Home > Articles > On-Box Automation and Operations Tools

On-Box Automation and Operations Tools

Chapter Description

In this chapter from Programming and Automating Cisco Networks, authors Ryan Tischer and Jason Gooley cover the following on-box automation tools in greater detail; Auto SmartPorts, AutoConf, Auto Security, AutoQoS, Smart Call Home, Tcl Shell, and Embedded Event Manager (EEM)

AutoConf

Similar to AutoSmart Ports, AutoConf is used to automate various functions within a Cisco Catalyst switch. However, unlike AutoSmart Ports, AutoConf is a template-based solution that is more granular and user friendly. Although these features accomplish similar outcomes, the configurations are applied in a different manner. Interface templates are configured and applied to a specific port or range of ports much like AutoSmart Ports. Table 7-2 lists some of the available predefined interface templates within a Cisco Catalyst switch.

Table 7-2 AutoConf Interface Templates and Descriptions

Template Name

Template Description

AP_INTERFACE_TEMPLATE

Wireless access point interface template

DMP_INTERFACE_TEMPLATE

Digital media player interface template

IP_CAMERA_INTERFACE_TEMPLATE

IP camera interface template

IP_PHONE_INTERFACE_TEMPLATE

IP phone interface template

LAP_INTERFACE_TEMPLATE

Lightweight access point interface template

MSP_CAMERA_INTERFACE_TEMPLATE

Multiservices platform camera interface template

MSP_VC_INTERFACE_TEMPLATE

Multiservices platform VC interface template

PRINTER_INTERFACE_TEMPLATE

Printer interface template

ROUTER_INTERFACE_TEMPLATE

Router interface template

SWITCH_INTERFACE_TEMPLATE

Switch interface template

TP_INTERFACE_TEMPLATE

Telepresence interface template

Some of the key benefits of using templates are as follows:

  • Simpler configuration and management than AutoSmart Port macros.

  • All interface templates are customizable.

  • Templates take up less room in the configuration file than AutoSmart Port macros.

  • Template updates apply to all interfaces subscribing to the template.

  • Templates can be per session or per port.

The following output shows an example of the built-in IP Phone template by issuing the show template interface source built-in IP_PHONE_INTERFACE_TEMPLATE command.

Switch# show template interface source built-in IP_PHONE_INTERFACE_TEMPLATE

Template Name       : IP_PHONE_INTERFACE_TEMPLATE
Modified            : No
Template Definition :
 spanning-tree portfast
 spanning-tree bpduguard enable
 switchport mode access
 switchport block unicast
 switchport port-security maximum 3
 switchport port-security maximum 2 vlan access
 switchport port-security violation restrict
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 switchport port-security
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 mls qos trust cos
 service-policy input AUTOCONF-SRND4-CISCOPHONE-POLICY
 ip dhcp snooping limit rate 15
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out

Below is a list of some of the common key points to keep in mind about AutoConf Templates:

  • By default, all templates automatically use VLAN 1. This includes any access VLAN, voice VLAN, and native VLAN in regard to trunk ports.

  • Templates applied to interfaces are not shown in running configuration. In order to see the configuration applied to an interface, issue the show derived-config interface <interface> command.

  • EtherChannel interfaces do not support AutoConf interface templates.

  • Once AutoConf is enabled globally, it is applied to all interfaces by default. To disable AutoConf on a per-interface basis, issue the access-session inherit disable autoconf command.

  • The template configuration itself does not show up in the running configuration unless the template is modified. For example, the access VLAN is changed from the default value of VLAN 1.

  • All template configuration settings applied to an interface are removed once the device is disconnected from the switch port.

Enabling AutoConf on a Cisco Catalyst Switch

To enable AutoConf, the autoconf enable command must be issued from the global configuration mode. The following example illustrates the steps on how to enable AutoConf globally on a Cisco Catalyst Switch.

Switch> enable
Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# autoconf enable
Switch(config)# end
Switch#

AutoConf is now enabled globally on the Catalyst Switch. To verify AutoConf is working properly, a Cisco IP phone is connected into interface GigabitEthernet0/1 on the Catalyst switch. As displayed in the following output, once the phone is connected, AutoConf will apply the IP_PHONE_INTERFACE_TEMPLATE to the interface.

Switch# show template binding target gigabitEthernet0/1

Interface Templates
===================
Interface: Gi0/1

Method              Source            Template-Name
------                    ------                 -------------
dynamic             Built-in            IP_PHONE_INTERFACE_TEMPLATE


Service Templates
=================
Interface: Gi0/1

Session             Source            Template-Name
-------                 ------                -------------

Based on the previous output, the IP_PHONE_INTERFACE_TEMPLATE was successfully applied to the GigabitEthernet0/1 interface.

Notice that the applied template does not show up in the running configuration of the Catalyst switch. The following snippet shows the output of the show running-config interface gigabitEthernet0/1 command, illustrating that the interface template is hidden in the running configuration.

Switch# show running-config interface gigabitEthernet0/1
Building configuration...

