- Preface
- Product Overview
- Command-Line Interfaces
- Configuring the Switch for the First Time
- Administering the Switch
- Configuring Virtual Switching Systems
- Configuring the Cisco IOS In-Service Software Upgrade Process
- Configuring the Cisco IOS XE In Service Software Upgrade Process
- Configuring Interfaces
- Checking Port Status and Connectivity
- Configuring Trustsec
- RPR
- Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E and Supervisor Engine 7L-E
- Configuring Cisco NSF with SSO Supervisor Engine Redundancy
- Environmental Monitoring and Power Management
- Configuring Power over Ethernet
- Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant
- Configuring VLANs, VTP, and VMPS
- Configuring IP Unnumbered Interface
- Configuring Layer 2 Ethernet Interfaces
- Configuring SmartPort Macros
- Configuring Cisco IOS Auto Smartport Macros
- Configuring STP and MST
- Configuring Flex Links and MAC Address-Table Move Update
- Configuring Resilient Ethernet Protocol
- Configuring Optional STP Features
- Configuring EtherChannel and Link State Tracking
- Configuring IGMP Snooping and Filtering, and MVR
- Configuring IPv6 MLD Snooping
- Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling
- Configuring CDP
- Configuring LLDP, LLDP-MED, and Location Service
- Configuring UDLD
- Configuring Unidirectional Ethernet
- Configuring Layer 3 Interfaces
- Configuring Cisco Express Forwarding
- Configuring Unicast Reverse Path Forwarding
- Configuring IP Multicast
- Configuring ANCP Client
- Configuring Bidirectional Forwarding Detection
- Configuring Policy-Based Routing
- Configuring VRF-lite
- Configuring Quality of Service
- Configuring Voice Interfaces
- Configuring Private VLANs
- Configuring MACsec Encryption
- Configuring 802.1X Port-Based Authentication
- Configuring the PPPoE Intermediate Agent
- Configuring Web-Based Authentication
- Configuring Port Security
- Configuring Control Plane Policing and Layer 2 Control Packet QoS
- Configuring Dynamic ARP Inspection
- Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
- Configuring Network Security with ACLs
- Support for IPv6
- Port Unicast and Multicast Flood Blocking
- Configuring Storm Control
- Configuring SPAN and RSPAN
- Configuring Wireshark
- Configuring Enhanced Object Tracking
- Configuring System Message Logging
- Onboard Failure Logging (OBFL)
- Configuring SNMP
- Configuring NetFlow-lite
- Configuring Flexible NetFlow
- Configuring Ethernet OAM and CFM
- Configuring Y.1731 (AIS and RDI)
- Configuring Call Home
- Configuring Cisco IOS IP SLA Operations
- Configuring RMON
- Performing Diagnostics
- Configuring WCCP Version 2 Services
- Configuring MIB Support
- ROM Monitor
- Acronyms and Abbreviations
- configIX
- Enabling Auto Smartport Macros
- Auto Smartport Default Config uration
- Auto Smartport Configuration Guidelines
- Configuring Auto Smartport Built-in Macro Parameters
- Configuring Mapping Between Event Triggers and Built-in Macros
- Configuring User-Defined Event Triggers
- Configuring Mapping Between User-Defined Triggers and Built-in Macros
- Configuring Auto Smartport User-Defined Macros
Configuring Cisco IOS Auto Smartport Macros
This chapter describes how to configure and apply Auto Smartport macros on the Catalyst 4500 series switch.
This chapter includes the following major sections:
Note
For complete syntax and usage information for the switch commands used in this chapter, see the Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html
If a command is not in the Catalyst 4500 Series Switch Command Reference, you can locate it in the Cisco IOS library. See the Cisco IOS Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/ps6350/index.html
About Auto Smartport Macros
Auto Smartport macros dynamically configure ports based on the device type detected on the port. When the switch detects a new device on a port, it applies the appropriate Auto Smartport macro. When a link-down event occurs on the port, the switch removes the macro. For example, when you connect a Cisco IP phone to a port, Auto Smartport automatically applies the Cisco IP phone macro. The Cisco IP phone macro enables quality of service (QoS), security features, and a dedicated voice VLAN to ensure proper treatment of delay-sensitive voice traffic.
Auto Smartport uses event triggers to map devices to macros. The most common event triggers are based on Cisco Discovery Protocol (CDP) messages received from connected devices. The detection of a device (Cisco IP phone, Cisco wireless access point, or Cisco router) invokes an event trigger for that device.
