SmartOperations - Interface Templates - AutoConf - Next Gen Plug n Play © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Platform Cisco IBNS (Classic) IBNS 2.0 (New-Style) Per MAC VLANs AutoConf & Interface Templates Catalyst 2960-S, 2960-SF, 2960-C, 12.2SE 2960-Plus and 3560-C 15.2(1)E No 15.2(2)E Catalyst 3560-X and 3750-X 12.2SE 15.2(1)E No 15.2(2)E Catalyst 3650 and 3850 3.3.0SE 3.3.0SE 3.3.0SE 3.4.0E Catalyst 4948E, 4948E-F, 4500/4500E Sup6E/Sup6-LE 12.2SG 15.2(1)E No 15.2(2)E Catalyst 4500X, 4500E Sup7E/Sup7-LE 12.2SG 3.3.0SE No 3.4.0SE Catalyst 6500/E Sup720/Sup2T, Catalyst 4500E Sup8E 12.2.SX 15.2.1SY /XE 3.6.0 © 2013-2014 Cisco and/or its affiliates. All rights reserved. 15.2.1SY /XE 3.6.0 Cisco Confidential 2 Interface Templates © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Auto Conf and Interface Template Current Challenges Port based only Usability/Bloated config Inflexible Next Gen Auto Smart Port • Simplified running-config • Parsed at definition time • Built-in templates Lower TCO © 2013-2014 Cisco and/or its affiliates. All rights reserved. • Config rollback • Precedence management • Integrated with session aware networking Easy to use & Intuitive Cisco Confidential 4 Auto conf – Use case Platforms supported:4K/3K/2K/Compact interface-template service-template switchport trunk encapsulation dot1q switchport trunk allowed vlan ALL switchport mode trunk switchport nonegotiate auto qos voip trust mls qos trust cos srr-queue bandwidth limit $LIMIT vlan 100 access-group corp inactivity 300 Interface Templates • • Activated on INTERFACES Auto-conf one network device per port e.g. Switch or AP Impacts all the traffic exchanged via that interface Stays ON as long as activated • Access point S1, S2, S3 P1 Phone P4 S4 Access Switch P2 Compact switch auto qos voip trust switchport trunk encapsulation dot1q switchport trunk allowed vlan ALL switchport mode trunk • Service Templates vlan 200 access-group corp service-policy corp service-template • • • Activated on NETWORK SESSIONS No impact on other session’s sharing that port Stays ON as long as the session exists interface-template © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Interface Templates Benefits Overview Consistent Configuration across Interfaces Smaller Switch Configuration files Built-in Interface Templates for ease of use All Interface Templates are customizable. Templates updates immediately ripple to interfaces Per session or per port templates No change to running-config Full rollback and precedence management Compatible with Session Networking/AutoConf © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Interface Templates: interface commands • Interface level commands available for templates in Amur release • Only these commands can be used in Interface Templates • Other interface level commands configured “the usual” way © 2013-2014 Cisco and/or its affiliates. All rights reserved. 3750X(config)# template <template_name> 3750X(config-template)#? Template configuration commands: aaa Authentication, Authorization and Accounting. access-session Access Session specific Interface Configuration cmds authentication Auth Manager Interface Configuration Commands carrier-delay Specify delay for interface transitions dampening Enable event dampening default Set a command to its defaults description Interface specific description dot1x Interface Config Commands for IEEE 802.1X exit Exit from template configuration mode hold-queue Set hold queue depth ip IP template config keepalive Enable keepalive load-interval Specify interval for load calculation for an interface mab MAC Authentication Bypass Interface Config Commands mls mls interface commands no Negate a command or set its defaults peer Peer parameters for point to point interfaces priority-queue Priority Queue queue-set Choose a queue set for this queue radius-server Modify RADIUS query parameters service-policy Configure CPL Service Policy source Get config from another source spanning-tree Spanning Tree Subsystem srr-queue Configure shaped round-robin transmit queues storm-control storm configuration subscriber Subscriber inactivity timeout value. switchport Set switching mode characteristics Cisco Confidential 7 Interface Templates: Static Apply an Interface Template with “source” 3750X(config-if)#source template DMP_INTERFACE_TEMPLATE 3750X(config-if)# end Easy to Use • Statically apply Interface template with “source <templatename>” on interface • Full interface configuration use “show derived-config interface <intf>” • Template name appears in “show running interface <intf>” • By default, access vlan is 1. • Modify built-in to change © 2013-2014 Cisco and/or its affiliates. All rights reserved. 