All scripts
nac
Expert
8–20 min

802.1X Wired Fleet Config Pusher

Multi-vendor 802.1X port config: IOS/IOS-XE/NX-OS/EOS/JunOS, MAB fallback, guest/fail/critical VLAN, CoA, uplink protection, per-switch validation and rollback.

Cisco IOS/XE
Cisco NX-OS
Arista EOS
Juniper
Open in GeneratorOpen in Platform
You're viewing a preview

The full script, parameters, and execution console are available with a free account.

Already have access? Sign in →

Capabilities

  • Per-vendor 802.1X templates
  • MAB fallback
  • Guest/fail/critical VLAN
  • CoA enable
  • Uplink protection (skip trunks)
  • Per-switch validation
  • Atomic rollback

Required inputs

Parameters the script accepts. Defaults shown; some are vendor- or context-gated.

ParameterTypeDefaultNotes
Guest VLAN
guest_vlan
number999
Critical VLAN
critical_vlan
number888
Auth mode
auth_mode
stringclosed
Host mode
host_mode
stringmulti-auth

Hint 1Name your vendors and OS versions

Mention the exact platforms you run (Cisco IOS/XE, Cisco NX-OS, Arista EOS, …) so the generated nac logic uses the right CLI/NETCONF syntax.

Hint 2State your real thresholds

Provide concrete values for Guest VLAN, Critical VLAN, Auth mode instead of the defaults — they shape what counts as a fault.

Hint 3Prioritize the checks you need

This tool can per-vendor 802.1X templates and mAB fallback. Ask for the subset relevant to your incident to keep output focused.

Hint 4Describe your inventory format

Tell the assistant whether your device list is CSV, YAML, or JSON and which columns it has, so parsing matches your data.

Sample inventory schema

Authoritative shape of the device/policy data this script consumes.

switches.csv
csv
Access switches and access-port counts
terminal
hostname,platform,access_ports
sw-mum-01,cisco_xe,22
sw-blr-02,arista_eos,46

Expected output

Reference terminal output the script should produce — used as a stylistic and structural target.

terminal
[2026-06-12] INFO  Rendering 802.1X config for 38 access switches...
[DRY-RUN] sw-mum-01 (cisco_xe): 22 access ports → dot1x + MAB, uplinks skipped
[APPLY]   sw-mum-01: pushed · auth sessions verifying...
  Gi1/0/3 authorized (dot1x) · Gi1/0/9 authorized (mab) · Gi1/0/24 uplink skipped
Summary: 38/38 switches · 836 ports configured · 0 rollbacks