creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/configuring-network-segmentation-with-vlans/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

66 lines
2.3 KiB
Markdown
Raw Blame History

# API Reference: VLAN Network Segmentation Agent
## Overview
Configures and audits VLAN-based network segmentation on Cisco and multi-vendor switches using Netmiko and NAPALM. Creates VLANs, configures access/trunk ports, hardens unused ports, and audits for VLAN hopping vulnerabilities.
## Dependencies
| Package | Version | Purpose |
|---------|---------|---------|
| netmiko | >=4.0 | SSH-based switch configuration |
| napalm | >=4.0 | Multi-vendor network device management |
## CLI Usage
```bash
# Audit VLAN configuration
python agent.py --host 192.168.1.1 --username admin --password pass --audit-only
# Full configuration mode
python agent.py --host 192.168.1.1 --username admin --password pass --device-type cisco_ios
```
## Key Functions
### `connect_netmiko(host, username, password, device_type)`
Establishes SSH connection via Netmiko supporting cisco_ios, cisco_nxos, arista_eos, juniper_junos.
### `get_vlan_config(conn)`
Retrieves current VLAN configuration with TextFSM parsing of `show vlan brief`.
### `create_vlan(conn, vlan_id, vlan_name)`
Creates a new VLAN with name on the switch.
### `configure_access_port(conn, interface, vlan_id)`
Configures port as access with port-security, portfast, and BPDU guard.
### `configure_trunk_port(conn, interface, allowed_vlans)`
Configures trunk port with explicit allowed VLANs, native VLAN 999, and DTP disabled.
### `harden_unused_ports(conn, interfaces)`
Assigns unused ports to quarantine VLAN 999 and shuts them down.
### `configure_inter_vlan_acl(conn, acl_name, rules)`
Creates extended ACLs for inter-VLAN routing access control.
### `audit_vlan_security(conn)`
Checks for: default native VLAN, unhardened unused ports, and DTP negotiation enabled.
### `get_napalm_config(host, username, password, driver)`
Retrieves device facts, interfaces, and VLANs using NAPALM for multi-vendor support.
## Security Checks
| Check | Severity | Issue |
|-------|----------|-------|
| Native VLAN | Medium | Default VLAN 1 on trunks enables VLAN hopping |
| Unused Ports | Low | Unhardened ports allow unauthorized network access |
| DTP Negotiation | High | Dynamic trunking enables VLAN hopping attacks |
| Port Security | Medium | Missing MAC address limiting |
## Supported Device Types
Netmiko: `cisco_ios`, `cisco_nxos`, `arista_eos`, `juniper_junos`, `hp_procurve`
NAPALM: `ios`, `nxos`, `eos`, `junos`
Reference in New Issue View Git Blame Copy Permalink