Campus Network-as-a-Service (CNaaS) is a project within SUNET with the goal of providing a fully managed service for LAN/WLAN networks at university campuses.
There are three parts to the documentation of CNaaS at SUNET:
- Product documentation - Documents the different products we use (for NMS and NAC documentation, see below)
- Service documentation - Documents the SUNET specific processes
- Customer documentation - Documents specific details of one customer implementation
CNaaS - NMS
As part of this project a network management system called CNaaS-NMS is being developed to automate the management of the campus networks, the software is open source and can be used by anyone outside of SUNET as well.
Blog can be found here: Campus Networking Automation - Introduction
Source code available at Github
Software Architecture (Google docs)
Code coverage status (codecov.com)
Demo video showing ZTP (play.sunet.se)
CNaas - NAC (Network Access Control)
In order to provide end users with an authentication mechanism CNaaS NAC was invented. It relies on freeradius (https://freeradius.org) for user authentication using 802.1X with MAB as fallback for clients not being able to use 802.1X.
Source code is available on GitHub: https://github.com/sunet/cnaas-nac
Freeradius can either be integrated towards the existing user database (LDAP, Active Directory etc) or use Postgres to store credentials. CNaaS NAC provides both an API and a web interface to handle users if Postgres is chosen for storing credentials.