Interface Templates
An interface template provides a mechanism to configure multiple commands at the same time and associate it with a target such as an interface. An interface template is a container of configurations or policies that can be applied to specific ports.
Restrictions for Interface Templates
-
Interface templates are not applicable for wireless sessions.
-
Remote storing and downloading of templates is not supported.
-
The same configuration cannot be used for port and interface template on the switch.
Information About Interface Templates
About Interface Templates
An interface template is a container of configurations or policies that can be applied to specific ports. When an interface template is applied to an access port, it impacts all traffic that is exchanged on the port.
There are two types of interface templates; user and builtin templates. Builtin templates are created by the system.
You can modify builtin templates. If you delete a modified builtin template the system restores the original definition of the template.
The following are the available builtin templates:
-
AP_INTERFACE_TEMPLATE (Access Point)
-
DMP_INTERFACE_TEMPLATE (Digital Media Player)
-
IP_CAMERA_INTERFACE_TEMPLATE
-
IP_PHONE_INTERFACE_TEMPLATE
-
LAP_INTERFACE_TEMPLATE (Lightweight Access Point)
-
MSP_CAMERA_INTERFACE_TEMPLATE
-
MSP_VC_INTERFACE_TEMPLATE (Video Conferencing)
-
PRINTER_INTERFACE_TEMPLATE
-
ROUTER_INTERFACE_TEMPLATE
-
SWITCH_INTERFACE_TEMPLATE
-
TP_INTERFACE_TEMPLATE (TelePresence)
Following is an example of a builtin interface template:
Template Name : IP_CAMERA_INTERFACE_TEMPLATE
Modified : No
Template Definition :
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode access
switchport block unicast
switchport port-security
mls qos trust dscp
srr-queue bandwidth share 1 30 35 5
priority-queue out
!
You can also create specific user templates with the commands that you want to include.
Note |
The template name must not contain spaces. |
You can create an interface template using the template command in global configuration mode. In template configuration mode, enter the required commands. The following commands can be entered in template configuration mode:
Command | Description |
---|---|
access-session |
Configures access session specific interface commands. |
authentication |
Configures authentication manager Interface Configuration commands. |
carrier-delay |
Configures delay for interface transitions. |
dampening |
Enables event dampening. |
default |
Sets a command to its defaults. |
description |
Configures interface-specific description. |
dot1x |
Configures interface configuration commands for IEEE 802.1X. |
hold-queue |
Sets hold queue depth. |
ip |
Configures IP template. |
keepalive |
Enables keepalive. |
load-interval |
Specifies interval for load calculation for an interface. |
mab |
Configures MAC authentication bypass Interface. |
mls |
Enables multilayer switching configurations. This command is available on the following devices in template configuration mode:
|
peer |
Configures peer parameters for point to point interfaces. |
priority-queue |
To set the priority-queue size for a template. This command is available on the following devices in template configuration mode:
|
queue-set |
Configures the QoS queue set on a template. This command is available on the following devices in template configuration mode:
|
radius-server |
Enables RADIUS server configurations. This command is available on the following devices in template configuration mode:
|
service-policy |
Configures CPL service policy. |
source |
Gets configurations from another source. |
spanning-tree |
Configures spanning tree subsystem |
storm-control |
Configures storm control. |
subscriber |
Configures subscriber inactivity timeout value. |
switchport |
Sets switching mode configurations |
trust |
Sets trust value for the interface. |
Note |
|
Binding an Interface Template to a Target
Each template can be bound to a target. Template binding or sourcing can be either static or dynamic. Static binding of a template involves binding the template to a target, like an interface. Only one template can be bound at a time using static binding. Static binding of another template to the same target will unbind the previously bound template. To configure static binding, use the source template command in interface configuration mode.
Any number of templates can be bound dynamically to a target. To configure dynamic binding using builtin policy maps and parameter maps, enable the autoconf feature using the autoconf enable command.
Note |
You can have statically and dynamically bind templates on the same interface at a time. |
Priority for Configurations Using Interface Templates
Configuration applied through dynamically-bound templates has the highest priority, followed by configuration applied directly on the interface, and then configuration applied through statically-bound templates. When similar commands are present at different priority levels, the one at the highest priority is applied. If a configuration at a higher priority level is not applied, then the configuration with the next highest priority is applied to the target.