3750X# show derived-config interface Gig 1/0/10 Derived configuration : 249 bytes ! interface GigabitEthernet1/0/10 switchport mode access switchport block unicast switchport port-security srr-queue bandwidth share 1 30 35 5 priority-queue out mls qos trust dscp spanning-tree portfast spanning-tree bpduguard enable end 3750X# show run interface Gig 1/0/10 Building configuration... Current configuration : 79 bytes ! interface GigabitEthernet1/0/10 source template DMP_INTERFACE_TEMPLATE end Cisco Confidential 8 Interface Templates: Built-in Templates Good Defaults 11 Built-in Templates based on common end devices 3750X# show template interface brief Template-Name ------------AP_INTERFACE_TEMPLATE DMP_INTERFACE_TEMPLATE IP_CAMERA_INTERFACE_TEMPLATE IP_PHONE_INTERFACE_TEMPLATE LAP_INTERFACE_TEMPLATE MSP_CAMERA_INTERFACE_TEMPLATE MSP_VC_INTERFACE_TEMPLATE PRINTER_INTERFACE_TEMPLATE ROUTER_INTERFACE_TEMPLATE SWITCH_INTERFACE_TEMPLATE TP_INTERFACE_TEMPLATE © 2013-2014 Cisco and/or its affiliates. All rights reserved. Source -----Built-in Built-in Built-in Built-in Built-in Built-in Built-in Built-in Built-in Built-in Built-in Bound-to-Interface -----------------No No No No No No No No No No No Cisco Confidential 9 Interface Templates: create your own template Easy to build • • • Easy to create your own template and apply. Non builtin called “user” Apply “user” is same as builtin New template © 2013-2014 Cisco and/or its affiliates. All rights reserved. 3750X# configure term 3750X(config)# template APPLE_TV_INTF_TEMPLATE 3750X(config-template)# switchport acces vlan 33 3750X(config-template)# spanning-tree portfast 3750X(config-template)# switchport mode access 3750X(config-template)# mls qos trust dscp 3750X(config-template)# description Apple TV 3750X(config-template)# exit 3750X# 3750X# show template brief Interface Templates =================== Template-Name ------------APPLE_TV_INTF_TEMPLATE AP_INTERFACE_TEMPLATE DMP_INTERFACE_TEMPLATE IP_CAMERA_INTERFACE_TEMPLATE Source -----User Built-in Modified-Built-in Built-in Bound-to-Interface -----------------No No Yes No Cisco Confidential 10 Interface Templates: User created template User created templates work same as builtin templates 3750X(config)# interface Gig 1/0/11 3750X(config-if)#source template APPLE_TV_INTF_TEMPLATE 3750X(config-if)# end 3750X# show run int gi1/0/11 Current configuration : 79 bytes ! interface GigabitEthernet1/0/11 source template APPLE_TV_INTF_TEMPLATE end 3750X# show derived interface Gig 1/0/11 Building configuration... Derived configuration : 156 bytes ! interface GigabitEthernet1/0/11 description Apple TV switchport access vlan 33 switchport mode access mls qos trust dscp spanning-tree portfast end © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 DEMO © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 AutoConf © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 AutoConf Benefits Overview Automates Interface Templates Combines User Sessions and Interface sessions into one architecture AutoConf is Flexible (see Gumby) No impact to running configuration Easy to Enable © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 AutoConf – Interface Templates relationship AutoConf Templates can work without AutoConf Templates AutoConf requires Templates Templates are the foundation for AutoConf © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 AutoConf: the Basics To Enable Autoconf Globally “Autoconf enable” Builtin parameter map auto generated BUILTIN_DEVICE_TO_TEMPLATE Not shown in running configuration unless modified Based on Templates (Interface and Service) Maps Device-Type to Interface Template automatically By default uses builtin Interface Templates (see previous section) Builtin Policy Map & builtin Parameter Map © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 AutoConf: default Hierarchy BUILTIN_AUTOCONF_POLICY - AutoConf policy that identifies parameter map All builtin by default Container relationship 3750X# show policy-map type control subscriber BUILTIN_AUTOCONF_POLICY BUILTIN_AUTOCONF_POLICY event identity-update match-all 10 class always do-until-failure 10 map attribute-to-service table BUILTIN_DEVICE_TO_TEMPLATE 3750X# show parameter-map type subscriber attribute-to-service all Parameter-map name: BUILTIN_DEVICE_TO_TEMPLATE Map: 10 map device-type regex "Cisco-IP-Phone" Action(s): 20 interface-template IP_PHONE_INTERFACE_TEMPLATE Map: 20 map device-type regex "Cisco-IP-Camera" Action(s): 20 interface-template IP_CAMERA_INTERFACE_TEMPLATE Map: 30 map device-type regex "Cisco-DMP" Action(s): 20 interface-template DMP_INTERFACE_TEMPLATE © 2013-2014 Cisco and/or its affiliates. All rights reserved. AutoConf Policy Parameter Map Mapping Device type A to interface template X Mapping Device type B to interface template Y Mapping Device type C to interface template Z Cisco Confidential 17 AutoConf: default parameter map Parameter Map: Brains behind autoconf Parameter Map role Maps device-type to interface template BUILTIN_DEVICE_TO_TEMPLATE Automatically created when autoconf enabled Not shown in running-config unless modified Easy to modify Ways to map device to template device-type specify device-type mac-address specify mac-address oui specify oui user-role specify user-role username specify username © 2013-2014 Cisco and/or its affiliates. All rights reserved. 