VLANs are useful, but managing VLANs even on proper networking hardware can be complex and error-prone. This project tries to simplify the VLAN and switch port configuration process by just describing the desired network configuration as a YAML config file. (see examples down below)
Switchconf is a Python3 script to manage a network of cheap, consumer managed Ethernet switches.
It can talk to TP-Link TL-SG105E, SG108E (and probably others) via the web interface.
./switchconf.py --config mynetwork.yaml --dry-run
When everything looks correct, remove the --dry-run
option and let the software do it's magic.
default-vlan: Main
switches:
Switch-Upstairs:
ip: switch-upstairs.domain.de
type: "TLSG105E"
username: admin
password: 1234
description: "Switch-Upstairs"
ports:
port1:
description: "Switch-Downstairs"
type: trunk
destination: "Switch-Downstairs"
port2:
description: "Ubiquiti AC Lite"
type: trunk
vlan: Main # untagged VLAN for Management
port3:
port4:
description: "Router LAN1 Main"
vlan: Main
port5:
description: "Router LAN4 Guest"
vlan: Guest
Switch-Downstairs:
ip: switch-downstairs.domain.de
type: "TLSG105E"
username: admin
password: 1234
description: "Switch-Downstairs"
default-vlan: Guest
ports:
port1:
description: "Switch-Upstairs"
type: trunk
destination: "Switch-Upstairs"
port2:
description: "Ubiquiti AC Lite"
type: trunk
vlan: Main # untagged VLAN for Management
port3:
port4:
port5:
vlans:
Main:
vlan-id: 1
Guest:
vlan-id: 2
- Support for super cheap (25€) switches
- Way more usable and less error-prone than the web interface
- Adding/changing a VLAN doesn't require manual work anymore
- Support for "trunk" ports, which carry all VLANs automatically (to other switches, access points, routers, etc.)
- Simple plausibility check to prevent locking yourself out of the management
- No vendor-lock-in (currently only supports TP-Link, but is easily upgraded)
- YAML configuration can have port descriptions (web interface for TL-SG10x doesn't)
- Automatic PVID handling (PVIDs are the same as the untagged VLAN ID in 99.9% of cases)
- Security of TP-Link Managed Switches is abysmal
- No seperate management connectivity, VLAN 1 / untagged always needs to be reachable
- Only physical ports are supported, no LAG/virtual port support
- Only VLAN configuration supported, no STP, multicast, etc. configuration
- There's no atomicity to the network changes, the cheap switches don't support anything like that.
- VLAN names, destination identifiers, etc. should be case-insensitive, matching might not work 100% for UTF-8 characters. When in doubt, use ASCII names/identifiers or be binary-perfect.
- Omission of certain config properties might lead to crashes. Please report or send PRs.
- This tool was designed for my own personal use, it might not suit your use-case. Read the dry-run output carefully!
3 parameters need to be present on the root-level:
switches
- array, list of all switches
Switches need to have the following properties:
type
- string, e.g. TLSG105E
, which will load a module with that name in backends/
.
ports
- array, containing a list of all ports
Optional properties:
default-vlan
- string, VLAN name for unconfigured ports
description
- string, description, for humans only
All other parameters are used by the device-backends directly, often ip
, username
, password
.
vlans
- array, list of all VLANsdefault-vlan
- string, VLAN name, used for all unconfigured ports