Difference between revisions of "Network"

From LVL1
Jump to navigation Jump to search
 
(33 intermediate revisions by 8 users not shown)
Line 1: Line 1:
 
{{Template:Space}}
 
{{Template:Space}}
  
== HELP NO INTERWEBS!! ==
+
'''Internet Service is graciously provided by http://bluegrass.net'''
  
* If power is tripped to the basement turn that back on.
+
== Network Diagram ==
* The point-to-point wireless link from LVL1's roof transceiver to bluegrass.net's AP may need to be reset. Behind the server rack is a Power over Ethernet device that provides power to the antenna link. Unplug it and plug it back in to power cycle it.
 
* There's a Cisco switch with VLAN configurations to the upstairs WiFi routers. I guess you could try power cycling that if you want. That's probably not it though.
 
* You can get to the web management interface of pfsense. Use 'https' not 'http' with the internal LAN interface. Poke around if you must, but I doubt any settings are preventing access unless you changed them. IF YOU CHANGE SOMETHING, LET EVERYONE ELSE KNOW. Seriously, if you don't know what you're doing you should probably not mess with config changes.
 
* The ethernet uplink to bluegrass.net goes into the switch which is vlanned off to separate raw internet from NATed network. you can restart this also.
 
* There are two WiFi routers (for lvl1 and lvl1secure) next the printer. You could try power cycling those.
 
  
== Misc ==
+
[[Image:2018_-_Network_Refresh.jpg|1000px]]
  
'''How to Open the Door:''' Lift cover on key lock, press key lock and then turn the handle.
+
== Network Overview ==
  
'''Internet Service graciously provided by http://bluegrass.net'''
+
* We have standards now!  Please do not add hodgepodge stuff to our network infrastructure.  Please see parts list below.
 +
* The DHCP pool takes exactly 10.0.0.100 - 10.0.2.255 All devices in these ranges use a /23 subnet mask (255.255.254.0) and a default gateway of 10.0.0.1 .
 +
* What this means in layman's terms:
 +
** Any IP that starts with 10.0.0.1 - 10.0.0.99 is a static client (either hard coded or assigned via DHCP reservations).
 +
** Any IP that starts with 10.0.0.100 10.0.2.255 is a dynamic client.
  
== Internet IPs==
+
* The wireless access points come from the 24port gig switch there are 4 of them, Main room, Classroom, Boneyard, and Deadzone they are connected through POE injectors.
* 69.64.6.64/29 (LVL1 IPs)
 
* 69.64.6.65 (bluegrass.net gateway)
 
* 216.135.64.2 (bluegrass.net DNS 1)
 
* 216.135.64.3 (bluegrass.net DNS 2)
 
  
== Network IPs ==
+
=== DHCP/Static IP Reservations ===
{| border="1"
+
{| class="wikitable"
 
|-
 
|-
|| '''IP ADDRESS''' || '''Description'''
+
! MAC Address
 +
! IP Address
 +
! Device Name
 +
! Description
 
|-
 
|-
|| 69.64.6.70 || pfSense FW external
+
| b8:97:5a:34:12:ae
 +
| 10.0.0.10
 +
| FILES
 +
| File Server
 +
|-
 +
|
 +
| 10.0.0.11
 +
| MAIN_SW
 +
| Cisco 3570G Switch Stack
 
|-
 
|-
|| 10.0.0.1 || pfSense FW internal
+
|  
 +
| 10.0.0.12
 +
| SPACE_SW01
 +
| Cisco 3560G Switch
 
|-
 
|-
|| 10.0.0.5 || lvl1switch
+
|  
|-  
+
| 10.0.0.13
|| 10.0.0.10 || WAP-N
+
| SPACE_SW02
 +
| Cisco 3560G Switch
 
|-
 
|-
|| 10.0.0.22 || fantasy sports, touchscreen
+
|  
|-
+
| 10.0.0.14
|| 10.0.0.27 || sip trunk
+
| CLASS_SW03
 +
| Cisco 2960G Switch
 
|-
 
|-
|| 10.0.0.29 || mother-testing
+
|  
 +
| 10.0.0.19-30
 +
| PRINTER(S)
 +
| Printers?
 
|-
 
|-
|| 10.0.0.39 || Eye-Fi-223f12
+
| b8:27:eb:0e:1d:10
 +
| 10.0.0.45
 +
| TOMVEND
 +
| Vending Machine Controller
 
|-
 
|-
|| 10.0.0.40 || vm1
+
| f0:9f:c2:d6:e7:08
 +
| 10.0.0.60
 +
| DEADZONE
 +
| Unifi AP-AC-Pro
 
|-
 
|-
|| 10.0.0.41 || webprogramming
+
| 00:27:22:f2:56:a7
 +
| 10.0.0.61
 +
| BONEYARD
 +
| Unifi AP-AC-LR
 
|-
 
|-
|| 10.0.0.43 || Workbench1
+
| f0:9f:c2:d6:b1:5f
 +
| 10.0.0.62
 +
| CLASSROOM
 +
| Unifi AP-AC-Pro
 