Note Although Auto SmartPort detects the Cisco switch it does not invoke the event trigger automatically. The event trigger needs to be manually invoked to map the switch to macros.
Link Layer Discovery Protocol (LLDP) is used to detect devices that do not support CDP. Other mechanisms used as event triggers include the 802.1X authentication result and MAC-address learned.
System built-in event triggers exist for various devices based mostly on CDP and LLDP messages ( Table 1-1 ) and some MAC address.and some MAC address. (Through Cisco IOS Release 12.2(54)SG, DMP is detected using the MAC address. Starting with Cisco IOS Release 15.0(2)SG, DMP is also detected using CDP.) These triggers are enabled as long as Auto Smartport is enabled.
You can also define your own trigger. User-defined triggers can be CDP/LLDP-based, a group of MAC addresses, or the value of the attribute-value (AV) pair for the auto-smart-port keyword.
The Auto Smartport macros are groups of CLI commands. Detection of devices on a port triggers the application of the macro for the device. (For example, detecting a CISCO_PHONE event on a port triggers the switch to apply the commands in the CISCO_PHONE_AUTO_SMARTPORT macro.) System built-in macros exist for various devices, and, by default, system built-in triggers are mapped to the corresponding built-in macros. You can change the mapping of built-in triggers or macros as needed.
A macro basically applies or removes a set of CLIs on an interface based on the link status. In a macro, the link status is checked. If the link is up, then a set of CLIs is applied; if the link is down, the set is removed (the no format of the CLIs are applied). The part of the macro that applies the set of CLIs is termed macro. The part that removes the CLIs (the no format of the CLIs) are termed antimacro.
Besides creating user-defined triggers, you can also create user-defined macros and map one to the other among all triggers (both built-in and user-defined) and all macros (both built-in and user-defined). Use the Cisco IOS scripting capability to create the macros. Cisco IOS scripting is a BASH-like language syntax for command automation and variable replacement.
The four detection mechanisms adhere to the following order of priority:
- If 802.1X authentication is configured on a port, an authentication response-based trigger is applied, and other triggers are ignored.
- If 802.1X authentication fails and the CDP/LLDP fallback mechanism is configured, CDP/LLDP triggers for phone devices only; if no fallback mechanism is configured, or a device is not a phone device, nothing is triggered.
- If 802.1X authentication is configured on a port, a MAC address-based trigger is never triggered.
- If 802.1X authentication is not configured on a port, CDP/LLDP has priority over a MAC address-based trigger with a hold-off timer applied for MAC-address based trigger. Between CDP/LLDP, there is no particular order; whichever one arrives first is triggered.
Device Classifier
Starting with Cisco Release IOS XE 3.3.0SG and IOS 15.1(1)SG, the device classifier (DC) feature is enabled by default on the Catalyst 4500 series switch.
The DC collects information from MAC-OUI and protocols such as CDP, LLDP, and DHCP to identify devices. You must enable CDP and LLDP on the switch. To make DHCP options information available to the DC, you must enable the DHCP snooping feature on the switch. The device attributes collected from these protocols are evaluated against a set of profiles available to the DC to find the best match. The best-matched profile is used for device identification.
Devices that do not send CDP, LLDP or DHCP traffic may not be properly identified by the device classifier.
Device-classifier uses profile definitions—built-in and default profiles. The built-in profiles contain the device profiles that are known to the Auto Smartport module, comprising a limited set of Cisco devices. They are built into Cisco IOS and cannot be changed. The default profiles are stored as a text file in nonvolatile storage and allow the DC to identify a much larger set of devices. The default profiles are updated as part of the Cisco IOS archive download.
When a new device is detected, the corresponding shell trigger executes the Auto Smartport configuration macro. Auto Smartport has built-in mappings for a large set of devices. You can use the commands described in the “Configuring Mapping Between User-Defined Triggers and Built-in Macros” section to create new mappings. You can create the trigger mappings based on the profile name or device name that is provided by the DC.
Device Visibility Mode
The DC function is enabled on the switch by default. You can disable it by using the no macro auto monitor global configuration command. The DC feature provides show commands to display the devices that are connected to the switch. It also provides information about the physical port to which the device is connected, along with device MAC address and other vendor information. Only directly connected devices, such as another Layer 2 switch, are classified on nonaccess ports. On access ports that are connected to hubs, device classification is limited to 32 devices.
When you enable Auto Smartport, the DC is automatically enabled.