Multiple templates can be dynamically bound to a target. When multiple templates are dynamically bound, the template that is applied last has the highest priority.
To delete a template, you must remove the binding to all targets. If you bind a template that does not exist, a new template is created with no configurations.
Configuring Interface Templates
Perform the following task to create user interface templates:
SUMMARY STEPS
- enable
- configure terminal
- template name
- load-interval interval
- description description
- keepalive number
- end
DETAILED STEPS
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode.
|
||
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 3 |
template name Example:
|
|
||
Step 4 |
load-interval interval Example:
|
|
||
Step 5 |
description description Example:
|
|
||
Step 6 |
keepalive number Example:
|
|
||
Step 7 |
end Example:
|
Exits global configuration mode and returns to privileged EXEC mode. |
Configuring Static Binding for Interface Templates
SUMMARY STEPS
- enable
- configure terminal
- interface type number
- source template name
- end
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode.
|
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
Step 3 |
interface type number Example:
|
Specifies the interface type and number and enters interface configuration mode. |
Step 4 |
source template name Example:
|
Statically applies an interface template to a target. |
Step 5 |
end Example:
|
Exits interface configuration mode and returns to privileged EXEC mode. |
Example
To verify static binding use the show running-config interface int-name and the show derived-config interface int-name commands.
Device# show running-config interface GigabitEthernet 1/0/12
Building configuration...
Current configuration : 71 bytes
!
interface GigabitEthernet1/0/12
source template user-template1
end
Device# show derived-config interface GigabitEthernet 1/0/12
Building configuration...
Derived configuration : 108 bytes
!
interface GigabitEthernet1/0/12
description This is a user template
load-interval 60
keepalive 60
end
Configuring Dynamic Binding of Interface Templates
SUMMARY STEPS
- enable
- configure terminal
- interface type number
- service-policy type control subscriber policymap-name
- end
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode.
|
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
Step 3 |
interface type number Example:
|
Specifies the interface type and number and enters interface configuration mode. |
Step 4 |
service-policy type control subscriber policymap-name Example:
|
Dynamically applies an interface template to a target. |
Step 5 |
end Example:
|
Exits interface configuration mode and returns to privileged EXEC mode. |
Verifying an Interface Template
Use one or more of the commands listed below to verify the interface template configuration.
SUMMARY STEPS
- enable
- show template interface all {all | binding {temp-name | all | target int-name} | brief }
- show template interface source {built-in [original] | user}{temp-name | all}}
- show template service{all | binding target int-name | brief | source {aaa | built-in | user {temp-name | all}}
DETAILED STEPS
Step 1 |
enable Example:
Enables privileged EXEC mode.
|
Step 2 |
show template interface all {all | binding {temp-name | all | target int-name} | brief } |
Step 3 |
show template interface source {built-in [original] | user}{temp-name | all}} |
Step 4 |
show template service{all | binding target int-name | brief | source {aaa | built-in | user {temp-name | all}} |
Verifying Interface User Templates
Device# show template interface source user all
Template Name : TEST-1
Template Definition:
load-interval 60
description TEST_1_TEMPLATE
keepalive 200
!
Template Name : TEST-2
Template Definition:
load-interval 60
description TEST-1_TEMPLATE
keepalive 200
Device# show template interface source built-in all
Building configuration...
Template Name : AP_INTERFACE_TEMPLATE
Modified : No
Template Definition :
switchport mode trunk
switchport nonegotiate
service-policy input AutoConf-4.0-Trust-Cos-Input-Policy
service-policy output AutoConf-4.0-Output-Policy
!
Template Name : DMP_INTERFACE_TEMPLATE
Modified : No
Template Definition :
switchport mode access
switchport block unicast
switchport port-security
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoConf-4.0-Trust-Dscp-Input-Policy
service-policy output AutoConf-4.0-Output-Policy
!
Template Name : IP_CAMERA_INTERFACE_TEMPLATE
Modified : No
Template Definition :
switchport mode access
switchport block unicast
switchport port-security
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoConf-4.0-Trust-Dscp-Input-Policy
service-policy output AutoConf-4.0-Output-Policy
!
