1 / 24

autoMAC: A Tool for Automating Network Moves, Adds, and Changes

autoMAC: A Tool for Automating Network Moves, Adds, and Changes. Christopher J. Tengi Princeton University <tengi@CS.Princeton.EDU>. What’s the problem?. Over 1500 hosts Over 100 IP subnets/VLANs 672 user switch ports (currently) 388 wall boxes 1072 patch points. 1072 Patch Points.

kylar
Download Presentation

autoMAC: A Tool for Automating Network Moves, Adds, and Changes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. autoMAC: A Tool for Automating Network Moves, Adds, and Changes Christopher J. Tengi Princeton University <tengi@CS.Princeton.EDU>

  2. What’s the problem? • Over 1500 hosts • Over 100 IP subnets/VLANs • 672 user switch ports (currently) • 388 wall boxes • 1072 patch points

  3. 1072 Patch Points

  4. Why subnets? • Why not a flat network? • Broadcast domains • User segregation • Access Control

  5. How we used to do it • Email host registration requests • Manual host database entry • Manual patch installation • Switch re-configuration

  6. So, what’s wrong with that? • Users never get it right the first time • Manual host entry is prone to errors • Patch panel diving is a pain • Did you remember to set the port VLAN? • Did you save the switch config?

  7. What we wanted • Automation! • Less user interaction :-) • Better accuracy • Static switch configuration

  8. What we did • Automate the host database • Automate switch port VLAN assignment • Keep everyone in the right place

  9. Automating the host database • Move to a web-based registration system • Use a daemon to process requests • Have the daemon rebuild all the database extracts

  10. Automating VLAN assignment • No more manual switch configuration • Any port, any VLAN, any time • Use the host MAC address as the key • Registration VLAN for unknown hosts

  11. The nitty-gritty

  12. Tools we used • Existing host database • FreeRADIUS • NetReg

  13. Tools we used - Host DB • Originally only for administrators • Very little field validation • Input through a ‘vi’ -based interface • Extracts generated manually with ‘make’

  14. Tools we used - FreeRADIUS • Config files generated from Host DB • Originally implemented for Cisco APs • Our user switches could “speak” RADIUS

  15. Tools we used - NetReg • Web-based data input • Two to choose from • Carnegie Mellon University • Southwestern University

  16. Integration: Tying it all together

  17. Integration - Host database • Web registration form • Field validation on the form • Automate request processing

  18. Integration - RADIUS server • Use MAC address to lookup VLAN • Add “tunnel” A/V pairs to accept response • Unknown MAC addresses are rejected

  19. Integration - Hardware • First, get a vendor to write code for you • Why not 802.1X? • Known hosts always land on the right VLAN • Locally registered • Mobile IP • Unknown hosts land on the registration VLAN

  20. Integration - NetReg Server • Listening on the registration VLAN • Answers all DHCP requests • Specifies itself as DNS server/gateway • Answers any HTTP request • Requires a CS username/password • Presents the host registration form • Sends the completed form for processing

  21. Future Enhancements • Virus/patch scanning on the registration VLAN • Automatic isolation of newly-infected hosts • Expand registration VLAN concept to 802.11b

  22. Conclusions • Automation is a good thing • Open Source Software is invaluable • Sometimes you can get what you want

  23. Acknowledgements • Princeton CS Technical Staff • Jon Finke • Rob Kolstad

  24. Availability • http://www.CS.Princeton.EDU/autoMAC/

More Related