I’m just about to finish implementing a NAC solution using ClearPass to do 802.1x and ran into some challenges with our current infrastructure design…so I have to change it.
Basically the problem is that to do dynamic vlan assignment you can either have a standardized vlan structure for your access switches (we don’t), or you have to build out a crazy complex profile logic to accommodate the existing vlan structure.
I figure for the ease of support later it’s probably better to standardize the access vlans across the organization. That means that I’d have to touch every access switch in the org. There’s no way I’m doing that manually.
Typically I would do this in VB because it’s what I’m used to but that language is pretty old and it’d be better if I knew Python, so I decided to take this opportunity to learn Python and do it that way instead.
Man am I glad I did.
The script I wrote takes the whole config file and parses it for the needed information. Because we actually had a standard subnet scheme this was a lot easier because I could work off of that to identify the parts of the config that needed to be changed. I pulled all that information out and automatically ran it through a template config I made (you know…a STANDARD!) to spit out the config changes that needed to be made on every switch.
Turns out I wasn’t done there because somebody back before I got here decided to use every access switch as a DHCP server. Ugh. We’re not leaving that in there. I mean, if I’m doing this already I might as well fix that too.
So I added some functions to dump out the networks that we needed to create DHCP scopes and client reservations for in our windows DHCP servers. One of our systems guys used that to create a powershell script to automate the scope creation.
I think I’m in love with Python. It’s pretty easy to read, the tab/space formatting is forced on you (not that I needed it, I can’t stand reading code that’s not formatted properly), and it’s FAST. OMG, so much faster than VB. File manipulation is nice and smooth and it only took me a little bit of time to wrap my head around the dynamic variable types and the output implications that go along with it.
Some personal events that have happened over the last year have already got me thinking about a really cool side project and Python is clearly the tool for the job.
Now I have to decide how much to focus on being a better coder vs. completing that pesky CCIE lab.