CCIE Routing & Switching v5 Workbook -
CCIE R&S v5 Advanced Technology Labs -
LAN Switching
Smartport Macros
You must load the initial configuration files for the section, LAN
Switching Initial Spanning Tree, which can be found in
. Reference
the Virtual Routers & Physical Switches Diagram to complete this
task.
Task
Configure a macro on SW1 named VLAN_146 so that when applied to an interface:
It enables the interface as access mode in VLAN 146.
It enables BPDU Filter on the port.
Apply this macro to ports Fa0/7 and Fa0/8 on the switch.
Configuration
This is the old command syntax.
SW1:
macro name VLAN_146
switchport mode access
switchport access vlan 146
spanning-tree bpdufilter enable
@
!
interface range FastEthernet0/7 - 8
macro apply VLAN_146
This is the new command syntax.
SW1:
define interface-range VLAN_146 fastEthernet0/7 - 8
!
interface range macro VLAN_146
switchport mode access
switchport access vlan 146
spanning-tree bpdufilter enable
Verification
Smartport macros are used to define a well-known template of configuration to apply
onto multiple interfaces. This feature is useful in large switching environments where
general categories of ports can be defined, such as access, server, and uplink, to
have them share common configuration templates. Note that with newer codes on
the switches, the command to create the macro is hidden.
In this particular design, the macro is used to apply three attributes to the interface:
the switchport mode, the access VLAN, and the BPDU Filter feature. The result
shown in the show run output is identical to what would be achieved by manually
entering these commands on both interfaces, with the addition of the
macro
description
, telling us which macro was applied.
SW1#show running-config | section 0/7|0/8
interface FastEthernet0/7
switchport access vlan 146
switchport mode accessmacro description VLAN_146
spanning-tree bpdufilter enableinterface FastEthernet0/8
switchport access vlan 146
switchport mode accessmacro description VLAN_146
spanning-tree bpdufilter enable
!
!SW1#show interfaces fastEthernet0/7 switchport
Name: Fa0/7
Switchport: EnabledAdministrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: OffAccess Mode VLAN: 146 (VLAN0146)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
<output omitted>
!
!SW1#show interfaces fastEthernet0/8 switchport
Name: Fa0/8
Switchport: EnabledAdministrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: OffAccess Mode VLAN: 146 (VLAN0146)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
<output omitted>
Several default Smartport macros exist in the switch, which can be seen by issuing
the
show parser macro
command.
SW1#show parser macro brief
default global : cisco-global
default interface: cisco-desktop
default interface: cisco-phone
default interface: cisco-switch
default interface: cisco-router
default interface: cisco-wirelesscustomizable: VLAN_146
!
!SW1#show parser macro name cisco-router
Macro name : cisco-router
Macro type : default interface
# macro keywords $native_vlan
# Access Uplink to Distributionswitchport trunk encapsulation dot1q
# Define unique Native VLAN on trunk ports
# Recommended value for native vlan should not be 1switchport trunk native vlan $native_vlan
# Update the allowed VLAN range such that it
# includes data, voice and native VLANsswitchport trunk allowed vlan ALL
# Hardcode trunkswitchport mode trunk
# Configure qos to trust this interfaceauto qos voip trust
mls qos trust dscp
# Ensure fast access to the network when enabling the interface.
# Ensure that switch devices cannot become active on the interface.spanning-tree portfast trunk
spanning-tree bpduguard enable
A default macro can be applied as follows.
SW1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.SW1(config)#interface FastEthernet0/10
SW1(config-if)#macro apply cisco-desktop $access_vlan 10
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
%Portfast has been configured on FastEthernet0/10 but will only
have effect when the interface is in a non-trunking mode.
!
!SW1#show running-config interface fastethernet0/10
Building configuration...
Current configuration : 332 bytes
!interface FastEthernet0/10
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
end