SmartOperations - Interface Templates - AutoConf - Next ... · 3750X(config)# interface Gig 1/0/11...

Cisco Confidential 1 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

SmartOperations - Interface Templates - AutoConf - Next Gen Plug n Play


Platform Cisco IBNS (Classic) IBNS 2.0 (New-Style) Per MAC VLANs AutoConf & Interface

Templates

Catalyst 2960-S, 2960-SF, 2960-C,

2960-Plus and 3560-C 12.2SE 15.2(1)E No 15.2(2)E

Catalyst 3560-X and 3750-X 12.2SE 15.2(1)E No 15.2(2)E

Catalyst 3650 and 3850 3.3.0SE 3.3.0SE 3.3.0SE 3.4.0E

Catalyst 4948E, 4948E-F,

4500/4500E Sup6E/Sup6-LE 12.2SG 15.2(1)E No 15.2(2)E

Catalyst 4500X, 4500E

Sup7E/Sup7-LE 12.2SG 3.3.0SE No 3.4.0SE

Catalyst 6500/E Sup720/Sup2T,

Catalyst 4500E Sup8E 12.2.SX 15.2.1SY /XE 3.6.0 15.2.1SY /XE 3.6.0


Interface Templates


Auto Conf and Interface Template

Port based only Usability/Bloated config Inflexible

• Simplified running-config

• Parsed at definition time

• Built-in templates

Lower TCO

• Config rollback

• Precedence management

• Integrated with session aware networking

Easy to use &

Intuitive

Next Gen Auto Smart Port

Current Challenges


P1

P4

P2

Auto conf – Use case

Access

Switch

switchport trunk encapsulation dot1q

switchport trunk allowed vlan ALL

switchport mode trunk

switchport nonegotiate

auto qos voip trust

mls qos trust cos

srr-queue bandwidth limit $LIMIT

S1, S2, S3

S4

auto qos voip trust

switchport trunk encapsulation

dot1q

switchport trunk allowed vlan ALL

switchport mode trunk

vlan 100

access-group

corp

inactivity 300

vlan 200

access-group corp

service-policy corp

interface-template service-template

interface-template

service-template

Phone

Compact switch

Access

point

Interface Templates • Activated on INTERFACES

• Auto-conf one network device per port

e.g. Switch or AP

• Impacts all the traffic exchanged via that

interface

• Stays ON as long as activated

Service Templates • Activated on NETWORK SESSIONS

• No impact on other session’s sharing

that port

• Stays ON as long as the session exists

Platforms supported:4K/3K/2K/Compact


Consistent Configuration across Interfaces

Smaller Switch Configuration files

Built-in Interface Templates for ease of use

All Interface Templates are customizable.

Templates updates immediately ripple to interfaces

Per session or per port templates

No change to running-config

Full rollback and precedence management

Compatible with Session Networking/AutoConf

Interface Templates Benefits Overview


3750X(config)# template <template_name>

3750X(config-template)#?

Template configuration commands:

aaa Authentication, Authorization and Accounting.

access-session Access Session specific Interface Configuration cmds

authentication Auth Manager Interface Configuration Commands

carrier-delay Specify delay for interface transitions

dampening Enable event dampening

default Set a command to its defaults

description Interface specific description

dot1x Interface Config Commands for IEEE 802.1X

exit Exit from template configuration mode

hold-queue Set hold queue depth

ip IP template config

keepalive Enable keepalive

load-interval Specify interval for load calculation for an interface

mab MAC Authentication Bypass Interface Config Commands

mls mls interface commands

no Negate a command or set its defaults

peer Peer parameters for point to point interfaces

priority-queue Priority Queue

queue-set Choose a queue set for this queue

radius-server Modify RADIUS query parameters

service-policy Configure CPL Service Policy

source Get config from another source

spanning-tree Spanning Tree Subsystem

srr-queue Configure shaped round-robin transmit queues

storm-control storm configuration

subscriber Subscriber inactivity timeout value.

switchport Set switching mode characteristics

Interface Templates: interface commands

• Interface level commands available

for templates in Amur release

• Only these commands can be used

in Interface Templates

• Other interface level commands

configured “the usual” way


3750X(config-if)#source template DMP_INTERFACE_TEMPLATE

3750X(config-if)# end

3750X# show derived-config interface Gig 1/0/10

Derived configuration : 249 bytes

!

interface GigabitEthernet1/0/10

switchport mode access

switchport block unicast

switchport port-security

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust dscp

spanning-tree portfast

spanning-tree bpduguard enable

end

3750X# show run interface Gig 1/0/10

Building configuration...

Current configuration : 79 bytes

!


source template DMP_INTERFACE_TEMPLATE

end

Interface Templates: Static Apply an Interface Template with “source”

• Statically apply Interface template with

“source <templatename>” on interface

• Full interface configuration use “show

derived-config interface <intf>”

• Template name appears in “show running

interface <intf>”

• By default, access vlan is 1.

