Network layout showoff

[Cree340]

I made a number of changes since my last post...

 

[diagram redacted]

 

For the most part, connections are 1GbE over copper (however many connections use link aggregation/etherchannel). Except for one of the storage servers, which is connected at 10GbE to the Cisco 3650 using fiber, and most of IOT devices (such as the speakers and bridge devices) and surveillance cameras are on 100mbps links. 

 

The network has 3 primary VLANs; one for management, one for most devices and a third one for guest. It also has another isolated VLAN for testing purposes. I do plan on adding a couple more VLANs in the near future for security purposes. Like a VLAN for the cameras that has no internet access and a VLAN for the phones that is prioritized over the network. Also, the Cisco 3750-X may be a layer 3 switch and has an IP Base license, but it is currently only used as a layer 2 access switch (no routing) for devices powered via POE.

 

There are also 3 WiFi SSIDs being broadcasted, a (WPA2 Enterprise) SSID for most devices (such as mobiles devices and laptops), a (WPA2 PSK) SSID for IOT devices and a (Open) SSID for Guests. I used to use Cisco ISE as a RADIUS server, NAC and as a captive portal for the guest WiFi, but now I just use Windows NPS and the built in captive portal in the Cisco WLC cause I corrupted the ISE installation by abruptly disconnecting the ESXi host from the NFS share (where the ISE VM was running from).

 

I only have one relatively small ESXi host at home (E3-1231v3 32GB RAM) because I run the majority of my VMs offsite and use site-to-site VPN tunnels to have those VMs virtually present on my network. The local ESXi host mainly runs a Windows server with active directory replication and a bunch of other random small VMs. The only services that are hosted in my home that are accessible publicly is my Plex server and my OpenVPN server.

 

Network monitoring is currently only done using PRTG, the Meraki Dashboard, and the Palo Alto Networks firewall WebGUI (and also ssh-ing directly into network switches). I plan on adding others in the future, such as InfluxDB or Prometheus with Grafana and ELK stack. Maybe also an IDS, such as Bro or Suricata. Cisco Stealthwatch would be cool to add but it costs way way too much.

 

There are also a few network devices in my diagram (like a number of the surveillance cameras and the surveillance server) that have not been set up yet and are just sitting on a desk right now. I plan on having those up soon.

Edited June 3, 2019 by Cree340

[DataEmo]

My small network:

 

The router is sitting in the basement with the two virtualization hosts. Primary uplink is the cable television. Had once a dead router after a thunderstorm so I went the fiber  route here. Cable is sometime not available so I need LTE as Failover but the reception in the basement is low.

 

 

The HyperV hosts are running two server 2016 domain controller, a 3cx phone system, hmailserver, Unifi controller and my vpn access.

WIFI is using WPA2 Enterprise with radius assigned vlan. There are with the security cameras, I/O Cards for the home automatisation, TVs and some PCs about 30 wired clients in the network

[jhon11]

this is really great information.

[Electronics_Lab]

WARNING! It's A LONG POST SO BRACE YOURSELVES!!!! 

 

Father's House (Server location)

• ISP provided the modem and Router/AP
• Cisco Switch (Catalyst 2950 series) - provided my dad's colleague who is a legend in my eyes (even though I've never met him). Is only 10/100 as wasn't meant to be permanent but my cheap 8-port gigabit LAN switch from Amazon died after about 4 years.
• TP-Link Gigabit LAN -  brought to replace a crappy one from 2003.
• Powerline adapters are 300mbps so my sister, my dad and I can have fast file transfers while my other sister is gaming.
• OnNetworks APs (both Houses) - slow, unintuitive web UI, and drops out on any devices plugged into it (wireless is stable for once)
• Server
  • Spare gigabyte board I had lying around with an Intel core i3 2120 @ 3.30GHz, 6 GB of RAM, 3.5TB of storage, onboard Gigabit LAN and a TP-link PCI (not PCI-E otherwise the HP card would be in here) Gigabit LAN card.
  • 3TB WD Red - Pulled from a WD my cloud (didn't have the functionality I needed, and it needed a separate machine for plex)
  • 500GB Seagate - pulled from Cable TV box that was brought by us (Only paid for extra channels as a monthly subscription)
  • Windows Server 2016 
• The office PC is another gigabyte board with an Intel core i3 3220 @3.30GHz, 8GB RAM, 250GB HDD (boot), 500GB HDD (primary storage), 1TB HDD (secondary storage), onboard gigabit LAN and a Radeon R5 230 from Asus.
• Some ASRock board (my sister brought it online, second hand, (was 75% brown dust till I came along and cleaned it)

Mother's House (where I live on weekdays)

• both switches are TP-link 5port 10/100mbps 
• My Room
  • FYI I can still access my file server from here I just have to use a VPN
  • Domain laptop - Dell Latitude D630 4GB RAM, 500GB HDD (was from my main one as it was dying (kept on BSODing) but I wasn't worried about space on my main so I swapped the drives and reinstalled windows on them.
  • Main Laptop - Dell Latitude E6410 8GB RAM, 80GB HDD (both Dell's have Gigabit LAN)
  • Linux Test Bench - My sister's old Toshiba laptop 4GB RAM, 320GB HDD (CBA to put it in my main)
  • My PC - Biostar (with a soldered on Celeron CPU), 5GB RAM, 160GB HDD (boot), 250GB HDD (storage), HP enterprise dual gigabit LAN PCI-E card. 
• I still have to rebuild my step-dad's PC because it was a HP prebuilt but the PSU failed and nuked the board (RAM, GPU and HDD are confirmed fine but have no way to test the AMD CPU as I'm more of an intel guy TBH)

 

If you read all that, you deserve a snack

[kazuni]

Nothing too crazy...