Template Name : IP_PHONE_INTERFACE_TEMPLATE
Modified : No
Template Definition :
switchport mode access
switchport block unicast
switchport port-security maximum 3
switchport port-security maximum 2 vlan access
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
switchport port-security
storm-control broadcast level pps 1k
storm-control multicast level pps 2k
storm-control action trap
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoConf-4.0-CiscoPhone-Input-Policy
service-policy output AutoConf-4.0-Output-Policy
ip dhcp snooping limit rate 15
load-interval 30
!
Template Name : LAP_INTERFACE_TEMPLATE
Modified : No
Template Definition :
switchport mode access
switchport block unicast
switchport port-security violation protect
switchport port-security aging time 2
switchport port-security aging type inactivity
switchport port-security
storm-control broadcast level pps 1k
storm-control multicast level pps 2k
storm-control action trap
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 15
load-interval 30
!
Template Name : MSP_CAMERA_INTERFACE_TEMPLATE
Modified : No
Template Definition :
switchport mode access
switchport block unicast
switchport port-security
spanning-tree portfast
spanning-tree bpduguard enable
!
Template Name : MSP_VC_INTERFACE_TEMPLATE
Modified : No
Template Definition :
switchport mode access
switchport port-security
spanning-tree portfast
spanning-tree bpduguard enable
load-interval 30
!
Template Name : PRINTER_INTERFACE_TEMPLATE
Modified : No
Template Definition :
switchport mode access
switchport port-security maximum 2
switchport port-security
spanning-tree portfast
spanning-tree bpduguard enable
load-interval 60
!
Template Name : ROUTER_INTERFACE_TEMPLATE
Modified : No
Template Definition :
switchport mode trunk
spanning-tree portfast trunk
spanning-tree bpduguard enable
service-policy input AutoConf-4.0-Trust-Cos-Input-Policy
service-policy output AutoConf-4.0-Output-Policy
!
Template Name : SWITCH_INTERFACE_TEMPLATE
Modified : No
Template Definition :
switchport mode trunk
service-policy input AutoConf-4.0-Trust-Cos-Input-Policy
service-policy output AutoConf-4.0-Output-Policy
!
Template Name : TP_INTERFACE_TEMPLATE
Modified : No
Template Definition :
switchport mode access
switchport port-security maximum 3
switchport port-security maximum 2 vlan access
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
switchport port-security
storm-control broadcast level pps 1k
storm-control multicast level pps 2k
storm-control action trap
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoConf-4.0-Trust-Dscp-Input-Policy
service-policy output AutoConf-4.0-Output-Policy
ip dhcp snooping limit rate 15
load-interval 30
!
end
Device# show template interface source built-in all
Building configuration...
Template Name : AP_INTERFACE_TEMPLATE
Modified : No
Template Definition :
switchport mode trunk
switchport nonegotiate
mls qos trust cos
srr-queue bandwidth share 1 30 35 5
priority-queue out
!
Template Name : DMP_INTERFACE_TEMPLATE
Modified : No
Template Definition :
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode access
switchport block unicast
switchport port-security
mls qos trust dscp
srr-queue bandwidth share 1 30 35 5
priority-queue out
!
Template Name : IP_CAMERA_INTERFACE_TEMPLATE
Modified : No
Template Definition :
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode access
switchport block unicast
switchport port-security
mls qos trust dscp
srr-queue bandwidth share 1 30 35 5
priority-queue out
!
Template Name : IP_PHONE_INTERFACE_TEMPLATE
Modified : No
Template Definition :
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode access
switchport block unicast
switchport port-security maximum 3
switchport port-security maximum 2 vlan access
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
switchport port-security
storm-control broadcast level pps 1k
storm-control multicast level pps 2k
storm-control action trap
mls qos trust cos
service-policy input AUTOCONF-SRND4-CISCOPHONE-POLICY
ip dhcp snooping limit rate 15
load-interval 30
srr-queue bandwidth share 1 30 35 5
priority-queue out
!
Template Name : LAP_INTERFACE_TEMPLATE
Modified : No
Template Definition :
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode access
switchport block unicast
switchport port-security violation protect
switchport port-security aging time 2
switchport port-security aging type inactivity
switchport port-security
storm-control broadcast level pps 1k
storm-control multicast level pps 2k
storm-control action trap
mls qos trust dscp
ip dhcp snooping limit rate 15
load-interval 30
srr-queue bandwidth share 10 10 60 20
priority-queue out
!
