Friday, April 12, 2019

Networking gear that supports automation

I'm building a lab in a box, that has a switch, couple APs, and a router / firewall, along with a server, and the configs can be modified via a script.

From the networking side of things, I need to be able to handle vlans, static routes, raidus, 802.1x for the wireless, and be able to firewall off ports and vlans from cross talking. I also wants this to be fully managed without internet, but I could make internet access a requirement.

Configuration of all this had to be scripted so someone with limited networking knowledge can do things like, specify how many teams, usernames and passwords for the different radius users, etc. This would drive the number of subnets / vlans that get created, setup firewall rules, etc. Clients would join the wireless or wired networks on the switch. If internet access is a requirement the WAN port would be connected to the local network onsite and everything would be NAT'ed. Not idea in the real world of course, but nothing will be reacting into the lab from the WAN, only getting out as needed. Clients would not allowed to get to the internet other than getting a font library or something.

Today I do all this with Ubiquiti USG, Cloud Key, Unifi APs and switch, however they have no officially supported APIs and what I've seen of the comunity SDKs, APIs, I'm not filled with warm fuzzies. While this fits the price point, I'm worried about being able to automate their gear. This solution works for the one lab I run, but if this is going to scale to multiple labs that are shipped around, I might need something else.

This is for a non-profit and used for mostly high schools and colleges. so cheap is another requirement. This is not for production usage, so no HA requirements, and don't need support other than firmware updates as needed. Don't need hardware support if the equipment is cheap enough.

I've mostly worked with Cisco Nexus and Palo Alto in my career and that level of gear is way over my budget for what I need. Are there any other brands or something open source that would work for this? Meraki might work, but they are expensive and requiring internet to manage it, is a bit of a detractor.



No comments:

Post a Comment