Network layout showoff

[HawkJ]

 

Thought I would share my current setup. 

 

Currently have four VLANS. 

 

ISP Internet: 1Gb/s up and down

Router: pfSense on HA (Local DNS 2)

 

Firewall: Cisco Firepower on HA managed by Firepower Management Center(FMC) on inline mode.

 

Switches: There are three switches. 

1. Core switch: Cisco 3750x 48T

2. Access switch 1: HPE v1910 48G

3. Access PoE switch 2: Cisco SG250 26HP (Used for APs and Home security)

 

WiFi: Managed by Cisco Mobility Express

1. Cisco Aironet 2800

2. Cisco Aironet 3700

 

Servers running:

 

Primary VLAN

1. Windows AD (Local DNS 1)

2. Umbrella DNS virtual appliance 1 (DNS used by all the devices. Conntected to the local DNS to retrieve local DNS calls)

3. Cisco Primary FMC (Managing the Firepower firewalls)

4. NAS running FreeNAS

5. ESXi to manage the VMs

6. Splunk monitoring 

 

Secondary VLAN

1. Standy Windows AD (Local DNS 3)

2. Umbrella DNS virtual appliance 2 (DNS used by all the devices. Conntected to the local DNS to retrieve local DNS calls)

3. Cisco Backup FMC (Managing the Firepower firewalls)

4. ESXi to manage the VMs

 

Public Servers VLAN

1. Cisco Email Security Appliance (Email relay used for spam, reputation and virus email scanning)

2. cPanel running web and mail services

3. VPN server running OpenVPN server on OPNsense

 

Currently all the links between all the devices are 1Gb ethernet cables.

 

The next upgrade

1. Move FreeNAS to separate server to host ESXi VM data

2. Configure two ESXi servers on HA on two separate physcial servers managed by vCenter

3. Replace the core switch with QSFP+ compatible switch

4. Replace Access switch 1: HPE v1910 48G with Cisco 3750x 48T

5. Link FreeNAS and the two ESXi servers with QSFP+ link

6. Upgrade the link between switches to SFP+ or SFP

7. Create a backup WAN link using 5G router

[Avocheeseado]

Sorry, this is not the most exiting haha and the first network diagram I have made.

Internet: DSL - 35-40Mbps (Download) 8-10Mbps (Upload)

Router: TP-Link AC1600

Switch: TP-Link TL-SG1005D 5 Port Network Switch

NAS: Synology DS218play 2 with 2TB Seagate IronWolf HDD

Access Points: BT Whole Home WiFi (3 Disks) (Main AP into switch and others wirelessly connected to first)

 

If anyone has any ways to improve it then thanks!

[Tedstonegenious]

My Diagram excludes wireles devices (exception the two IOT devices I own, which are placed on the guest network for security reasons) The ISP gave us a modem/router/AP combo unit, so we have HDCP disabled on it and have the HDCP server and the guest network on the Netgear router. It then goes to two sonic point NI for our APs. I piked these because I found one (the garage) at goodwill and got the second one used off of eBay for about 30$ (if you include the POE injector you need). This is to make switching between APS less of a mess in the back lawn. 

 

The garage AP is connected through a EOC adapter because it is separate and we don't have the tools to bury a Ethernet cable. Works surprisingly well.

 

I don't have access to the attic (we don't own a large enough ladder, and it's probably to too hot to work in there anyways), so most of these Ethernet cables go through corners. The black cable is the most noticeable, actually. But there are also ones in the living room and my bedroom and they are practically invisible. 

[Twinsenito]

Here is what I have, I've put a lot of planning in it. My router is at the entrance to my apartment. All of the cabling going through the walls and under the floor and then only goes out at rj45 wall sockets in three places. The forth slot is used to connect alarm system to the internet. All the cables are Cat6. All the switches and the router support gigabit speed. Switches are located in zones where devices are so there are no visible cabling most of the times. PS and Xbox - includes old consoles as well. Sound means soundbar. The only devices in my apartment that are not connect through a wire are laptops, phones, and guests' devices. Everything else is connected.

 

 

[eece_ret]

Day job

 

[Lurick]

29 minutes ago, eece_ret said:

Day job

-snip-

I'm assuming Standalone VxLAN and not ACI since I didn't see any APIC listed. Why not some 9336C-FX2 instead of the 93240-FX2 boxes? The 9336 can be downsped to 10G if needed but gives you that 40/100G headroom to not need to rip/replace later if you don't need tons of 10G port density. If it's not ACI, are you doing standalone management via the CLI? API and a third party tool? DCNM?