• Modify built-in to change

Easy to Use


Interface Templates: Built-in Templates

11 Built-in Templates based on common end devices

3750X# show template interface brief

Template-Name Source Bound-to-Interface

------------- ------ ------------------

AP_INTERFACE_TEMPLATE Built-in No

DMP_INTERFACE_TEMPLATE Built-in No

IP_CAMERA_INTERFACE_TEMPLATE Built-in No

IP_PHONE_INTERFACE_TEMPLATE Built-in No

LAP_INTERFACE_TEMPLATE Built-in No

MSP_CAMERA_INTERFACE_TEMPLATE Built-in No

MSP_VC_INTERFACE_TEMPLATE Built-in No

PRINTER_INTERFACE_TEMPLATE Built-in No

ROUTER_INTERFACE_TEMPLATE Built-in No

SWITCH_INTERFACE_TEMPLATE Built-in No

TP_INTERFACE_TEMPLATE Built-in No

Good Defaults


Interface Templates: create your own template

3750X# configure term

3750X(config)# template APPLE_TV_INTF_TEMPLATE

3750X(config-template)# switchport acces vlan 33

3750X(config-template)# spanning-tree portfast

3750X(config-template)# switchport mode access

3750X(config-template)# mls qos trust dscp

3750X(config-template)# description Apple TV

3750X(config-template)# exit

3750X#

3750X# show template brief

Interface Templates

===================

Template-Name Source Bound-to-Interface

------------- ------ ------------------

APPLE_TV_INTF_TEMPLATE User No

AP_INTERFACE_TEMPLATE Built-in No

DMP_INTERFACE_TEMPLATE Modified-Built-in Yes

IP_CAMERA_INTERFACE_TEMPLATE Built-in No

• Easy to create your own

template and apply.

• Non builtin called “user”

• Apply “user” is same as

builtin

New template

Easy to build


Interface Templates: User created template

User created templates

work same as builtin

templates

3750X(config)# interface Gig 1/0/11

3750X(config-if)#source template APPLE_TV_INTF_TEMPLATE

3750X(config-if)# end

3750X# show run int gi1/0/11


!


source template APPLE_TV_INTF_TEMPLATE

end

3750X# show derived interface Gig 1/0/11

Building configuration...


!


description Apple TV

switchport access vlan 33


mls qos trust dscp


end


DEMO


AutoConf


Automates Interface Templates

Combines User Sessions and Interface sessions into one architecture

AutoConf is Flexible (see Gumby)

No impact to running configuration

Easy to Enable

AutoConf Benefits Overview


AutoConf – Interface Templates relationship

AutoConf

Templates

Templates are the

foundation for AutoConf

Templates can work

without AutoConf

AutoConf requires

Templates


To Enable Autoconf Globally “Autoconf enable”

Builtin parameter map auto generated BUILTIN_DEVICE_TO_TEMPLATE

Not shown in running configuration unless modified

Based on Templates (Interface and Service)

Maps Device-Type to Interface Template automatically

By default uses builtin Interface Templates (see previous section)

Builtin Policy Map & builtin Parameter Map

AutoConf: the Basics


BUILTIN_AUTOCONF_POLICY - AutoConf policy

that identifies parameter map

AutoConf: default Hierarchy

AutoConf Policy

Parameter Map

Container relationship

Mapping Device type A to

interface template X

Mapping Device type B to

interface template Y

Mapping Device type C to

interface template Z

3750X# show parameter-map type subscriber attribute-to-service all

Parameter-map name: BUILTIN_DEVICE_TO_TEMPLATE

Map: 10 map device-type regex "Cisco-IP-Phone"

Action(s):

20 interface-template IP_PHONE_INTERFACE_TEMPLATE

Map: 20 map device-type regex "Cisco-IP-Camera"

Action(s):

20 interface-template IP_CAMERA_INTERFACE_TEMPLATE

Map: 30 map device-type regex "Cisco-DMP"

Action(s):

20 interface-template DMP_INTERFACE_TEMPLATE

All builtin by default

3750X# show policy-map type control subscriber BUILTIN_AUTOCONF_POLICY

BUILTIN_AUTOCONF_POLICY

event identity-update match-all

10 class always do-until-failure

10 map attribute-to-service table BUILTIN_DEVICE_TO_TEMPLATE


Parameter Map: Brains behind autoconf

Parameter Map role

Maps device-type to interface template

BUILTIN_DEVICE_TO_TEMPLATE

Automatically created when autoconf enabled

Not shown in running-config unless modified

Easy to modify

Ways to map device to template

device-type specify device-type

mac-address specify mac-address

oui specify oui

user-role specify user-role

username specify username

AutoConf: default parameter map

3750X# show parameter-map type subscriber attribute-to-service all

Parameter-map name: BUILTIN_DEVICE_TO_TEMPLATE

Map: 10 map device-type regex "Cisco-IP-Phone"