[Lurick]

Made some updates and whatnot

 

 

 

 

 

[jnic]

[Sir Asvald]

Here is my updated network. I've added another 2 Servers which are running as VMs

 

 

[jagdtigger]

On 9/2/2018 at 3:54 PM, Lurick said:

Made some updates and whatnot

 

 

 

Spoiler

 

 

 

 

 

Spoiler

raspberry Pi 1

 

 

How old are those RPI's?  I had a RPI3 Model B running 24/7 (it was running apt-mirror once a day)  and the darn thing died on me....

[Lurick]

10 minutes ago, jagdtigger said:

How old are those RPI's?  I had a RPI3 Model B running 24/7 (it was running apt-mirror once a day)  and the darn thing died on me....

I think they are about 4 years old at this point. They are the RPI2 Model B iirc

[jagdtigger]

4 minutes ago, Lurick said:

I think they are about 4 years old at this point. They are the RPI2 Model B iirc

Nice, my rpi3b lasted for about 2 years. A HP office PC took its place(260-a101ng, im currently trying to get ESXi recognize the internal HDD, currently im using it with a NFS mount until i fix the issue.

[handymanshandle]

It's slow as ass but the other alternative would to be not having internet at all on my desktop and I'd rather have some experience resembling what I'm used to.

also you're welcome for this top notch diagram of my network, created with the best program known to man. Microsoft Paint.

[CiscoFan]

Here is my updated topology.

 

 

[White_Helix]

Thats the logical side of it, physically we have Cat.6 sockets in every room, Cat.7 cable and everything nice and tidy in a little rack. I have to use my ISPs ONT, not pictured in there (imagine as the cloud). For the AP-AC-LR we have another Cat.7 running in the floor below, as well as a LWL for future use. Also another LWL in the basement, where my future office/studio will be located. The IP camera is just the first one, recording to the QNAP Surveillance Station running on the NAS with more to follow.

[Scatfanfn]

Here is mine.

[Ph0en1x-Fl4m3]

On 8/17/2014 at 6:53 AM, Ssoele said:

 

They are 2 separate networks, with different DHCP servers and different IP-ranges, connecting them would cause clients from 1.x to get IP's in the range of 2.x and vice-versa.

Sorry, 4 years late to the party. Using VLANs can keep them separate when connecting them together for network redundancy.

[Montgomery C Burns]

-

[kevdagoat]

Pretty small in comparison:

[PC Pig]

[Sir Asvald]

On 8/17/2014 at 12:24 PM, Ssoele said:

 

Nice  

[DanielNS84]

PNG, JPG, and PDF Versions Attached...

Network Layout_Direct.pdf

 

 

 

 

Edit: Wanted to put a gap in between the PNG and JPG versions! The one above is the PNG with transparency...the JPG below is the smaller one...

 

 

 

 

 

 

Edited December 16, 2018 by DanielNS84

[Ja Krispie]

On 12/16/2018 at 8:54 AM, DanielNS84 said:

PNG, JPG, and PDF Versions Attached...

Network Layout_Direct.pdf

 

 

 

 

 

Edit: Wanted to put a gap in between the PNG and JPG versions! The one above is the PNG with transparency...the JPG below is the smaller one...

 

 

 

 

 

 

 

I've been thinking of adding a second connection for redundancy. Do you use your ATT DSL as a backup?

[ololax]

A simple drawing of my network, only fancy bit is probably the vpn tunnel to my offsite server

[Jorgenv]

Well, Here is my home setup. Didn't bother with drawing the wireless devices. But i use a surface pro 4 mostly in the outdoor area close to the AC AP Lite, 2 iPhones (me and my wife), 2 iPads (Kids), Galaxy Tab (work), Galaxy phone (work) and two Chromecast audios. When we moved in i also put an ethernet connection in the bedroom for a smart tv, but we never used it, so i put that tv in the outdoor area. I also put in an extra ethernet cable to the living room for the tv settop box, because it needed a straight connection to the modem, but we got rid of the cable tv because we never watched it.

 

[david.lesicnik]

Rather boring so far, standard consumer-grade gear, I will be turning an old computer into an ESXi host and offload the VMs off my desktop onto that.

As you can tell from the little IP range list, I'm leaving myself lots of headroom with my IP designations, I'd rather not change that in the future once this expands.

 

The reason I have the second router running as a full router and not running them in bridged is because the first one is a router/modem combo and it doesn't have good configuration options, which the second one allows. I'm still trying to figure out how to properly forward ports through two NATs, but, eh, I'll figure it out.