Cisco Macro

Macro使用总结

1.使用命令

2.远程更换管理地址

3.相同策略经常应用至多个端口

4.快速配置，减少重复繁琐操作

5.参数调用配置-释放port-security端口

6.执行多个ping或者其他类功能

7.配置注意事项

1.使用命令

• macro apply <macro-name>

• macro trace <macro-name>

• macro global apply <macro-name>

• macro global trace <macro-name>

2.远程更换管理地址

一般情况下，远程更改IP地址，将会造成session中断，后面的命令无法执行，导致管理网络突然失效，影响网络的可用性和运维效果。

而通过应用Macro命令后，可以实现如下效果：

即使远程访问被操作中断，macro命令还是会按照预期继续正常执行。

实例： 改变交换机VLAN 1的管理地址至100 Vlan.

config t
macro name Change-vlan
interface Vlan1
no ip address
shutdown
interface vlan100
ip address 172.29.159.6 255.255.255.252
no shutdown

@

macro global apply Change-vlan

2.相同策略的端口

cisco macro通过调用预配置好的公用“宏”，并根据需求应用相同策略至多个端口，避免重复敲入烦琐的命令或者误操作。在进行多个相同的接口配置的时候，宏的运用的确能大大提高工作效率。

实例: 配置访问端口一次性搞定，可以看成是平时使用的模板，不过宏命令可以保存在思科NVRAM中，配置的时候只需调用即可，相对来说比较方便。

1) 创建marco

Switch(config)# macro name desktop-config

//在配置模式下创建宏，本例创建的宏的名称是desktop-config,即针对桌面电脑进行配置。宏名可自定义。

# Put the switch in access mode //“#”进行注释

switchport mode access

# Allow port to move to forwarding state quickly

spanning-tree portfast

# BPDUs should not be sent into the network

spanning-tree bpduguard enable

# Restrict the port to one address — that of desktop

switchport port-security maximum 1

# Put all data traffic in vlan 1

switchport access vlan 10

@ //通过@符号结束宏

 

2) 应用宏

Switch(config)# interface gigabitethernet1/0/2

Switch(config-if)# macro apply desktop-config //采用macro apply应用宏。

3.快速配置-参数调用

通过调用参数来应用macro命令

macro name Port

switchport mode access

switchport access vlan $V

spanning-tree portfast

spanning-tree bpduguard enable

storm-control $T level $L

@

 

int fa0/10

macro trace Port $V 10 $T broadcast $L 20

会些编程的人都懂的，利用变量调用的概念，可以理解为，Fa0/10接口配置10 vlan和storm-control broadcast level 20，有点定制化的感觉。

4释放port-security端口

之前工作中经常碰到端口安全调整的需求，一直在想是否有更好的方法可以去实现。

总算找到好的解决方法，通过Macro命令可以很快地实现如下功能:

当端口出发port-security后被err-disable后，只需应用一条命令即可重置端口。

macro name psecrst
do clear port-security stick int $int
int $int
shut
no shut
end
sh int | include err-dis
@

对交换机的Fa0/2接口实施macro命令

macro global apply psecrst $int fa0/2

6.测试全网的可达性

交换机就使用使用宏命令来测试。宏命令是可以保存在交换机上的。

macro name TEST

do ping 192.168.255.1

do ping 192.168.255.2

do ping 192.168.255.3

do ping 192.168.255.4

do ping 192.168.255.5

@

把上面的宏命令复制到CLI 中后。我们就可以调用它了。

Switch(config)#macro global apply TEST 就可以让交换机自己调用刚才创建的宏来测试。

=============================

Rack17SW1(config)#macro global apply TEST

Type escape sequence to abort.

Sending 5, 100‐byte ICMP Echos to 192.168.255.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round‐trip min/avg/max = 1/4/9 ms

Type escape sequence to abort.

Sending 5, 100‐byte ICMP Echos to 192.168.255.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round‐trip min/avg/max = 51/57/59 ms

Type escape sequence to abort.

Sending 5, 100‐byte ICMP Echos to 192.168.255.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round‐trip min/avg/max = 25/30/34 ms

Type escape sequence to abort.

Sending 5, 100‐byte ICMP Echos to 192.168.255.4, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round‐trip min/avg/max = 84/89/101 ms

Type escape sequence to abort.

Sending 5, 100‐byte ICMP Echos to 192.168.255.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round‐trip min/avg/max = 83/87/93 ms

Rack17SW1(config)#

7.配置注意事项

1) Interface range macro macro1  不支持macro定义里嵌套range macro

实例说明:

define interface-range macro1 fa0/1 – 24
interface Vlan1
no ip address
shutdown
interface vlan 30
description UserNetwork
ip address 192.168.1.2 255.255.255.0
no shutdown
Interface range macro macro1    不支持macro定义里嵌套range macro
switchport mode access
switchport access vlan 30
@

只能先进入到range接口模式下再调用macro才能生效

macro name switchport
switchport mode access
switchport access vlan 30
switchport voice vlan 40
mls qos trust cos
spanning-tree portfast
@

int range f0/1-24
macro apply switchport

2)  应用macro命令后建议确认是否及时生效，当然也可以通过show parser macro命令查看预配置。

3) 参考资源

Now these macros are very open ended, and have a host of potential uses. For example if you needed to change themanagement address of switch in a remote location simply create a macro that will do it for you. This way even though you will lose connectivity to the switch the macro still runs because the commands are being issued by the switch not by you from your computer, thus the new IP address is applied allowing you to connect back in using the new IP address.

You can also use these to configure ports. Simply create a macro that will enable various features like portfast, port-security, rootguard, storm control,  etc then head into interface config or interface range config mode and apply the macro, its an even quicker way to apply the same configuration to multiple ports this can also assist you with enforcing a uniform configuration to these ports leaving out human error (in case you configure ports manually one by one or continually configure small groups of ports using the interface range command).

You can also set variables in your macros, variables are assigned using the $ followed by the variable name. So let’s just say you created a macro that will reset a port that has been disable due to a port security violation you can set the interface as variable within the macro, now when you apply the macro simply specify the value of the variable.