Network automations on Access Control List (ACL) for multivendor devices using ANSIBLE and NAPALM in GNS3 / Muhammad Haziq Ikhmal Suhaimi and Rafiza Ruslan
Access control list (ACL) are crucial for network security in complex and dynamic networks. In the context of network systems, ACL is the list of permission associated to a certain network. In addition, the incorporation of ACL with automations will help the network management in terms of reducing t...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Book Section |
| Language: | English |
| Published: |
College of Computing, Informatics and Media, UiTM Perlis
2023
|
| Subjects: | |
| Online Access: | https://ir.uitm.edu.my/id/eprint/100754/1/100754.pdf https://ir.uitm.edu.my/id/eprint/100754/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Access control list (ACL) are crucial for network security in complex and dynamic networks. In the context of network systems, ACL is the list of permission associated to a certain network. In addition, the incorporation of ACL with automations will help the network management in terms of reducing the number of alerts. Additionally, the performance of the entire network will be impacted by the lack of trained network engineers and administrators in network-based enterprises. ACL is one of the security automations mechanisms that consist of programmed detections, investigation, mitigations and prevention. Automation thus uses machine-based security operations to lessen the risk of human interactions. ACL are typically manually configured and analysed. Furthermore, redundancies are a regular problem with ACL rules, which is in conflict with the ideas of network automation. In this project, a set of ACL scripts and playbooks for basic network configurations are presented. These solutions help network engineers update ACLs and configurations automatically. Additionally, these automation scripts used NAPALM and Ansible for advances settings for multivendor devices in GNS3. This automated ACL constructions underwent functional testing. The success rate of pushed configurations in network devices using NAPALM Python scripts and Ansible playbooks is the main focus of this project because it is its main objective. With the exception of some NAPALM configurations that cannot be deployed to certain Cisco and Juniper routers owing to device limitations, NAPALM and Ansible have been successfully linked to deploy configurations to these routers. Nevertheless, by combining NAPALM with Ansible, network engineers can lessen the chance of human error, which is helpful in situations with several vendors. The use of Jinja2 can improve the effectiveness of integrations between NAPALM and Ansible for future research. |
|---|