Current configuration : 36 bytes
!
interface GigabitEthernet0/1
end

To see the details of what settings were applied to the GigabitEthernet0/1 interface when the Cisco IP phone was connected, issue the show derived-config interface gigabitEthernet0/1 command as shown in the following output.

Switch# show derived-config interface gigabitEthernet0/1
Building configuration...

Derived configuration : 669 bytes
!
interface GigabitEthernet0/1
 switchport mode access
 switchport block unicast
 switchport port-security maximum 3
 switchport port-security maximum 2 vlan access
 switchport port-security violation restrict
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 switchport port-security
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 mls qos trust cos
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AUTOCONF-SRND4-CISCOPHONE-POLICY
 ip dhcp snooping limit rate 15

Switch#

Modifying a Built-in Template

Commonly, built-in templates need to be modified to fit the desired configuration model of the environment. Modification of a built-in template allows for the flexibility of having a customized template, based on settings that align with the business needs. The following example lists the steps necessary to modify the built-in IP_PHONE_INTERFACE_TEMPLATE. These configuration steps will change the voice and data VLANs from the default of VLAN 1 to VLANs 11 and 13, respectively, and will add a custom description to the template.

Switch> enable
Switch# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)# template IP_PHONE_INTERFACE_TEMPLATE
Switch(config-template)# switchport access vlan 11
Switch(config-template)# switchport voice vlan 13
Switch(config-template)# description CUSTOM_IP_PHONE_INTERFACE_TEMPLATE
Switch(config-template)# end
Switch#

To display the configuration changes made to the template, issue the show template interface source built-in IP_PHONE_INTERFACE_TEMPLATE command as shown in the following output.

Switch# show template interface source built-in IP_PHONE_INTERFACE_TEMPLATE
Building configuration...

Template Name       : IP_PHONE_INTERFACE_TEMPLATE
Modified            : Yes
Template Definition :
 spanning-tree portfast
 spanning-tree bpduguard enable
 switchport access vlan 11
 switchport mode access
 switchport block unicast
 switchport voice vlan 13
 switchport port-security maximum 3
 switchport port-security maximum 2 vlan access
 switchport port-security violation restrict
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 switchport port-security
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 mls qos trust cos
 service-policy input AUTOCONF-SRND4-CISCOPHONE-POLICY
 ip dhcp snooping limit rate 15
 load-interval 30
 description CUSTOM_IP_PHONE_INTERFACE_TEMPLATE
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
!
end

Switch#

Once an AutoConf template has been modified, the template will now be visible in the running configuration of the Catalyst switch. The following snippet illustrates that the template is now present in the output of the show running-config command.

Switch# show running-config
Building configuration...
! Output omitted for brevity
!
autoconf enable
!
template IP_PHONE_INTERFACE_TEMPLATE
 spanning-tree portfast
 spanning-tree bpduguard enable
 switchport access vlan 11
 switchport mode access
 switchport block unicast
 switchport voice vlan 13
 switchport port-security maximum 3
 switchport port-security maximum 2 vlan access
 switchport port-security violation restrict
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 switchport port-security
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 mls qos trust cos
 service-policy input AUTOCONF-SRND4-CISCOPHONE-POLICY
 ip dhcp snooping limit rate 15
 load-interval 30
 description CUSTOM_IP_PHONE_INTERFACE_TEMPLATE
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
!
! Output omitted for brevity

Although the IP_PHONE_INTERFACE_TEMPLATE is modified and applied, the configuration is still hidden from the interface in the running-config. In order to see the customized configuration that is applied to the interface, the show derived-config interface gigabitEthernet0/1 command must be used again. The following output shows the modified template that is applied to the gigabitEthernet0/1 interface.

Switch# show derived-config interface gigabitEthernet0/1
Building configuration...

!
interface GigabitEthernet0/1
 description CUSTOM_IP_PHONE_INTERFACE_TEMPLATE
 switchport access vlan 11
 switchport mode access
 switchport block unicast
 switchport voice vlan 13
 switchport port-security maximum 3
 switchport port-security maximum 2 vlan access
 switchport port-security violation restrict
 switchport port-security aging time 2
 switchport port-security aging type inactivity
 switchport port-security
 load-interval 30
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 mls qos trust cos
 storm-control broadcast level pps 1k
 storm-control multicast level pps 2k
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input AUTOCONF-SRND4-CISCOPHONE-POLICY
 ip dhcp snooping limit rate 15
end

Switch#

AutoConf is a feature that not only eases the burden of device management and configuration, it also allows for a zero-touch deployment model of commonly connected devices. AutoConf is often used in campus LANs as well as remote branch office deployments. Most organizations enforce a standard when it comes to the type of devices in their environment. Even though make, model, and form factors may differ, AutoConf can assist in reducing the manual configuration tasks needed to deploy different device types such as computers, printers, IP phones, IP cameras, and so forth. If a device supports both AutoConf and AutoSmart ports, it is recommended to use AutoConf first, then AutoSmart ports. However, using both features together could cause undesired results.

4. Auto Security | Next Section Previous Section

There are currently no related articles. Please check back later.