Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Ssoele

Network layout showoff

Recommended Posts

My junk's pretty basic, moved into a new-to-me house that didn't have any Ethernet wiring and I've been too lazy to run any :P

 

On 2/5/2018 at 7:25 AM, Lurick said:

Then I've got a 3504 WLC

How are you liking that WLC?  I was slightly depressed when they suddenly launched EOL/EOS notices for the 2504 I have :(

network_new_house (1).png


PC : 2700X · Crosshair VI · 2x16GB RGB 3200 · 1080Ti SC2 · 500G 960 EVO · EVGA 1600G2 · Define C 

Lab Server : Dell R720 · 2x Xeon 2680v2 · 384G RAM · 8x 3TB SAS · H710p · Nvidia Grid K1 · ESXi 6.7

Link to post
Share on other sites
Just now, beersykins said:

My junk's pretty basic, moved into a new-to-me house that didn't have any Ethernet wiring and I've been too lazy to run any :P

 

How are you liking that WLC?  I was slightly depressed when they suddenly launched EOL/EOS notices for the 2504 I have :(

 

For the most part it's been pretty nice. Not much different than the 2504 in terms of the GUI (for now, lol)


Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
On 17/08/2014 at 12:49 PM, Ssoele said:

 

Consumer routers can be a pain to work with, they often do stuff you don't want them to do, or vice-versa.

Normally I've found you're lucky to even get bridging support, on low-end consumer hardware at least.

Link to post
Share on other sites
On 5/30/2018 at 10:27 PM, jagdtigger said:

@McFuzz89

Pro-tip. Never use wireless cameras....

And pourque? I'd agree that you should not be using them for mission critical (i.e. actual surveillance you care about), but mine work perfectly fine for monitoring my nuggets. Both of my 960p cameras do 30 FPS during daytime and 10 at night without missing a beat.

Link to post
Share on other sites
12 minutes ago, McFuzz89 said:

And pourque? I'd agree that you should not be using them for mission critical (i.e. actual surveillance you care about), but mine work perfectly fine for monitoring my nuggets. Both of my 960p cameras do 30 FPS during daytime and 10 at night without missing a beat.

Pretty much this, its way too easy to jam them :D (didnt think you were using them for some not so important stuff :D ). Or if you unlucky like me and there is a crap ton of AP's around you running channel bonding.... (Even the 5GHz range is pretty crowded last time checked.)

Link to post
Share on other sites

High level overview of my home infrastructure:

network-2018.thumb.png.10014614b663421717fd7f1e21fd7fa5.png

 

It's pretty basic in terms of actual networking. Just a few VLANs, some routes, two IPv6 networks, two VPN tunnels and a load of firewall rules.

 

The unRAID box runs a virtual router that tunnels traffic over a NordVPN link (primarily used for downloading), it's way faster than trying to run OpenVPN on an (already busy) EdgeRouter.

 

I also have a cloud-hosted VPS for out-of-band management from other networks (that are often IPv4 only), it runs a dedicated IPSEC tunnel over IPv6 to my internal management-host.

 

Unfortunately my ISP doesn't provide the credentials for their VOIP platform, so I have to use their stupid all-in-one router/VOIP ATA with another ATA right after it to get a usable VOIP line. Migrating the landline to a cloud VOIP provider is on the roadmap for Q4 2018.


eth0 is life.

Link to post
Share on other sites

I made a number of changes since my last post...

 

[diagram redacted]

 

For the most part, connections are 1GbE over copper (however many connections use link aggregation/etherchannel). Except for one of the storage servers, which is connected at 10GbE to the Cisco 3650 using fiber, and most of IOT devices (such as the speakers and bridge devices) and surveillance cameras are on 100mbps links. 

 

The network has 3 primary VLANs; one for management, one for most devices and a third one for guest. It also has another isolated VLAN for testing purposes. I do plan on adding a couple more VLANs in the near future for security purposes. Like a VLAN for the cameras that has no internet access and a VLAN for the phones that is prioritized over the network. Also, the Cisco 3750-X may be a layer 3 switch and has an IP Base license, but it is currently only used as a layer 2 access switch (no routing) for devices powered via POE.