Action(s):

20 interface-template IP_PHONE_INTERFACE_TEMPLATE

Map: 20 map device-type regex "Cisco-IP-Camera"

Action(s):

20 interface-template IP_CAMERA_INTERFACE_TEMPLATE

Map: 30 map device-type regex "Cisco-DMP"

Action(s):


Map: 40 map oui eq 00.0f.44

Action(s):


Map: 50 map oui eq 00.23.ac

Action(s):


Map: 60 map device-type regex "Cisco-AIR-AP"

Action(s):

20 interface-template AP_INTERFACE_TEMPLATE

Map: 70 map device-type regex "Cisco-AIR-LAP"

Action(s):

20 interface-template LAP_INTERFACE_TEMPLATE

Map: 80 map device-type regex "Cisco-TelePresence"

Action(s):

20 interface-template TP_INTERFACE_TEMPLATE

Map: 90 map device-type regex "Surveillance-Camera"

Action(s):

10 interface-template MSP_CAMERA_INTERFACE_TEMPLATE

Map: 100 map device-type regex "Video-Conference"

Action(s):

10 interface-template MSP_VC_INTERFACE_TEMPLATE


After IP Phone connected to Interface Gi1/0/2

No change to running configuration

Show run int <intf>

AutoConf In Action: Dynamic Binding to Interface (1) 3750X# show run interface gi1/0/2


!


End

Gig1/0/2

Nothing

shown


After IP Phone connected to Interface Gi1/0/2

No change to running configuration

Show run int <intf>

Full Configuration displayed with derived command show derived int <intf>

AutoConf In Action: Dynamic Binding to Interface (2) 3750X# show run interface gi1/0/2


!


end

3750X# show derived int gi1/0/2


!



switchport block unicast

switchport port-security maximum 3

switchport port-security maximum 2 vlan access

switchport port-security aging time 1

switchport port-security aging type inactivity

switchport port-security violation restrict

switchport port-security

load-interval 30

srr-queue bandwidth share 1 30 35 5

priority-queue out

mls qos trust cos

storm-control broadcast level pps 1k

storm-control multicast level pps 2k

storm-control action trap


spanning-tree bpduguard enable

ip dhcp snooping limit rate 15

end

Gig1/0/2

Nothing

shown


What template is bound to interface? Show template interface

binding

show template binding

AutoConf In Action: Dynamic Binding to Interface (3) 3750X# show template interface binding all

Template-Name Source Method Interface

------------- ------ ------ ---------

IP_PHONE_INTERFACE_TEMPLATE Built-in dynamic Gi1/0/2

3750X# show template binding target gi1/0/2

Interface Templates

===================

Interface: Gi1/0/2

Method Source Template-Name

------ ------ -------------

dynamic Built-in IP_PHONE_INTERFACE_TEMPLATE

Service Templates

=================

Interface: Gi1/0/2

Session Source Template-Name

------- ------ -------------

Gig1/0/2


DEMO

© 2012 Cisco and/or its affiliates. All rights reserved. 23

Assurance

End-to-End

Application

Experience &

Visibility

Plug & Play

Simplified

Deployment of

New Cisco

Devices

Lifecycle

Converged

Management

with Integrated

Best Practices

Convergence Consolidation Cisco Advantage


Distribution of Templates in switch enviroment via Prime


Simplicity

Plug-N-Play– Simplified Day 0/ Day 1 Provisioning

Pre Provision Projects/Sites • Policies • Match Rules • Configs/Image • IP Addressing

Network Admin

1

Campus-

Bldg-2

Smart Install Proxy

PnP Agent

Smart Install-Client

PnP Agent

PnP Agent

PnP Agent

PnP Server

Installer

Remote Installer • Mount and cable devices • Power-on

2

APIC EM

3

• Network Admin remotely monitors status of install while in progress.

• Booting devices call out to PnP Server, requesting instructions


NG Plug & Play – Comprehensive for Branch and Campus

Day 0/1 Provisioning

Tasks

Auto Install Smart Install

CNS/CE

Prime 2.0 PnP

Gateway

Support unskilled

installers (NO CLI) ✓ ✓ Partial ✓ Secure deployment

X X Partial X Support any Place-in-

Network

(Campus/Branch) Partial Partial ✓ Partial

GUI for admin & installer

workflows X X Partial Partial

Consistent for all ENG

devices Partial X Partial Partial

RMA Use Case X Partial X X

Complete automation for

branch deployments X X X X

NG PnP

Solution

✓

✓

✓

✓

✓

✓

✓

Thank you.

SmartOperations - Interface Templates - AutoConf - Next ... · 3750X(config)# interface Gig 1/0/11...

Documents

Transcript of SmartOperations - Interface Templates - AutoConf - Next ... · 3750X(config)# interface Gig 1/0/11...