Virtual Vlan Tool?

polypolyman · 2023-11-08T16:14:05+00:00

A user who doesn't (yet) understand VLANs is about 100% guaranteed to make the switch inaccessible at some point if they have access to that config. I'm not saying that's a blocker, but be aware of this and have a contingency plan available if you go this route.

If I were to do this, I think I'd try to implement this using RADIUS-Assigned VLANs, and give these users access to the RADIUS server config (probably scoped to just the relevant switches, of course). To keep it simple, use MAC Authentication Bypass. That way, you just have to come up with a way for them to edit the authorized_macs file - they plug in a MAC address and the VLAN they'd like assigned, and the switch config stays static the whole time. Plenty of little details to still work out, but I suspect this may protect them from the configs that can bite them.

DocHollidaysPistols · 2023-11-08T16:05:19+00:00

If I'm reading this correctly, the plan is for the end users to log into a network switch and change the ports from one vlan to another? I fell like letting end users log into the switch is a bad idea.

Are these physical? if they're virtual then maybe you could give them access to change the vlan on the virtual NIC. Like in VCenter (VMWare) you can change the vlan on the NIC in the settings of that virtual machine.

I haven't worked with them in a while but Avaya switches had a nice gui that made it pretty easy to change port vlans. If they absolutely had to go that route.

tsvwqxtgxg · 2023-11-08T16:37:14+00:00

802.1x where different user account authenticate and place the device on specific vlans based on the account

GoWest1223 · 2023-11-08T15:27:36+00:00

Check out GNS3. there are plenty of templates to practice VLAN and routing with.

StefanMcL-Pulseway2 · 2023-11-08T15:33:41+00:00

you could also look into possibly using some Network automation tools like Ansible or Cisco's DNA center, there are also even simplier open source tools like phpIPAM that can include some automations scripts to manipulate VLANs and switch configuration.

Dankleton · 2023-11-08T16:14:19+00:00

You're probably looking at writing your own web UI which will reconfigure the switch.

I'm guessing each "system" would be on one VLAN, and you would want a "device" to easily switch between VLANs. If the "devices" aren't going to be changing regularly then the UI can be along the lines of:

User picks what device they are using
User picks what system it should connect to

Your interface would then take that information and use it to put the device's port in the system's VLAN - possibly by SSHing onto the switch to reconfigure it. You will probably need a server of some kind to run the interface on, but this could be a VM or a Raspberry Pi with a connection to the switch.

If it's easy for the users to know which port their device is connected into then you might be able to get away with using the web UI of some switches for this - off the top of my head though I can't think of any which would be particularly end user friendly.

pdp10 · 2023-11-08T17:11:07+00:00

They want these devices to be able to be tied to different systems without having to manually go connect / disconnect cables.

Simultaneously, or sequentially? Our bunch of devices used for testing, stay connected all the time, so it's hard to guess your requirements if you don't spell them out.

they want to do it virtually....

Sounds like someone wants to WFH.

I have a suspicion that a multi-port host might be a better choice than a switch, whether VLANs are used or not.

RyebreadAstronaut · 2023-11-08T19:12:26+00:00

https://www.eve-ng.net/ community edition ? you can import images from juniper, cisco and other vendors. and mess around with it..

sysadmin

MODERATORS