Cisco Macro

Macro使用總結

1.使用指令

2.遠端更換管理位址

3.相同政策經常應用至多個端口

4.快速配置，減少重複繁瑣操作

5.參數調用配置-釋放port-security端口

6.執行多個ping或者其他類功能

7.配置注意事項

1.使用指令

• macro apply <macro-name>

• macro trace <macro-name>

• macro global apply <macro-name>

• macro global trace <macro-name>

2.遠端更換管理位址

一般情況下，遠端更改IP位址，将會造成session中斷，後面的指令無法執行，導緻管理網絡突然失效，影響網絡的可用性和運維效果。

而通過應用Macro指令後，可以實作如下效果：

即使遠端通路被操作中斷，macro指令還是會按照預期繼續正常執行。

執行個體： 改變交換機VLAN 1的管理位址至100 Vlan.

config t

macro name Change-vlan

interface Vlan1

no ip address

shutdown

interface vlan100

ip address 172.29.159.6 255.255.255.252

no shutdown

@

macro global apply Change-vlan

2.相同政策的端口

cisco macro通過調用預配置好的公用“宏”，并根據需求應用相同政策至多個端口，避免重複敲入煩瑣的指令或者誤操作。在進行多個相同的接口配置的時候，宏的運用的确能大大提高工作效率。

執行個體: 配置通路端口一次性搞定，可以看成是平時使用的模闆，不過宏指令可以儲存在思科NVRAM中，配置的時候隻需調用即可，相對來說比較友善。

1) 建立marco

Switch(config)# macro name desktop-config

//在配置模式下建立宏，本例建立的宏的名稱是desktop-config,即針對桌面電腦進行配置。宏名可自定義。

# Put the switch in access mode //“#”進行注釋

switchport mode access

# Allow port to move to forwarding state quickly

spanning-tree portfast

# BPDUs should not be sent into the network

spanning-tree bpduguard enable

# Restrict the port to one address — that of desktop

switchport port-security maximum 1

# Put all data traffic in vlan 1

switchport access vlan 10

@ //通過@符号結束宏

2) 應用宏

Switch(config)# interface gigabitethernet1/0/2

Switch(config-if)# macro apply desktop-config //采用macro apply應用宏。

3.快速配置-參數調用

通過調用參數來應用macro指令

macro name Port

switchport mode access

switchport access vlan $V

spanning-tree portfast

spanning-tree bpduguard enable

storm-control $T level $L

@

int fa0/10

macro trace Port $V 10 $T broadcast $L 20

會些程式設計的人都懂的，利用變量調用的概念，可以了解為，Fa0/10接口配置10 vlan和storm-control broadcast level 20，有點定制化的感覺。

4釋放port-security端口

之前工作中經常碰到端口安全調整的需求，一直在想是否有更好的方法可以去實作。

總算找到好的解決方法，通過Macro指令可以很快地實作如下功能:

當端口出發port-security後被err-disable後，隻需應用一條指令即可重置端口。

macro name psecrst

do clear port-security stick int $int

int $int

shut

no shut

end

sh int | include err-dis

@

對交換機的Fa0/2接口實施macro指令

macro global apply psecrst $int fa0/2

6.測試全網的可達性

交換機就使用使用宏指令來測試。宏指令是可以儲存在交換機上的。

macro name TEST

do ping 192.168.255.1

do ping 192.168.255.2

do ping 192.168.255.3

do ping 192.168.255.4

do ping 192.168.255.5

@

把上面的宏指令複制到CLI 中後。我們就可以調用它了。

Switch(config)#macro global apply TEST 就可以讓交換機自己調用剛才建立的宏來測試。

=============================

Rack17SW1(config)#macro global apply TEST

Type escape sequence to abort.

Sending 5, 100‐byte ICMP Echos to 192.168.255.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round‐trip min/avg/max = 1/4/9 ms

Type escape sequence to abort.

Sending 5, 100‐byte ICMP Echos to 192.168.255.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round‐trip min/avg/max = 51/57/59 ms

Type escape sequence to abort.

Sending 5, 100‐byte ICMP Echos to 192.168.255.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round‐trip min/avg/max = 25/30/34 ms

Type escape sequence to abort.

Sending 5, 100‐byte ICMP Echos to 192.168.255.4, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round‐trip min/avg/max = 84/89/101 ms

Type escape sequence to abort.

Sending 5, 100‐byte ICMP Echos to 192.168.255.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round‐trip min/avg/max = 83/87/93 ms

Rack17SW1(config)#

7.配置注意事項

1) Interface range macro macro1  不支援macro定義裡嵌套range macro

執行個體說明:

define interface-range macro1 fa0/1 – 24

interface Vlan1

no ip address

shutdown

interface vlan 30

description UserNetwork

ip address 192.168.1.2 255.255.255.0

no shutdown

Interface range macro macro1    不支援macro定義裡嵌套range macro

switchport mode access

switchport access vlan 30

@

隻能先進入到range接口模式下再調用macro才能生效

macro name switchport

switchport mode access

switchport access vlan 30

switchport voice vlan 40

mls qos trust cos

spanning-tree portfast

@

int range f0/1-24

macro apply switchport

2)  應用macro指令後建議确認是否及時生效，當然也可以通過show parser macro指令檢視預配置。

3) 參考資源

Now these macros are very open ended, and have a host of potential uses. For example if you needed to change themanagement address of switch in a remote location simply create a macro that will do it for you. This way even though you will lose connectivity to the switch the macro still runs because the commands are being issued by the switch not by you from your computer, thus the new IP address is applied allowing you to connect back in using the new IP address.

You can also use these to configure ports. Simply create a macro that will enable various features like portfast, port-security, rootguard, storm control,  etc then head into interface config or interface range config mode and apply the macro, its an even quicker way to apply the same configuration to multiple ports this can also assist you with enforcing a uniform configuration to these ports leaving out human error (in case you configure ports manually one by one or continually configure small groups of ports using the interface range command).

You can also set variables in your macros, variables are assigned using the $ followed by the variable name. So let’s just say you created a macro that will reset a port that has been disable due to a port security violation you can set the interface as variable within the macro, now when you apply the macro simply specify the value of the variable.