 

There are also 3 WiFi SSIDs being broadcasted, a (WPA2 Enterprise) SSID for most devices (such as mobiles devices and laptops), a (WPA2 PSK) SSID for IOT devices and a (Open) SSID for Guests. I used to use Cisco ISE as a RADIUS server, NAC and as a captive portal for the guest WiFi, but now I just use Windows NPS and the built in captive portal in the Cisco WLC cause I corrupted the ISE installation by abruptly disconnecting the ESXi host from the NFS share (where the ISE VM was running from).

 

I only have one relatively small ESXi host at home (E3-1231v3 32GB RAM) because I run the majority of my VMs offsite and use site-to-site VPN tunnels to have those VMs virtually present on my network. The local ESXi host mainly runs a Windows server with active directory replication and a bunch of other random small VMs. The only services that are hosted in my home that are accessible publicly is my Plex server and my OpenVPN server.

 

Network monitoring is currently only done using PRTG, the Meraki Dashboard, and the Palo Alto Networks firewall WebGUI (and also ssh-ing directly into network switches). I plan on adding others in the future, such as InfluxDB or Prometheus with Grafana and ELK stack. Maybe also an IDS, such as Bro or Suricata. Cisco Stealthwatch would be cool to add but it costs way way too much.

 

There are also a few network devices in my diagram (like a number of the surveillance cameras and the surveillance server) that have not been set up yet and are just sitting on a desk right now. I plan on having those up soon.

Edited by Cree340

My Build : Intel i7-9700K - Asus Strix Z390-E - 32GB Vengeance RGB

- Nvidia Titan Xp - 1TB Samsung 960 Evo SSD - Corsair AX860i Power Supply

 

Link to post
Share on other sites

My small network:

 

The router is sitting in the basement with the two virtualization hosts. Primary uplink is the cable television. Had once a dead router after a thunderstorm so I went the fiber  route here. Cable is sometime not available so I need LTE as Failover but the reception in the basement is low.

 

Network.thumb.png.62c2c3dbb1cb9187bc5e157402c609af.png

 

The HyperV hosts are running two server 2016 domain controller, a 3cx phone system, hmailserver, Unifi controller and my vpn access.

WIFI is using WPA2 Enterprise with radius assigned vlan. There are with the security cameras, I/O Cards for the home automatisation, TVs and some PCs about 30 wired clients in the network

Link to post
Share on other sites

WARNING! It's A LONG POST SO BRACE YOURSELVES!!!! 

 

Father's House (Server location)

  • ISP provided the modem and Router/AP
  • Cisco Switch (Catalyst 2950 series) - provided my dad's colleague who is a legend in my eyes (even though I've never met him). Is only 10/100 as wasn't meant to be permanent but my cheap 8-port gigabit LAN switch from Amazon died after about 4 years.
  • TP-Link Gigabit LAN -  brought to replace a crappy one from 2003.
  • Powerline adapters are 300mbps so my sister, my dad and I can have fast file transfers while my other sister is gaming.
  • OnNetworks APs (both Houses) - slow, unintuitive web UI, and drops out on any devices plugged into it (wireless is stable for once)
  • Server
    • Spare gigabyte board I had lying around with an Intel core i3 2120 @ 3.30GHz, 6 GB of RAM, 3.5TB of storage, onboard Gigabit LAN and a TP-link PCI (not PCI-E otherwise the HP card would be in here) Gigabit LAN card.
    • 3TB WD Red - Pulled from a WD my cloud (didn't have the functionality I needed, and it needed a separate machine for plex)
    • 500GB Seagate - pulled from Cable TV box that was brought by us (Only paid for extra channels as a monthly subscription)
    • Windows Server 2016 
  • The office PC is another gigabyte board with an Intel core i3 3220 @3.30GHz, 8GB RAM, 250GB HDD (boot), 500GB HDD (primary storage), 1TB HDD (secondary storage), onboard gigabit LAN and a Radeon R5 230 from Asus.
  • Some ASRock board (my sister brought it online, second hand, (was 75% brown dust till I came along and cleaned it)

Mother's House (where I live on weekdays)