|-
 
|-
|| 10.0.0.46 || Mother
+
| f0:9f:c2:d6:e1:b7
|-
+
| 10.0.0.63
|| 10.0.0.48 || boxee
+
| MAINROOM
|-
+
| Unifi AP-AC-PRO
|| 10.0.0.50 || LVL1 Game Server
+
|}
|-
+
 
|| 10.0.0.55 || Linux box for mother, also security cameras
+
=== Internet IPs ===
|-
+
{|class="wikitable" style="text-align: left; border: 2px dashed blue;"
|| 10.0.0.100 || led sign
+
! style="text-align: right;" scope="row" | IP Network
|-
+
| colspan="2" |216.135.94.120/29
|| 10.0.0.130 || LED embedded Win XP Pro
 
 
|-
 
|-
|| 10.0.0.135 || Laser Cutter
+
! style="text-align: right;" scope="row" | Bluegrass.net Gateway
 +
| colspan="2" | 216.135.94.121
 
|-
 
|-
|| 10.0.0.252 || printer
+
! style="text-align: right;" scope="row" | Usable Range
 +
| 216.135.94.122 || 216.135.94.124
 
|-
 
|-
|| 10.0.0.253 || White Star Primary Telemetry Server (Ethernet port)
+
! style="text-align: right;" scope="row" | Public Address
 +
| colspan="2" | 216.135.94.123
 
|-
 
|-
|| 10.0.0.254 || File Server
+
! style="text-align: right;" scope="row" | DNS Servers
 +
| 216.135.64.2 || 216.135.64.3
 
|}
 
|}
 +
 +
== Parts ==
 +
[[File:LVL1Network.jpg|200px|thumb|right|Network Rack]]
 +
* [http://www.monoprice.com/Product?c_id=105&cp_id=10517&cs_id=1051705&p_id=7089&seq=1&format=2 2 Port Surface Mount Box]
 +
* [http://www.monoprice.com/Product?c_id=105&cp_id=10516&cs_id=1051603&p_id=7260&seq=1&format=2 Patch Panel for rack]
 +
* [http://www.monoprice.com/Product?c_id=105&cp_id=10513&cs_id=1051303&p_id=5622&seq=1&format=2 RJ-45 Jack (used in boxes and patch panel)]
 +
* [http://www.monoprice.com/Product?c_id=102&cp_id=10234&cs_id=1023401&p_id=8109&seq=1&format=2 Cable]
 +
* [http://www.monoprice.com/Product?c_id=102&cp_id=10232&cs_id=1023203&p_id=9837&seq=1&format=2 Patch Cable]
 +
 +
== Router Details ==
 +
* Our router is a small unifi security appliance a white box on the shelf in the network rack.
 +
* It has four interfaces.  We only use:
 +
** WAN - connects to POE injector by TARDIS
 +
** LAN - connects to Master switch
 +
* DHCP runs here.
 +
** controller is https://files:8443/
 +
 +
== Switch Details ==
 +
* Everything is layer 2, the switches have an IP address only for management purposes.
 +
* The Master Switch is managed via 10.0.0.11, 01 is 12, 02 is 13, 03 is 14.
 +
* Everything stays on default vlan (VLAN 1).
 +
* Master is a 48 port gig switch stack.  All other switches have 24 gigabit copper ports and two gigabit sfp ports.
 +
* For each access switch, ports 23 & 24 are in a Port Channel to provide redundancy and increase bandwidth.
 +
* On the master switch three different Port Channels are created (Po12-Po14) to support the three access switches.
 +
* If none of that made any sense, please just remember this: '''The links between switches have special configurations.  Please do not move those cables around.'''
 +
* Spanning tree is enabled (with portfast) and bpdu guard.  If you create a loop the ports will get disabled.  SSH into the appropriate switch to re-enable it.  All ports are labeled. 
 +
** For example: A7 = port 7 on switch A.  If it is disabled:
 +
 +
 +
==I need a static IP==
 +
* Instead of setting a static IP on your device, create a static lease in our router.
 +
===Why?===
 +
* Your device can still use DHCP but will get the same IP every time.
 +
* In some cases this can be much easier than manually setting a static IP.
 +
* If you take your device somewhere else it can still use DHCP.
 +
* You get a DNS entry.
 +
* Visibility.  We can track things better if they're in our router.  Manually setting IPs makes conflicts more likely.
 +
 +
===How?===
 +
* Log into pfSense as admin at https://10.0.0.1/.
 +
** I'm not listing the creds on the wiki, any LVL1 member should be able to figure out the login.
 +
* On the top bar click Status, then DHCP Leases.
 +
* Scroll to the bottom of the page to pick your new IP.
 +
** For wired, you'll pick an IP that starts with 10.0.0 (within 10.0.0.0/24).
 +
** For wireless, pick an IP that starts with 10.0.2 (within 10.0.2.0/24).
 +
** The IPs listed are already taken.  Pick something else and remember it or write it down for the next steps.
 +
** For good measure, do a quick ping test to make sure nothing else has taken that.
 +
* Scroll back up to the top of the page and find your device.  You can use the MAC address, hostname (not reliable if we have multiple things called "raspberrypi") or your current IP.  Newer leases are closer to the top. 
 +
* Click the + on the right next to your device.
 +
* Enter the following:
 +
** IP Address: the ip address you picked earlier.
 +
** Hostname: what you want the hostname to be.  This will also update DNS.  Please be specific, bonus points for also using your name.
 +
*** Being a good member: aaronv-pi
 +
*** Being a bad member: raspberrypi
 +
** Everything else can be ignored.
 +
* Click Save.
 +
* Click Apply.
 +
* Renew your DHCP lease or, if you're lazy, reboot.
 +
 +
 
