Macros Make Your Life Easier
Macros are sequences of commands stored on the device (router/switch/whatever) that automate common tasks. The most common application of a macro is setting interface configurations in complex environments. For example, imagine if you ran a single 6500 chassis with a few hundred interfaces, and your client was always changing the interface designation from these profiles: end user desktop, server, and IP phone.
Sure you could do this manually. You could even have these various configurations as templates in a text file that you just paste in whenever you need it. This totally works, and is pretty much how everybody does it.
There is another way, and it is called Macros. A macro is just a series of configuration commands that are remembered by your device, and that you can apply when you need them.
The Macro Template
macro name unused
macro description unused
shutdown
description *** UNUSED Port ***
no ip address
# Set secure defaults for access mode
switchport mode access
switchport access vlan 999
switchport nonegotiate
# Set secure defaults for misc. flags and protocols
no auto qos voip trust
no cdp enable
power inline never
# Default Spanning-tree to secure host settings
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
spanning-tree guard root
@This is an macro to represent the default configuration of an interface. The objective here is to be able to use the UNUSED macro whenever an interface is to change its profile.
macro name server
macro description server interface
# Apply macro 'unused' first
description Server
switchport access vlan 200
no spanning-tree portfast
no spanning-tree bpdufilter enable
no spanning-tree bpduguard enable
@This SERVER macro puts the server in the right VLAN, and also enables some STP functions that would otherwise have been disabled. I always run STP facing servers — just in case somebody accidentally creates a switching loop within the server architecture.
macro name desktopipphone
macro description Desktop + IP Phone interface
# Apply macro 'unused' first
description Desktop + IP Phone
switchport access vlan 300
switchport voice vlan 400
cdp enable
auto qos voip cisco-phone
power inline auto
@This macro handles an interface that faces an IP phone with a desktop attached. In this case we need to assign the voice and access VLANs, enable PoE, enable Auto QoS and enable CDP. CDP allows Cisco phones to automatically trunk the VLANs, negotiate the required power levels, and tells the switch to prioritize voice traffic with Auto QoS.
macro name desktop
macro description Desktop interface
# Apply macro 'unused' first
description Desktop
switchport access vlan 300
@Lastly the DESKTOP macro assigns the access VLAN, and leaves all other configuration at default.
Using Macros
So now that you’ve done all this work, how does it make your life easier? Like this:
interface range fa 1/0/1 — 48
macro apply unused
interface range fa 1/0/1 — 10
macro apply server
interface range fa 1/0/11 — 20
macro apply desktopipphone
interface range fa 1/0/21 — 48
macro apply desktopAnd that’s it! You’ve just configured 48 interfaces with the right templated configurations. Maybe you need to make sure that interfaces 8 — 16 are configured as desktop ports?
interface range fa 1/0/8- 16
macro apply unused
macro apply desktopThe nice thing about this is that your templates are stored on the device, and not on your laptop/desktop so you can make these changes from anywhere.
Other Uses for Macros
Macros also work in global configuration mode, so you can use them to prevent accidental slip-ups. I made an earlier posting about blackholing IP addresses with BGP; one of the caveats is that it is possible for my client to accidentally blackhole his entire network. Naturally this would be the worst possible scenario, even worse than a DDoS.
To accommodate this, I created a macro that takes a single IP address as an input and then writes the appropriate command to blackhole just one IP.
macro name blackhole
ip route $IP 255.255.255.255 Null0 tag 999
@In this case, $IP is a variable that is accepted by the following command:
conf t
macro apply blackhole $IP 192.168.2.100
endThis takes a single IP and correctly applies the route so that there is no chance of a tired, over caffeinated, stressed out finger accidentally setting the wrong mask and blackholing more IPs than are necessary.
[...] And here is a link to the original article that you were looking for! http://wozney.ca/2009/07/09/misadventures-with-spanning-tree/ [...]
Very interesting article Paul. Just one of the many under utilized features of Cisco IOS. I can see this easily cutting down configuration changes/management for any customer.
The scripting nature of this article compels me to write a article about the uses of Cisco IOS EMM; another great feature that is, for the most part, unused.