[eece_ret]

Yup.  Stand alone NXOS, no ACI.  BGP EVPN Ingress replication.  EVPN Edge routers (93240 FX2) underlay single OSPF domain peered across L2 Backbone.  Good Q on the 9336's.  They are slated as my upgrade path for local site expansion.  For cost reasons we are utilizing the 93180's I for that purpose as the 93180s are simple l2 boxes for VSAN traffic (Basically a FC design using Ethernet/IP instead of FC).  The backplane capacity is large enough that with our current deployment, the added 100G intrasite interconnects with VSAN full tilt (16port at full 25G Bi Directional), we still have more than enough headroom.  Once our Edge Router population exceeds the available ports, the migration path to 9336's is very straighforward.  As im using dual OSPF uplinks off routed interfaces, I can down an entire side of an EVPN edge router migrate it to another L2 infrastructure (9336) without loss of traffic (BFD utilized here)  Easy peesy.

 

Management via Ansible

Except for VRF Formation and BGP peering.  Thats by hand (uncommon workflow, less time to just do it than work through all the playbooks)

[eece_ret]

DCNM looked very interesting, but we felt the cost of which could be put to more pressing needs.

[Lurick]

Just now, eece_ret said:

DCNM looked very interesting, but we felt the cost of which could be put to more pressing needs.

Yah, the people I deal with use DCNM now for their fabrics after a long battle. I remember ~2 years ago when we/they started looking at DCNM 10.4 and comparing it to now (11.4) the difference is night and day with the added features/functionality. It's definitely come a long way and the automation via API is nice but if you're not doing large (2000-4000+ port) fabrics it doesn't really make sense though since you could easily manage a few small fabrics without it and the added cost just isn't worth it.

[eece_ret]

"automation via API is nice but if you're not doing large (2000-4000+ port) fabrics it doesn't really make sense though since you could easily manage a few small fabrics without it and the added cost just isn't worth it."

 

We came to teh same conclusions  

[brwainer]

On 8/17/2014 at 7:24 AM, Ssoele said:

Some rules

<snip>

• It must be your own network; Don't try to impress by showing off a corporate network, we are looking for consumer networks

 

[eece_ret]

doh missed that

[eece_ret]

removed...  thank you for heads up.

[eece_ret]

[brwainer]

5 hours ago, eece_ret said:

<image removed>

I bet the Topology map in the Unifi Controller is all messed up, with having one Unifi switch, and it isn't even connected to the gateway. But otherwise looks fine.

[eece_ret]

LOL.  Yes the map is a little trippy. But all good, switches like a dream.

[DieselWeasel]

This is mine. Hopefully the diagram is done OK, the days of high school where we were building networks in Packet Tracer are long gone  

 

 

If anyone is interested I've just posted a topic about setting up a new network for our house. I could sure use some help from you guys. 

 

[sapage]

Do this count as part of my home setup?

[brwainer]

1 hour ago, sapage said:

Do this count as part of my home setup?

 

That's a nice device for lab use! But I'm not sure it counts as your home setup if it isn't part of the network that has to be working for your significant other, offspring, etc. to have internet access. There has to be stakes involved!

[Sir Asvald]

On 11/2/2020 at 12:09 AM, sapage said:

Do this count as part of my home setup?

 

You can start a datacenter with that!

 

[looney]

On 11/2/2020 at 1:09 AM, sapage said:

Do this count as part of my home setup?

I see your 6500 Chassis and I raise you with 3 more

 

Okay okay, lets call it 2.5 more 

[Lurick]

Physical layout (2025):

Spoiler

 

Updated Diagram (2025):

Spoiler

 

 

Edit:

Updated as of December 2025

[brwainer]

43 minutes ago, Lurick said:

Redid a lot of cabling recently.

 

  Hide contents

 

Updated Diagram:

  Hide contents

 

Why is one MR56 only linked at 2.5Gb? I haven’t used any Meraki switches or APs with more than 1Gb copper ports, but based on the datasheets I don’t see why.

[Lurick]

1 minute ago, brwainer said:

Why is one MR56 only linked at 2.5Gb? I haven’t used any Meraki switches or APs with more than 1Gb copper ports, but based on the datasheets I don’t see why.

Ah, it's able to do 5Gbps BUT the wiring has issues where it will only stay stable at 2.5Gbps for the one so I hard coded it to 2.5 instead of letting it randomly reset when on auto and it would do 5Gbps.

[WindirBear]

A better question is how do you guys protecc your network