Template Name : MSP_CAMERA_INTERFACE_TEMPLATE
Modified : No
Template Definition :
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode access
switchport block unicast
switchport port-security
!
Template Name : MSP_VC_INTERFACE_TEMPLATE
Modified : No
Template Definition :
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode access
switchport block unicast
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
switchport port-security
ip dhcp snooping limit rate 15
load-interval 30
!
Template Name : PRINTER_INTERFACE_TEMPLATE
Modified : No
Template Definition :
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode access
switchport port-security maximum 2
switchport port-security
load-interval 60
!
Template Name : ROUTER_INTERFACE_TEMPLATE
Modified : No
Template Definition :
spanning-tree portfast trunk
spanning-tree bpduguard enable
switchport mode trunk
mls qos trust dscp
srr-queue bandwidth share 1 30 35 5
priority-queue out
!
Template Name : SWITCH_INTERFACE_TEMPLATE
Modified : No
Template Definition :
switchport mode trunk
mls qos trust cos
srr-queue bandwidth share 1 30 35 5
priority-queue out
!
Template Name : TP_INTERFACE_TEMPLATE
Modified : No
Template Definition :
spanning-tree portfast
spanning-tree bpduguard enable
switchport mode access
switchport port-security maximum 3
switchport port-security maximum 2 vlan access
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
switchport port-security
storm-control broadcast level pps 1k
storm-control multicast level pps 2k
storm-control action trap
ip dhcp snooping limit rate 15
load-interval 30
!
End
Device# show template interface binding all
Template-name Source Method Interface
============= ==== ========== ==========
IP_PHONE_INTERFACE_TEMPLATE Built-in Dynamic Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/21
Gi1/0/22, Gi1/0/23, Gi1/0/24
Gi1/1/1, Gi1/1/2, Gi1/1/3
IP_PHONE_INTERFACE_TEMPLATE Built-in Static Gi4/0/4
Device# show template interface binding target GigabitEthernet 1/0/4
Interface Method Source Template
========= ========== ===== =========
Gi1/0/4 Dynamic built-in IP_PHONE_INTERFACE_TEMPLATE
Static user TEST
Dynamic Modified-built-in TEST
Device# show template service all
User-defined template:
======================
Template Name : SVC-1
Template Definition:
vlan 100
access-group acl1
built-in template:
======================
Template Name : SVC-2
Template Definition:
vlan 100
access-group acl1
aaa downloaded template:
==========================
Template Name : SVC-2
Template Definition:
vlan 100
access-group acl1
Device# show template binding target GigabitEthernet 1/0/4
Interface Templates:
Interface method Source Template
========= ========== ===== =========
Gi1/0/4 Dynamic built-in IP_PHONE_INTERFACE_TEMPLATE
Static user TEST
Dynamic Modified-built-in TEST
Service Templates:
Template Source Session-Mac
======== ==== ================
SVC1 user aa-bb-cc-dd-ee-ff
SVC2 built-in ab-ab-ab-ab-ab-ab
SVC3 aaa ac-ac-ac-ac-ac-ac
Example: Configuring User Interface Templates
Example: Configuring User Templates
Device# enable
Device (config)# configure terminal
Device(config)# template user-template1
Device(config-template)# load-interval 60
Device(config-template)# description This is a user template
Device(config-template)# Keepalive 60
Device(config)# end
Example: Sourcing Interface Templates
Device> enable
Device# configure terminal
Device(config)# interface fastethernet 4/0/0
Device(config-if)# source template user-template1
Device(config-if)# end
Example: Dynamically Binding Interface Templates
Device> enable
Device# configure terminal
Device(config)# interface GigabitEthernet 4/0/1
Device(config-if)# service-policy type control subscriber POLICY_Gi1/0/12
Device(config-if)# end
Feature Information for Interface Templates
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
Release |
Feature Name |
Feature Information |
---|---|---|
Cisco IOS XE Everest 16.6.1 |
Interface Templates |
An interface template provides a mechanism to configure multiple commands at the same time and associate it with a target such as an interface. |