3750X# show parameter-map type subscriber attribute-to-service all Parameter-map name: BUILTIN_DEVICE_TO_TEMPLATE Map: 10 map device-type regex "Cisco-IP-Phone" Action(s): 20 interface-template IP_PHONE_INTERFACE_TEMPLATE Map: 20 map device-type regex "Cisco-IP-Camera" Action(s): 20 interface-template IP_CAMERA_INTERFACE_TEMPLATE Map: 30 map device-type regex "Cisco-DMP" Action(s): 20 interface-template DMP_INTERFACE_TEMPLATE Map: 40 map oui eq 00.0f.44 Action(s): 20 interface-template DMP_INTERFACE_TEMPLATE Map: 50 map oui eq 00.23.ac Action(s): 20 interface-template DMP_INTERFACE_TEMPLATE Map: 60 map device-type regex "Cisco-AIR-AP" Action(s): 20 interface-template AP_INTERFACE_TEMPLATE Map: 70 map device-type regex "Cisco-AIR-LAP" Action(s): 20 interface-template LAP_INTERFACE_TEMPLATE Map: 80 map device-type regex "Cisco-TelePresence" Action(s): 20 interface-template TP_INTERFACE_TEMPLATE Map: 90 map device-type regex "Surveillance-Camera" Action(s): 10 interface-template MSP_CAMERA_INTERFACE_TEMPLATE Map: 100 map device-type regex "Video-Conference" Action(s): 10 interface-template MSP_VC_INTERFACE_TEMPLATE Cisco Confidential 18 AutoConf In Action: Dynamic Binding to Interface (1) Nothing shown After IP Phone connected to Interface Gi1/0/2 No change to running configuration 3750X# show run interface gi1/0/2 Current configuration : 38 bytes ! interface GigabitEthernet1/0/2 End Show run int <intf> Gig1/0/2 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 AutoConf In Action: Dynamic Binding to Interface (2) After IP Phone connected to Interface Gi1/0/2 Nothing No change to running configuration shown Show run int <intf> Full Configuration displayed with derived command show derived int <intf> Gig1/0/2 © 2013-2014 Cisco and/or its affiliates. All rights reserved. 3750X# show run interface gi1/0/2 Current configuration : 38 bytes ! interface GigabitEthernet1/0/2 end 3750X# show derived int gi1/0/2 Derived configuration : 616 bytes ! interface GigabitEthernet1/0/2 switchport mode access switchport block unicast switchport port-security maximum 3 switchport port-security maximum 2 vlan access switchport port-security aging time 1 switchport port-security aging type inactivity switchport port-security violation restrict switchport port-security load-interval 30 srr-queue bandwidth share 1 30 35 5 priority-queue out mls qos trust cos storm-control broadcast level pps 1k storm-control multicast level pps 2k storm-control action trap spanning-tree portfast spanning-tree bpduguard enable ip dhcp snooping limit rate 15 Cisco Confidential end 20 AutoConf In Action: Dynamic Binding to Interface (3) What template is bound to interface? Show template interface binding show template binding 3750X# show template interface binding all Template-Name ------------IP_PHONE_INTERFACE_TEMPLATE Source -----Built-in Method -----dynamic Interface --------Gi1/0/2 3750X# show template binding target gi1/0/2 Interface Templates =================== Interface: Gi1/0/2 Method -----dynamic Source -----Built-in Template-Name ------------IP_PHONE_INTERFACE_TEMPLATE Source ------ Template-Name ------------- Service Templates ================= Interface: Gi1/0/2 Gig1/0/2 © 2013-2014 Cisco and/or its affiliates. All rights reserved. Session ------- Cisco Confidential 21 DEMO © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Lifecycle Converged Management with Integrated Best Practices Plug & Play Simplified Deployment of New Cisco Devices Convergence © 2012 Cisco and/or its affiliates. All rights reserved. Consolidation Assurance End-to-End Application Experience & Visibility Cisco Advantage 23 Distribution of Templates in switch enviroment via Prime © 2013-2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 Simplicity Plug-N-Play– Simplified Day 0/ Day 1 Provisioning 1 Pre Provision Projects/Sites • Policies • Match Rules • Configs/Image • IP Addressing 3 Network Admin APIC EM PnP Server 2 PnP Agent PnP Agent Smart Install Proxy PnP Agent CampusBldg-2 Installer Remote Installer • Mount and cable devices • Power-on © 2013-2014 Cisco and/or its affiliates. All rights reserved. PnP Agent • Network Admin remotely monitors status of install while in progress. • Booting devices call out to PnP Server, requesting instructions Smart InstallClient Cisco Confidential 25 NG Plug & Play – Comprehensive for Branch and Campus Day 0/1 Provisioning Tasks Auto Install Smart Install CNS/CE Prime 2.0 PnP Gateway NG PnP Solution Support unskilled installers (NO CLI) ✓ ✓ Partial ✓ ✓ Secure deployment X X Partial X ✓ Partial Partial Partial ✓ X X Partial Partial ✓ Partial X Partial Partial ✓ RMA Use Case X Partial X X ✓ Complete automation for branch deployments X X X X ✓ Support any Place-inNetwork (Campus/Branch) GUI for admin & installer workflows Consistent for all ENG devices © 2013-2014 Cisco and/or its affiliates. All rights reserved. ✓ Cisco Confidential 26 Thank you.
© Copyright 2026 Paperzz