:33:07.929: %AUTOSMARTPORT-5-REMOVE: Device removed on interface GigabitEthernet1/0/27, executed MY_ACCESS_SWITCHES to remove the configuration
Verify:
SWITCH_1(config)#do sh run int gi 1/0/27
interface GigabitEthernet1/0/27
speed nonegotiate
macro auto control detection mac-address
end
interface GigabitEthernet1/0/27
speed nonegotiate
macro auto control detection mac-address
end
It is very interesting feature and can help you to get rid of many problems related installation of your equipment in remote offices.
Useful commands:
show parser macro name [<name>]
show shell triggers
show shell functions
show macro auto interface [<if-number>]
show parser macro brief
show macro auto address-group
show parser macro description [<if-id>]
Q&A section:
Q: What helps to map device classifier to interface configuration?
A: Trigger event.
Q: What is the difference between auto and static smartport macros?
A: When static smartport macros applied to interface, switch does not delete configuration after link-down event.
Q: What is the most common triggers are based on?
A: The most common triggers are based on CDP.
Q: Can you configure mac-address based trigger on a switch?
A: Mac adders based trigger configured on a switch by macro auto mac-address-group command
Q: What are the default cisco device classification profiles you know?
A: switch, router, access-point, ip-camera, media-player
Q: What command allows you to change default parameters of macros?
A: Macro auto device switch parameter_value=<value> command.
Q: Can you store user-defined macro on the remote serve?
A: You can specify a remote server where you can store user-defined macros
Q: What command display macro with it's CLI commands ?
A: show parser macro [name<name>]
Q: What command enables autosmartport macro globally?
A: macro auto global processing
Q: What command displays information about triggers and macros?
A: show shell [triggers|functions]
Q: What is the purpose of macro auto control command?
A: To specify when the switch applies an auto smartports macro based on the detection method, device type, or trigger.
Q: what command verifies "switch" autosmartport macro default and current parameters?
A: show macro auto device switch
Q: Write a command which specify that when switch will be plugged in to the port you should use "switch" auto smartport macro with default parameter (NATIVE_VALAN) eq 7
A: macro auto device switch NATIVE_VLAN=7
Best regards.
Kravets Dmitriy
I would love to see a scenario with a 802.1x result as Device Classifier.
ReplyDeleteI would love to see a scenario with a 802.1x result as Device Classifier.
ReplyDelete