Network layout showoff

[THANOSJ3]

Still under construction....any suggestions for the Storage Closet to change the 3 computers into an Array or a server? Or should i look for a NAS?

 

 

[snortingfrogs]

 

My setup at home:

• 1000/1000 Fiber Internet
• Pfsense Router/Firewall (Fujitsu Esprimo, Pentium G645, 4GB RAM, 500GB HDD, Intel PRO/ 1000 PT Dual Port NIC)
• Netgear GS105 Switch
• Unifi AP Lite (For mobile, my laptop(s) and guests)
• HP Microserver Gen8 (4x8TB Seagate IronWolf HDD's, 16GB RAM, FreeNAS)
• Webserver (Intel Core i7 2600K, 16GB RAM, 120GB SSD, 5TB HDD, FreeBSD)
• Workstation/Gaming PC (Check my signature for specs)
• Fileserver (Xeon 1230v3, 8GB RAM, 15TB HDD, Debian, Not connected to this network though)

Temporary cable management, just moved all the stuff to the closet.

Going to drill some holes for cables in the back later.

 

[williamcll]

I should set up a real server for NAS and VPN because my router cannot run OpenVPN properly (still talking on support for past 3 months, apparently their office in california does NOT have a R8000P so they cannot troubleshoot properly)

 

Everything on 192.168.0.xxx so streaming video from one room to another is really easy. Had thought of using Mesh wifi but I have doubts on the wi-fi capabilities since satellites can't connect to the main router through Ethernet (Asus added mesh to some normal routers right?).

 

Sony HDTVs connected by cable for DLNA and both cast dongles are by wi-fi.

[McFuzz89]

My humble setup:

• Modem -> Arris SB8200 with Xfinity gigabit service
• Firewall/router -> pfSense 2.4.1 on a Supermicro A1Sri-2758f - handles gigabit with snort all day long.
• Core switch -> HP 1810-24G v2
• PoE switch -> JGS516PE PoE semi-managed switch
• AP -> DLINK DAP-2660
• Printer -> Brother 2700 series All-in-one
• Cameras -> Mixture of wireless and wired Foscam (cheap and functioanl)
• NAS -> HP Microserver running Freenas (a hell of an upgrade from a crappy ARM based QNAP appliance).
• VM Server -> Supermicro mini server with a 6 core Xeon running Citrix XenServer and hosting my surveillance box, plex server, PBX, bunch of other stuff. 
• Time Capsule -> self explanatory
• Gaming and Non Gaming boxes -> self explanatory. 

[jagdtigger]

@McFuzz89

Pro-tip. Never use wireless cameras....

[beersykins]

My junk's pretty basic, moved into a new-to-me house that didn't have any Ethernet wiring and I've been too lazy to run any

 

On 2/5/2018 at 7:25 AM, Lurick said:

Then I've got a 3504 WLC

How are you liking that WLC?  I was slightly depressed when they suddenly launched EOL/EOS notices for the 2504 I have

[Lurick]

Just now, beersykins said:

My junk's pretty basic, moved into a new-to-me house that didn't have any Ethernet wiring and I've been too lazy to run any

 

How are you liking that WLC?  I was slightly depressed when they suddenly launched EOL/EOS notices for the 2504 I have

 

For the most part it's been pretty nice. Not much different than the 2504 in terms of the GUI (for now, lol)

[Virtual_Sauce]

On 17/08/2014 at 12:49 PM, Ssoele said:

 

Consumer routers can be a pain to work with, they often do stuff you don't want them to do, or vice-versa.

Normally I've found you're lucky to even get bridging support, on low-end consumer hardware at least.

[McFuzz89]

On 5/30/2018 at 10:27 PM, jagdtigger said:

@McFuzz89

Pro-tip. Never use wireless cameras....

And pourque? I'd agree that you should not be using them for mission critical (i.e. actual surveillance you care about), but mine work perfectly fine for monitoring my nuggets. Both of my 960p cameras do 30 FPS during daytime and 10 at night without missing a beat.

[jagdtigger]

12 minutes ago, McFuzz89 said:

And pourque? I'd agree that you should not be using them for mission critical (i.e. actual surveillance you care about), but mine work perfectly fine for monitoring my nuggets. Both of my 960p cameras do 30 FPS during daytime and 10 at night without missing a beat.