  • both switches are TP-link 5port 10/100mbps 
  • My Room
    • FYI I can still access my file server from here I just have to use a VPN
    • Domain laptop - Dell Latitude D630 4GB RAM, 500GB HDD (was from my main one as it was dying (kept on BSODing) but I wasn't worried about space on my main so I swapped the drives and reinstalled windows on them.
    • Main Laptop - Dell Latitude E6410 8GB RAM, 80GB HDD (both Dell's have Gigabit LAN)
    • Linux Test Bench - My sister's old Toshiba laptop 4GB RAM, 320GB HDD (CBA to put it in my main)
    • My PC - Biostar (with a soldered on Celeron CPU), 5GB RAM, 160GB HDD (boot), 250GB HDD (storage), HP enterprise dual gigabit LAN PCI-E card. 
  • I still have to rebuild my step-dad's PC because it was a HP prebuilt but the PSU failed and nuked the board (RAM, GPU and HDD are confirmed fine but have no way to test the AMD CPU as I'm more of an intel guy TBH)

 

If you read all that, you deserve a snack

WAN Map.PNG

Link to post
Share on other sites

Here is my updated network. I've added another 2 Servers which are running as VMs

 

 

Network.png


CPU: i5 4690 |CPU Cooler: CM Hyper 212 Evo | Motherboard: Z97-A | RAM: 4x4GB Kingston Memory 1600mhz | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 120GB Kingston V300 SSD | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitors: 24" Acer S240HLBID + 20" Dell  | OS: Win 10 Pro

 

Audio: Behringer 302USB Xenyx 5 Input Mixer | Neewer® NW-700 Microphone | Behringer PS400 Micropower Phantom Power Supply

 

Networking gear:  Dell OptiPlex 390 Domain Controller | Dell PowerEdge R210 II Exchange 2016 | TP-LINK TL-SG1024D 24-Port Gigabit | Cisco ASA 5505 VPN  | Cisco Catalyst 3750 Gigabit Switch

 

 

Link to post
Share on other sites
On 9/2/2018 at 3:54 PM, Lurick said:

Made some updates and whatnot

 

 

 

Spoiler

683WvtR.jpg

 

 

 

 

 

Spoiler

fyZM0iU.jpg

raspberry Pi 1

 

 

How old are those RPI's?  I had a RPI3 Model B running 24/7 (it was running apt-mirror once a day)  and the darn thing died on me....

Link to post
Share on other sites
10 minutes ago, jagdtigger said:

How old are those RPI's?  I had a RPI3 Model B running 24/7 (it was running apt-mirror once a day)  and the darn thing died on me....

I think they are about 4 years old at this point. They are the RPI2 Model B iirc


Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
4 minutes ago, Lurick said:

I think they are about 4 years old at this point. They are the RPI2 Model B iirc

Nice, my rpi3b lasted for about 2 years. A HP office PC took its place(260-a101ng, im currently trying to get ESXi recognize the internal HDD, currently im using it with a NFS mount until i fix the issue.

Link to post
Share on other sites

It's slow as ass but the other alternative would to be not having internet at all on my desktop and I'd rather have some experience resembling what I'm used to.

5b9201d8a8457_networksummer2018.png.c068b51c78aa258b3671d44c516f6d27.png

also you're welcome for this top notch diagram of my network, created with the best program known to man. Microsoft Paint.


a Moo Floof will solve all the world’s problems, buy a moo floof today.

:x@Dan Castellaneta x @pinksnowbirdie || Jake x Tyler :x 89ever :x
Volume / Normalized  100% / 89% (content loudness 1.0dB)
 

 

 

Link to post
Share on other sites

Thats the logical side of it, physically we have Cat.6 sockets in every room, Cat.7 cable and everything nice and tidy in a little rack. I have to use my ISPs ONT, not pictured in there (imagine as the cloud). For the AP-AC-LR we have another Cat.7 running in the floor below, as well as a LWL for future use. Also another LWL in the basement, where my future office/studio will be located. The IP camera is just the first one, recording to the QNAP Surveillance Station running on the NAS with more to follow.

Heimnetzwerk giffy.png

Link to post
Share on other sites
On 8/17/2014 at 6:53 AM, Ssoele said:

 

They are 2 separate networks, with different DHCP servers and different IP-ranges, connecting them would cause clients from 1.x to get IP's in the range of 2.x and vice-versa.

Sorry, 4 years late to the party. Using VLANs can keep them separate when connecting them together for network redundancy.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×