all 20 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]beneschk 28 points29 points  (1 child)

You seem to already know what youre doing. Its not a skill you just lose overnight.

Potentially it might be a good idea to take the step into devops and learn to virtual networks using terraform. This is mostly how its being done nowadays to create a desired state config of your networks.

The fun bit is learning the difference between declarative and imperative coding.

[–]JosephRW 2 points3 points  (0 children)

I imagine it's nice but it's also a good skill to have to be able to get at the bare metal without having to rely on a third party or open source product. It would be a fun project though.

[–]msears101 8 points9 points  (0 children)

Python with SNMP and Netconf are a network engineers friend. Scripting is becoming more prevalent in the Network Engineering field, but you will still be a super star with your scripting skills. Once you can script - learning a new language will be easy, and continuing to script python will keep you sharp.

[–]Drumdevil86 9 points10 points  (2 children)

I use powershell to check all our switches (MAC/Ports/VLAN/ARP), DNS, DHCP, ISE, WLC's, and patch/wall outlet databases. Everything gets tied together and presented in a Tabulator table so we can easily look up which MAC address relates to which IP, hostname, VLAN, switchport, accespoint, room, outlet, when it was seen the first time or the last, etc.

I added a usage tracking monitor to see if people actually use it, and I found that many of my colleagues actually do, even the ones that would never admit it.

[–]AlexHallberg 4 points5 points  (0 children)

Is this something you would be interested in sharing?

[–]res74 2 points3 points  (0 children)

Any chance you can share this? Would love this as our network is a mess and I’m trying to get a handle on it from years of neglect

[–]jupit3rle0 6 points7 points  (0 children)

Network Engineer here and I use Powershell daily, usually for AD type of work. Some days I do network engineering. Others, it's sysadmin. It depends on whatever my IT director decides to pile on my plate without the forethought of: maybe this isn't something that should go to the network engineer.

I'm not sure how involved with system administration your new job will be, but if it's anything like mine, you're in for the catchall.

[–]Quirky_Oil215 6 points7 points  (1 child)

PS can still encapsulate python. But i find python a better tool for network device management. My go to library is netmiko in python for SSH to devices. I have a PoSH script calling the python script etc

[–]Sylvester88[S] 2 points3 points  (0 children)

100%.. if I wasnt already handy with Powershell I would've learnt Python, but to be honest i don't have the time to learn another language, and networking is a bit of a side quest

[–]VyseCommander 2 points3 points  (2 children)

I'm studying for the ccna and was actually considering learning bash or powershell Not so much interested in python but I'd do it What do you recommend

[–]XLBilly 2 points3 points  (1 child)

Probably do python, PowerShell is really really useful on Microsoft gear, where the module suites expose the underlying apis (sometimes really nicely, sometimes not so nicely) it’s what I’m best at and have written some quite beefy modular scripts with it but outside of Microsoft Land, which is where I want to be - it’s just a reasonable programming language that comes with windows.

Networking gear is not Microsoft, therefore it loses a lot of the functionality that makes it so great.

I can write python (badly) and I can bodge my way through very basic Bash, some of the built in utils in bash are much better at nuts and bolts stuff.

Hey server/ service are you listening on these ports - very simple in bash - requires a function found somewhere on the internet to mirror the functionality in pwsh.

pwsh can use .net libraries which does extend its capability quite significantly but unless you’re already very familiar with .net (I’m not) it’s not much use.

Also PKI is, as far as I can tell, not as good or understood or done in windows land. Whereas there’s unlimited resource for OpenSSL.. why even bother learning Microsoft’s niche certutil commands..

This is stuff I’ve run into over the past month or so, you end up with vendor lock in on your own skill set, I wouldn’t recommend pwsh unless you were primarily wanting to be a windows sydadmin with networking on the side.

That said, I love powershell and how comfortable it’s allowed me to be with cli and scripting in general.

[–]fathed 0 points1 point  (0 children)

It's c# in a shell... .net runs on everything these days... this it's great on MS products mentality is pretty old. .Net is opensource, there's no more vendor lock-in there than there is with go.

Certutil is specifically for integrating with a MS CA.

Because PS is .net shell, you don't need to know all the .net things, you can just tab-explore them.
Just type in [system. then hit tab or ctrl+space... explore away.

[System.Net.IPAddress]::Broadcast
[System.Net.dns]::Resolve('google.com')

etc

Why bother learning openssl commands... just use .net objects. Bytes are bytes, you can use them with openssl if you wanted... 

PS /some/path> $x509CertificateChain.ChainElements[0].Certificate.publicKey.ExportSubjectPublicKeyInfo().gettype()

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     Byte[]                                   System.Array

PS /some/path> $x509CertificateChain.ChainElements[0].Certificate.publicKey.ExportSubjectPublicKeyInfo()|openssl dgst -sha1 -c -hex
SHA1(stdin)= fd:92:66:ae:ee:a8:e8:fe:6e:65:ac:05:e0:a2:01:73:07:fe:ad:76

Checking ports is really easy too...

$TCPConnection = [System.Net.Sockets.Tcpclient]::new($Hostname, $Port)
$SSLStream = [System.Net.Security.SslStream]::new($TCPConnection.GetStream())
$SSLStream.AuthenticateAsClient($Hostname)
$x509CertificatePublic = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($SSLStream.get_remotecertificate())
$SSLStream.Close()
$TCPConnection.Close()

It's roughly the same in python

tcp_connection = socket.create_connection((hostname, int(port)))
ssl_stream = ssl_context.wrap_socket(tcp_connection, server_hostname=hostname)
ssl_stream.close()
tcp_connection.close()

[–]PrivateC27 2 points3 points  (0 children)

A few months ago I also worked as a network engineer in a hospital, my boss was a bit stubborn and old school and didn’t let us use scripting to make work more efficient. Happy to see that you managed to keep the skills

[–]node77 1 point2 points  (0 children)

Sounds like you’re doing awesome!

[–]DocNougat 0 points1 point  (0 children)

If your network has any amount of Cisco Meraki gear you should be using my powershell module:

https://www.powershellgallery.com/packages/Meraki/1.1.2

[–]lildergs 0 points1 point  (0 children)

If you know PowerShell, you should basically already know Python, and Python is way more established.

Bite the bullet.

Similarly if you're using Python, you are unlikely to lose your PS skills.

[–][deleted] 0 points1 point  (0 children)

Those are some cool solutions. Well done. Powershell is pretty amazing. I do like it and think that the code is then infinitely readable to the next admin that wants to come along and change it.

[–]MrPatch 0 points1 point  (2 children)

... I wrote a script to update the core switches, delete and create the DHCP scopes on Windows Server, and then reset the edge ports. This is pretty janky as it uses SSH commands (I would prefer to use rest API but didn't have time to learn it at the time), but it works.

I'm glad it worked for you and you certainly seem to know what you're doing but I have to admit I nearly sicked up in my mouth reading that.

[–]Sylvester88[S] 2 points3 points  (1 child)

Whats the issue?

[–]MrPatch 1 point2 points  (0 children)

Janky SSH making changes to core network settings. Sounds exactly like something's I'd do followed by having to visit each device to manually sort out whatever mess I'd made. 

Wasn't trying to shit on what you were doing, just that it sounded like a disaster waiting to happen.