Pretty much this, its way too easy to jam them (didnt think you were using them for some not so important stuff ). Or if you unlucky like me and there is a crap ton of AP's around you running channel bonding.... (Even the 5GHz range is pretty crowded last time checked.)

[Just.Oblivious]

High level overview of my home infrastructure:

 

It's pretty basic in terms of actual networking. Just a few VLANs, some routes, two IPv6 networks, two VPN tunnels and a load of firewall rules.

 

The unRAID box runs a virtual router that tunnels traffic over a NordVPN link (primarily used for downloading), it's way faster than trying to run OpenVPN on an (already busy) EdgeRouter.

 

I also have a cloud-hosted VPS for out-of-band management from other networks (that are often IPv4 only), it runs a dedicated IPSEC tunnel over IPv6 to my internal management-host.

 

Unfortunately my ISP doesn't provide the credentials for their VOIP platform, so I have to use their stupid all-in-one router/VOIP ATA with another ATA right after it to get a usable VOIP line. Migrating the landline to a cloud VOIP provider is on the roadmap for Q4 2018.

[jagdtigger]

Little update, just relocated the whole networking section to one place:

https://www.dropbox.com/s/o3qu1asdgljxokp/DSC02976.JPG?dl=0

Next up is ordering a wooden cabinet to hide them.

[Cree340]

I made a number of changes since my last post...

 

[diagram redacted]

 

For the most part, connections are 1GbE over copper (however many connections use link aggregation/etherchannel). Except for one of the storage servers, which is connected at 10GbE to the Cisco 3650 using fiber, and most of IOT devices (such as the speakers and bridge devices) and surveillance cameras are on 100mbps links. 

 

The network has 3 primary VLANs; one for management, one for most devices and a third one for guest. It also has another isolated VLAN for testing purposes. I do plan on adding a couple more VLANs in the near future for security purposes. Like a VLAN for the cameras that has no internet access and a VLAN for the phones that is prioritized over the network. Also, the Cisco 3750-X may be a layer 3 switch and has an IP Base license, but it is currently only used as a layer 2 access switch (no routing) for devices powered via POE.

 

There are also 3 WiFi SSIDs being broadcasted, a (WPA2 Enterprise) SSID for most devices (such as mobiles devices and laptops), a (WPA2 PSK) SSID for IOT devices and a (Open) SSID for Guests. I used to use Cisco ISE as a RADIUS server, NAC and as a captive portal for the guest WiFi, but now I just use Windows NPS and the built in captive portal in the Cisco WLC cause I corrupted the ISE installation by abruptly disconnecting the ESXi host from the NFS share (where the ISE VM was running from).

 

I only have one relatively small ESXi host at home (E3-1231v3 32GB RAM) because I run the majority of my VMs offsite and use site-to-site VPN tunnels to have those VMs virtually present on my network. The local ESXi host mainly runs a Windows server with active directory replication and a bunch of other random small VMs. The only services that are hosted in my home that are accessible publicly is my Plex server and my OpenVPN server.

 

Network monitoring is currently only done using PRTG, the Meraki Dashboard, and the Palo Alto Networks firewall WebGUI (and also ssh-ing directly into network switches). I plan on adding others in the future, such as InfluxDB or Prometheus with Grafana and ELK stack. Maybe also an IDS, such as Bro or Suricata. Cisco Stealthwatch would be cool to add but it costs way way too much.

 

There are also a few network devices in my diagram (like a number of the surveillance cameras and the surveillance server) that have not been set up yet and are just sitting on a desk right now. I plan on having those up soon.

Edited June 3, 2019 by Cree340

[DataEmo]

My small network:

 

The router is sitting in the basement with the two virtualization hosts. Primary uplink is the cable television. Had once a dead router after a thunderstorm so I went the fiber  route here. Cable is sometime not available so I need LTE as Failover but the reception in the basement is low.

 

 

The HyperV hosts are running two server 2016 domain controller, a 3cx phone system, hmailserver, Unifi controller and my vpn access.

WIFI is using WPA2 Enterprise with radius assigned vlan. There are with the security cameras, I/O Cards for the home automatisation, TVs and some PCs about 30 wired clients in the network

[jhon11]

this is really great information.