Configuring Auto Smartport Macros
The following topics are included:
- Enabling Auto Smartport Macros
- Auto Smartport Configuration Guidelines
- Configuring Auto Smartport Built-in Macro Parameters
- Configuring Mapping Between Event Triggers and Built-in Macros
- Configuring User-Defined Event Triggers
- Configuring Mapping Between User-Defined Triggers and Built-in Macros
- Configuring Auto Smartport User-Defined Macros
Enabling Auto Smartport Macros
Note By default, Auto Smartport is disabled globally. To disable Auto Smartport macros on a specific port, use the no macro auto global processing interface command before enabling Auto Smartport globally.
To enable Auto Smartport globally, use the macro auto global processing global configuration command.
To enable Auto Smartport macros, perform this task:
Use the show shell functions and the show shell triggers privileged EXEC command to display the event triggers, the built-in macros, and the built-in macro default values.
This example shows how enable Auto Smartport on the switch and how to disable the feature on a specific interface:
Auto Smartport Default Configuration
By default, Cisco IOS shell is enabled and Auto Smartport is disabled globally.
Table 1-1 shows the Auto Smartport built-in event triggers that are embedded in the switch software by default.
Table 1-2 shows the Auto Smartport built-in macros that are embedded in the switch software.
Note By default, the built-in event triggers are mapped to the built-in macros.
Auto Smartport Configuration Guidelines
Auto Smartport guidelines include the following:
- To avoid system conflicts when Auto Smartport macros are applied, remove all port configuration except for 802.1X authentication.
- If the macro conflicts with the original configuration, some macro commands might not be applied, or some antimacro commands might not be applied. (The antimacro is the portion of the applied macro that removes it at link down.)
Note Failure of one command in the macro halts the application of the entire macro.
For example, if 802.1X authentication is enabled, you cannot remove switchport-mode access configuration. You must remove the 802.1X authentication before removing the configuration.
If Auto Smartport is not yet enabled globally, disable Auto Smartport on all the EtherChannel ports before enabling it globally. If Auto Smartport is already enabled, shut down the port and disable it before adding the port to an EtherChannel.
Note If an Auto Smartport macro is applied on an interface, EtherChannel configuration usually fails because of conflict with the auto-QoS configuration applied by the macro.
- The built-in macro default data VLAN is VLAN 1. The default voice VLAN is VLAN 2. You should modify the built-in macro default values if your switch uses different VLANs. To view all built-in macro default values, use the show shell functions privileged EXEC command.
- To detect non-Cisco devices for 802.1X authentication or MAB, configure the RADIUS server to support the Cisco AV pair auto-smart-port=event trigger. You must configure a user-defined trigger with the value returned in the AV pair for auto-smart-port.
- For stationary devices that do not support CDP, MAB, or 802.1X authentication, such as network printers, we recommend that you disable Auto Smartport on the port.
- If authentication is enabled on a port, the switch ignores CDP unless the fallback cdp keyword is in the macro auto global processing global configuration command.
- The order of CLI commands within the macro and the corresponding antimacro can differ.
- Before converting a port into an Layer 3 interface, enter the no macro auto processing command. This prevents Auto Smartport from applying macros on the interface. If Layer 3 is already configured, enter the no macro auto processing command on the Layer 3 interface enable Auto Smartport globally.
- Auto Smartport macros and Smartport cannot coexist on an interface.
- A switch applies a macro in accordance with the LLDP advertisement from the attached device. If the device does not identify itself properly, the wrong macro is applied. Consult the specific device documentation to ensure the device's firmware is current.
- The LWAP’s WLC software version must be 6.0.188 ( => Cisco IOS 12.4(21a)JA2) or later to make it detectable as LWAP by AutoSmartport.
- As of Cisco IOS Release 12.2(54)SG, Auto Smartport does not support macros that apply EtherChannel configurations. Interfaces that belong to EtherChannel groups are treated as standard interfaces. You can apply macros on individual interfaces based on the device type but the CLIs in the macro (for example, auto-QoS) might conflict with an EtherChannel configuration. We recommend that you disable Auto Smartport on interfaces belonging to EtherChannels before you enable Auto Smartport globally. If Auto Smartport is already enabled, disable Auto Smartport on the interfaces before configuring EtherChannel.
- When a Cisco switch is detected on the Auto Smartport, you have to manually map the event trigger to either a built-in macro or user-defined macro. You need to also match the event trigger to the device PID.
Configuring Auto Smartport Built-in Macro Parameters
The switch automatically maps from built-in event triggers to built-in macros. You can replace the built-in macro default values with values that are specific to your switch.
To configure Auto Smartport built-in macros parameters, perform this task:
The no macro auto execute event trigger {[ builtin built-in macro name [parameter=value]] | [[parameter=value] {function contents}]} command deletes the mapping.
