« Port-security maximum 3 (for phones)
Labbing ODR »

Smartport macros (3550)

 | 8 Aug 2007 00:17

Nice of Cisco to preconfigure some macros for our usage, but how does one know what they do before applying them. Well using “show parser macro …” one can see what is supported and their content. My search for smartport macros first found me the following list (extract below), however this if for a 2955. The current R&S lab uses 3550 and 3560 so what to expect?

  1. cisco-global
    Use this global configuration macro to enable load balancing across VLANs, provide rapid convergence of spanning-tree instances and to enable port error recovery.
  2. cisco-desktop
    Use this interface configuration macro for increased network security and reliability when connecting a desktop device, such as a PC, to a switch port.
  3. cisco-phone
    Use this interface configuration macro when connecting a desktop device such as a PC with a Cisco IP Phone to a switch port. This macro is an extension of the cisco-desktop macro and provides the same security and resiliency features, but with the addition of dedicated voice VLANs to ensure proper treatment of delay-sensitive voice traffic.
  4. cisco-switch
    Use this interface configuration macro when connecting an access switch and a distribution switch or between access switches connected using GigaStack modules or GBICs.
  5. cisco-router
    Use this interface configuration macro when connecting the switch and a WAN router.
  6. cisco-lre-cpe
    Use this interface configuration macro to optimize performance when the switch is installed in apartment buildings or hotels, or when it is used to deliver Video-on-Demand (VoD), or multicast video.
  7. cisco-wireless
    Use this interface configuration macro when connecting the switch and a wireless access point.

The complete supported list of commands on a 3550 is:

(This PDF from Cisco details all 3550 smartport macros)

In short:

C3550-SW2#sh parser macro brief
default global : cisco-global
default interface: cisco-desktop
default interface: cisco-phone
default interface: cisco-switch
default interface: cisco-router
default interface: cisco-wireless

And this is the complete command list:

C3550-SW2#sh parser macro
Total number of macros = 6
--------------------------------------------------------------
Macro name : cisco-global
Macro type : default global
# Enable dynamic port error recovery for link state failures.
errdisable recovery cause link-flap
errdisable recovery interval 60

# Config Cos to DSCP mappings
mls qos map cos-dscp 0 8 16 26 32 46 46 56

# Enable aggressive mode UDLD on all fiber uplinks
udld aggressive

# Enable Rapid PVST+ and Loopguard
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
————————————————————–
Macro name : cisco-desktop
Macro type : default interface
# macro keywords $access_vlan
# Basic interface – Enable data VLAN only
# Recommended value for access vlan should not be 1
switchport access vlan $access_vlan
switchport mode access

# Enable port security limiting port to a single
# MAC address — that of desktop
switchport port-security
switchport port-security maximum 1

# Ensure port-security age is greater than one minute
# and use inactivity timer
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity

# Configure port as an edge network port
spanning-tree portfast
spanning-tree bpduguard enable
————————————————————–
Macro name : cisco-phone
Macro type : default interface
# Cisco IP phone + desktop template

# macro keywords $access_vlan $voice_vlan

# VoIP enabled interface – Enable data VLAN
# and voice VLAN
# Recommended value for access vlan should not be 1
switchport access vlan $access_vlan
switchport mode access

# Update the Voice VLAN value which should be
# different from data VLAN
# Recommended value for voice vlan should not be 1
switchport voice vlan $voice_vlan

# Enable port security limiting port to a 2 MAC
# addressess — One for desktop on data vlan and
# one for phone on voice vlan
switchport port-security
switchport port-security maximum 2

# Ensure port-security age is greater than one minute
# and use inactivity timer
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity

# Enable auto-qos to extend trust to attached Cisco phone
auto qos voip cisco-phone

# Configure port as an edge network port
spanning-tree portfast
spanning-tree bpduguard enable
————————————————————–
Macro name : cisco-switch
Macro type : default interface
# macro keywords $native_vlan
# Access Uplink to Distribution
# Do not apply to EtherChannel/Port Group
switchport trunk encapsulation dot1q

# Define unique Native VLAN on trunk ports
# Recommended value for native vlan should not be 1
switchport trunk native vlan $native_vlan

# Update the allowed VLAN range such that it
# includes data, voice and native VLANs
switchport trunk allowed vlan ALL

# Hardcode trunk
switchport mode trunk

# Configure qos to trust this interface
auto qos voip trust

# 802.1w defines the link as pt-pt for rapid convergence
spanning-tree link-type point-to-point
————————————————————–
Macro name : cisco-router
Macro type : default interface
# macro keywords $native_vlan
# Access Uplink to Distribution
switchport trunk encapsulation dot1q

# Define unique Native VLAN on trunk ports
# Recommended value for native vlan should not be 1
switchport trunk native vlan $native_vlan

# Update the allowed VLAN range such that it
# includes data, voice and native VLANs
switchport trunk allowed vlan ALL

# Hardcode trunk
switchport mode trunk

# Configure qos to trust this interface
auto qos voip trust
mls qos trust dscp

# Ensure fast access to the network when enabling the interface.
# Ensure that switch devices cannot become active on the interface.
spanning-tree portfast trunk
spanning-tree bpduguard enable
————————————————————–
Macro name : cisco-wireless
Macro type : default interface
# macro keywords $native_vlan
# Access Uplink to Distribution
switchport trunk encapsulation dot1q

# Define unique Native VLAN on trunk ports
# Recommended native vlan should NOT be 1
switchport trunk native vlan $native_vlan

# Update the allowed VLAN range such that it
# includes data, voice and native VLANs
switchport trunk allowed vlan ALL

# Hardcode trunk and disable negotiation to speed up convergence
switchport mode trunk
switchport nonegotiate

# Configure qos to trust this interface
auto qos voip trust
mls qos trust cos

# Ensure that switch devices cannot become active on the interface.
spanning-tree bpduguard enable
————————————————————–
C3550-SW2#

Categories: CCIE R&S, Main blog
Comments Off on Smartport macros (3550)

No Responses to “Smartport macros (3550)”

RSS feed for the comments of this post