Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
0
Helpful
4
Replies

Auto Smart Ports - Half Baked Detection

Ian Underwood
Level 1
Level 1

‎10-08-2018 06:55 AM - edited ‎03-08-2019 04:19 PM

My organization is deploying some new 9407 switches for campus access, and one feature I've been looking at is using auto smart ports to set the ports for different settings, depending on what gets plugged in.

 

One of my challenges is that we are using a non-Cisco vendor for desktop switches that a user may have at their desk.  While I can do detection based upon the MAC address, I'd much rather take advantage of LLDP as a more reliable means of detection, especially if the use of these small switches extends beyond the pilot.

 

I came across a document, "Auto Smartport with Custom Trigger", which led me to find the dc_default_profiles.txt.  This looks like the file I would need to either modify or augment in order to use this kind of detection.  Unfortunately, there is no clear documentation on how the file is structured, or how it can be updated / replaced.

 

Of course, the header contains this:

 

# ------------------------------------------------------------------
#  Profile, Rules and check definition for the IOS rule engine
#  Copyright (c) 2010-2013, 2017 by Cisco Systems, Inc.
#  All rights reserved.
# **** THIS FILE IS AUTO-GENERATED FROM XML FILE - DO NOT EDIT *****
# ------------------------------------------------------------------

It appears there are a few sections:

  • Count of OUI vendor strings
  • Lines of OUI vendors, 1 per line.
  • Count of OUI hash entries
  • Lines of OUI hashes.  2 lines.  hash, then vendor in list above.
  • Count of Checks
  • Lines of checks, which have this format: attr_type,id,attr_tag,operation,val_type,val
  • Then Rules
  • And a list of rules: # rule_term format: term_type, {attr_type, id}, op ...

Now here's my problem.  There is no documentation to either add to, augment, or whatnot.  Since authentication is not required on a per-port basis, it doesn't seem sensible to deploy something like ISE.

 

Does anyone have suggestions?

++I;
Labels:
0 Helpful
4 Replies 4

pieterh
VIP
VIP

‎10-09-2018 05:37 AM - edited ‎10-09-2018 06:25 AM

you can start with
show macro auto monitor type string < your selection>
to check if your vendor device is al ready present?

 

in later release called "device classifier"

Release
Modification

15.2(2)E

This command replaced the macro auto monitor command on the Catalyst 3750-X, 3560-X, 3560-C, 2960, 2960-C, 2960-S, 2960-SF, 2960-P, CGS 2520, IE 2000, IE 2000U, IE 3000, and IE 3010 switches.

show device classifier profile type

0 Helpful

pieterh
VIP
VIP
In response to pieterh

‎10-09-2018 06:05 AM

btw the file you reference is IOS version dependent and is overwritten on ios-upgrade.

The default profiles are updated as part of the Cisco IOS archive download.

 

is it sufficient to run the macro based on vendor id in the mac-address?

look at the end of: On-Box Automation and Operations Tools

 

 

 

0 Helpful

Ian Underwood
Level 1
Level 1
In response to pieterh

‎10-09-2018 08:08 AM

I can use the MAC OUI for detection, but it wasn't among the things I was looking to do, especially since MAC list is bound to grow over time. I'd rather use LLDP inputs as something better-determined.
I was hoping it would be possible to either augment or find some other way of adding specific items to the device classifier through the config.
It is what it is, I suppose.
++I;
0 Helpful

pieterh
VIP
VIP
In response to Ian Underwood

‎10-10-2018 12:15 AM - edited ‎10-10-2018 12:18 AM

did you try the commands I suggested to check if your vendor is al ready known in the list?

     show macro auto monitor type string < your selection>

     show device classifier profile type <keyword>

 

if so you need not modify the profiles but only need to add a custom trigger and macro suitable for your needs

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card