This example shows how to use two built-in Auto Smartport macros for connecting Cisco switches and Cisco IP phones to the switch. This example modifies the default voice VLAN, access VLAN, and native VLAN for the trunk interface:
Note You can also use the macro auto device command to simplify changing the parameters for a built-in functions for a device type.
Configuring Mapping Between Event Triggers and Built-in Macros
Note You need to perform this task when a Cisco switch is connected to the Auto Smartport.
To map event trigger to a built-in macros, perform this task:
This example shows how to map a event trigger called CISCO_SWITCH_EVENT to the built-in macro CISCO_SWITCH_AUTO_SMARTPORT.
Configuring User-Defined Event Triggers
You can configure two types of event triggers: user-defined and MAC address-based.
802.1X-Based Event Trigger
When using MAB or 802.1X authentication to trigger Auto Smartport macros, you need to create an event trigger that corresponds to the Cisco AV pair (auto-smart-port=event trigger) sent by the RADIUS server.
To configure an event trigger, perform this task:
Use the no shell trigger identifier global configuration command to delete the event trigger.
The following example shows how to define a user-defined trigger:
MAC Address-Based Event Trigger
To configure a MAC address group as an event trigger, perform this task:
Use the no macro auto mac-address-group grp_name to delete the event trigger.
Configuring Mapping Between User-Defined Triggers and Built-in Macros
You need to map the user-defined trigger to either a built-in macro or user-defined macro.
To map a user-defined trigger to a built-in macros, perform this task:
This example shows how to map a user-defined event trigger called RADIUS_MAB_EVENT to the built-in macro CISCO_PHONE_AUTO_SMARTPORT with access VLAN set to 10, and how to verify the entries.
This procedure shows how to map a user-defined trigger to a built-in macro:
Step 1 Connect the device to a MAB-enabled switch port.
Step 2 On the RADIUS server, set the attribute-value pair to auto-smart-port =RADIUS_MAB_EVENT.
Step 3 On the switch, create the event trigger RADIUS_MAB_EVENT.
The switch recognizes the attribute-value pair=RADIUS_MAB_EVENT response from the RADIUS server and applies the macro CISCO_PHONE_AUTO_SMARTPORT, as in the following example:
Configuring Auto Smartport User-Defined Macros
The Cisco IOS shell provides basic scripting capabilities for configuring the user-defined Auto Smartport macros. These macros can contain multiple lines and can include any CLI command. You can also define variable substitution, conditionals, functions, and triggers within the macro.
Inside a user-defined macro, besides parameters specified through macro auto execute trigger parameter-name=value.., you also can use the following variables published by EEM ( Table 1-3 ):
|
|
|
|---|---|
Name of the trigger event that is raised (for example, CISCO_PHONE_EVENT). |
|
Indicates whether 802.1X authentication is configured on the interface (true/false). |
To map an event trigger to a user-defined macro, perform this task:
This example shows how to map a user-defined event trigger called Cisco Digital Media Player (DMP) to a user-defined macro.
Step 1 Connect the DMP to an 802.1X- or MAB-enabled switch port.
Step 2 On the RADIUS server, set the attribute-value pair to auto-smart-port =MY_MEDIAPLAYER_EVENT.
Step 3 On the switch, create the event trigger CISCO_DMP_EVENT, and map it to the user-defined macro commands shown below.
The switch recognizes the attribute-value pair=CISCO_DMP_EVENT response from the RADIUS server and applies the macro associated with this event trigger.
The following example shows the macro portion of the automacro:
The following represents the anti-macro portion of the automacro:
Table 1-4 lists the supported shell keywords your can apply in your macros and antimacro statements.
|
|
|
|---|---|
Variables that begin with the $ character are replaced with a parameter value. |
|
Table 1-5 lists the shell keywords that are not supported in macros and antimacros.
|
|
|
|---|---|
Displaying Auto Smartport
To display the Auto Smartport and static Smartport macros, use one or more of the privileged EXEC commands in Table 1-6 .
This example shows how to use the show macro auto monitor device privileged EXEC command with the optional mac-address keyword to view summary information about the connected device with the specified MAC address:
This example shows how to use the show macro auto monitor type privileged EXEC command with no optional keywords to view the devices recognized by the device classifier:
This example shows how to use the show shell triggers privileged EXEC command to view the event triggers in the switch software:
This example shows how to use the show shell functions privileged EXEC command to view the built-in macros in the switch software:
Feedback