Smartport macros are not more than some templates you can define on Cisco switches that will apply the same configuration on multiple ports. It’s not a subject that needs too many discussions, but it can be useful for your Cisco certification preparation or real life Cisco switch administration.
Configuration is very simple and it goes something like this:
macro name ACCESS-PORT switchport mode access switchport access vlan 6 switchport voice vlan 7 spanning-tree portfast spanning-tree bpdufilter enable @ |
After this you apply the macro to a port or a range of ports:
interface range fa0/1 - 6 macro apply ACCESS-PORT |
That’s it :)
A less known fact is that Cisco switches are having some predefined smartport macros, which can be really helpful. The smartport macros which you configure can be spotted with a simple “show running-config” command. This is not the case for the default smartport macros which cannot be seen in the running-config, so you may not be aware that they exist.
The default smartport macros can be seen using the following commands:
SW1#show parser macro brief
default global : cisco-global
default interface: cisco-desktop
default interface: cisco-phone
default interface: cisco-switch
default interface: cisco-router
default interface: cisco-wireless |
This will show you only a summary of the default smartport macros. If you want to see what are they configure to do, check the following command:
SW1# show parser macro Total number of macros = 7 -------------------------------------------------------------- Macro name : cisco-global Macro type : default global # Enable dynamic port error recovery for link state failures. errdisable recovery cause link-flap errdisable recovery interval 60 # Config Cos to DSCP mappings mls qos map cos-dscp 0 8 16 24 32 46 46 56 # Enable aggressive mode UDLD on all fiber uplinks udld aggressive # Enable Rapid PVST+ and Loopguard spanning-tree mode rapid-pvst spanning-tree loopguard default spanning-tree extend system-id -------------------------------------------------------------- Macro name : cisco-desktop Macro type : default interface # macro keywords $access_vlan # Basic interface - Enable data VLAN only # Recommended value for access vlan should not be 1 switchport access vlan $access_vlan switchport mode access # Enable port security limiting port to a single # MAC address -- that of desktop switchport port-security switchport port-security maximum 1 # Ensure port-security age is greater than one minute # and use inactivity timer switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity # Configure port as an edge network port spanning-tree portfast spanning-tree bpduguard enable -------------------------------------------------------------- Macro name : cisco-phone Macro type : default interface # Cisco IP phone + desktop template # macro keywords $access_vlan $voice_vlan # VoIP enabled interface - Enable data VLAN # and voice VLAN # Recommended value for access vlan should not be 1 switchport access vlan $access_vlan switchport mode access # Update the Voice VLAN value which should be # different from data VLAN # Recommended value for voice vlan should not be 1 switchport voice vlan $voice_vlan # Enable port security limiting port to a 2 MAC # addressess -- One for desktop on data vlan and # one for phone on voice vlan switchport port-security switchport port-security maximum 2 # Ensure port-security age is greater than one minute # and use inactivity timer switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity # Enable auto-qos to extend trust to attached Cisco phone auto qos voip cisco-phone # Configure port as an edge network port spanning-tree portfast spanning-tree bpduguard enable -------------------------------------------------------------- Macro name : cisco-switch Macro type : default interface # macro keywords $native_vlan # Access Uplink to Distribution # Do not apply to EtherChannel/Port Group switchport trunk encapsulation dot1q # Define unique Native VLAN on trunk ports # Recommended value for native vlan should not be 1 switchport trunk native vlan $native_vlan # Update the allowed VLAN range such that it # includes data, voice and native VLANs switchport trunk allowed vlan ALL # Hardcode trunk switchport mode trunk # Configure qos to trust this interface auto qos voip trust # 802.1w defines the link as pt-pt for rapid convergence spanning-tree link-type point-to-point -------------------------------------------------------------- Macro name : cisco-router Macro type : default interface # macro keywords $native_vlan # Access Uplink to Distribution switchport trunk encapsulation dot1q # Define unique Native VLAN on trunk ports # Recommended value for native vlan should not be 1 switchport trunk native vlan $native_vlan # Update the allowed VLAN range such that it # includes data, voice and native VLANs switchport trunk allowed vlan ALL # Hardcode trunk switchport mode trunk # Configure qos to trust this interface auto qos voip trust mls qos trust dscp # Ensure fast access to the network when enabling the interface. # Ensure that switch devices cannot become active on the interface. spanning-tree portfast trunk spanning-tree bpduguard enable -------------------------------------------------------------- Macro name : cisco-wireless Macro type : default interface # macro keywords $native_vlan # Access Uplink to Distribution switchport trunk encapsulation dot1q # Define unique Native VLAN on trunk ports # Recommended native vlan should NOT be 1 switchport trunk native vlan $native_vlan # Update the allowed VLAN range such that it # includes data, voice and native VLANs switchport trunk allowed vlan ALL # Hardcode trunk and disable negotiation to speed up convergence switchport mode trunk switchport nonegotiate # Configure qos to trust this interface auto qos voip trust mls qos trust cos # Ensure that switch devices cannot become active on the interface. spanning-tree bpduguard enable -------------------------------------------------------------- Macro name : VLAN_146 Macro type : customizable switchport mode access switchport access vlan 146 spanning-tree bpdufilter enable -------------------------------------------------------------- |
To be honest I never used them like this, but they were a pretty good starting point to customize new smartport macros.
If you are rather interested in the Cisco switch interface macro command, I did write a post on this topic some years ago and you can read it here.