[Synth9617]

WARNING! It's A LONG POST SO BRACE YOURSELVES!!!! 

 

Father's House (Server location)

• ISP provided the modem and Router/AP
• Cisco Switch (Catalyst 2950 series) - provided my dad's colleague who is a legend in my eyes (even though I've never met him). Is only 10/100 as wasn't meant to be permanent but my cheap 8-port gigabit LAN switch from Amazon died after about 4 years.
• TP-Link Gigabit LAN -  brought to replace a crappy one from 2003.
• Powerline adapters are 300mbps so my sister, my dad and I can have fast file transfers while my other sister is gaming.
• OnNetworks APs (both Houses) - slow, unintuitive web UI, and drops out on any devices plugged into it (wireless is stable for once)
• Server
  • Spare gigabyte board I had lying around with an Intel core i3 2120 @ 3.30GHz, 6 GB of RAM, 3.5TB of storage, onboard Gigabit LAN and a TP-link PCI (not PCI-E otherwise the HP card would be in here) Gigabit LAN card.
  • 3TB WD Red - Pulled from a WD my cloud (didn't have the functionality I needed, and it needed a separate machine for plex)
  • 500GB Seagate - pulled from Cable TV box that was brought by us (Only paid for extra channels as a monthly subscription)
  • Windows Server 2016 
• The office PC is another gigabyte board with an Intel core i3 3220 @3.30GHz, 8GB RAM, 250GB HDD (boot), 500GB HDD (primary storage), 1TB HDD (secondary storage), onboard gigabit LAN and a Radeon R5 230 from Asus.
• Some ASRock board (my sister brought it online, second hand, (was 75% brown dust till I came along and cleaned it)

Mother's House (where I live on weekdays)

• both switches are TP-link 5port 10/100mbps 
• My Room
  • FYI I can still access my file server from here I just have to use a VPN
  • Domain laptop - Dell Latitude D630 4GB RAM, 500GB HDD (was from my main one as it was dying (kept on BSODing) but I wasn't worried about space on my main so I swapped the drives and reinstalled windows on them.
  • Main Laptop - Dell Latitude E6410 8GB RAM, 80GB HDD (both Dell's have Gigabit LAN)
  • Linux Test Bench - My sister's old Toshiba laptop 4GB RAM, 320GB HDD (CBA to put it in my main)
  • My PC - Biostar (with a soldered on Celeron CPU), 5GB RAM, 160GB HDD (boot), 250GB HDD (storage), HP enterprise dual gigabit LAN PCI-E card. 
• I still have to rebuild my step-dad's PC because it was a HP prebuilt but the PSU failed and nuked the board (RAM, GPU and HDD are confirmed fine but have no way to test the AMD CPU as I'm more of an intel guy TBH)

 

If you read all that, you deserve a snack

[kazuni]

Nothing too crazy...

[Lurick]

Made some updates and whatnot

 

 

 

 

 

[jnic]

[Sir Asvald]

Here is my updated network. I've added another 2 Servers which are running as VMs

 

 

[jagdtigger]

On 9/2/2018 at 3:54 PM, Lurick said:

Made some updates and whatnot

 

 

 

Spoiler

 

 

 

 

 

Spoiler

raspberry Pi 1

 

 

How old are those RPI's?  I had a RPI3 Model B running 24/7 (it was running apt-mirror once a day)  and the darn thing died on me....

[Lurick]

10 minutes ago, jagdtigger said:

How old are those RPI's?  I had a RPI3 Model B running 24/7 (it was running apt-mirror once a day)  and the darn thing died on me....

I think they are about 4 years old at this point. They are the RPI2 Model B iirc

[jagdtigger]

4 minutes ago, Lurick said:

I think they are about 4 years old at this point. They are the RPI2 Model B iirc

Nice, my rpi3b lasted for about 2 years. A HP office PC took its place(260-a101ng, im currently trying to get ESXi recognize the internal HDD, currently im using it with a NFS mount until i fix the issue.

[pinksnowmanshandle]

It's slow as ass but the other alternative would to be not having internet at all on my desktop and I'd rather have some experience resembling what I'm used to.

also you're welcome for this top notch diagram of my network, created with the best program known to man. Microsoft Paint.

[CiscoFan]

Here is my updated topology.