{{Template:Space_Footer}}
 
{{Template:Space_Footer}}

Latest revision as of 19:01, 12 January 2019


Lvl1 qr header.png
Network&.png
Network

Internet Service is graciously provided by http://bluegrass.net

Network Diagram

2018 - Network Refresh.jpg

Network Overview

  • We have standards now! Please do not add hodgepodge stuff to our network infrastructure. Please see parts list below.
  • The DHCP pool takes exactly 10.0.0.100 - 10.0.2.255 All devices in these ranges use a /23 subnet mask (255.255.254.0) and a default gateway of 10.0.0.1 .
  • What this means in layman's terms:
    • Any IP that starts with 10.0.0.1 - 10.0.0.99 is a static client (either hard coded or assigned via DHCP reservations).
    • Any IP that starts with 10.0.0.100 10.0.2.255 is a dynamic client.
  • The wireless access points come from the 24port gig switch there are 4 of them, Main room, Classroom, Boneyard, and Deadzone they are connected through POE injectors.

DHCP/Static IP Reservations

MAC Address IP Address Device Name Description
b8:97:5a:34:12:ae 10.0.0.10 FILES File Server
10.0.0.11 MAIN_SW Cisco 3570G Switch Stack
10.0.0.12 SPACE_SW01 Cisco 3560G Switch
10.0.0.13 SPACE_SW02 Cisco 3560G Switch
10.0.0.14 CLASS_SW03 Cisco 2960G Switch
10.0.0.19-30 PRINTER(S) Printers?
b8:27:eb:0e:1d:10 10.0.0.45 TOMVEND Vending Machine Controller
f0:9f:c2:d6:e7:08 10.0.0.60 DEADZONE Unifi AP-AC-Pro
00:27:22:f2:56:a7 10.0.0.61 BONEYARD Unifi AP-AC-LR
f0:9f:c2:d6:b1:5f 10.0.0.62 CLASSROOM Unifi AP-AC-Pro
f0:9f:c2:d6:e1:b7 10.0.0.63 MAINROOM Unifi AP-AC-PRO

Internet IPs

IP Network 216.135.94.120/29
Bluegrass.net Gateway 216.135.94.121
Usable Range 216.135.94.122 216.135.94.124
Public Address 216.135.94.123
DNS Servers 216.135.64.2 216.135.64.3

Parts

Network Rack

Router Details

  • Our router is a small unifi security appliance a white box on the shelf in the network rack.
  • It has four interfaces. We only use:
    • WAN - connects to POE injector by TARDIS
    • LAN - connects to Master switch
  • DHCP runs here.

Switch Details

  • Everything is layer 2, the switches have an IP address only for management purposes.
  • The Master Switch is managed via 10.0.0.11, 01 is 12, 02 is 13, 03 is 14.
  • Everything stays on default vlan (VLAN 1).
  • Master is a 48 port gig switch stack. All other switches have 24 gigabit copper ports and two gigabit sfp ports.
  • For each access switch, ports 23 & 24 are in a Port Channel to provide redundancy and increase bandwidth.
  • On the master switch three different Port Channels are created (Po12-Po14) to support the three access switches.
  • If none of that made any sense, please just remember this: The links between switches have special configurations. Please do not move those cables around.
  • Spanning tree is enabled (with portfast) and bpdu guard. If you create a loop the ports will get disabled. SSH into the appropriate switch to re-enable it. All ports are labeled.
    • For example: A7 = port 7 on switch A. If it is disabled:


I need a static IP

  • Instead of setting a static IP on your device, create a static lease in our router.

Why?

  • Your device can still use DHCP but will get the same IP every time.
  • In some cases this can be much easier than manually setting a static IP.
  • If you take your device somewhere else it can still use DHCP.
  • You get a DNS entry.
  • Visibility. We can track things better if they're in our router. Manually setting IPs makes conflicts more likely.

How?

  • Log into pfSense as admin at https://10.0.0.1/.
    • I'm not listing the creds on the wiki, any LVL1 member should be able to figure out the login.
  • On the top bar click Status, then DHCP Leases.
  • Scroll to the bottom of the page to pick your new IP.
    • For wired, you'll pick an IP that starts with 10.0.0 (within 10.0.0.0/24).
    • For wireless, pick an IP that starts with 10.0.2 (within 10.0.2.0/24).
    • The IPs listed are already taken. Pick something else and remember it or write it down for the next steps.
    • For good measure, do a quick ping test to make sure nothing else has taken that.
  • Scroll back up to the top of the page and find your device. You can use the MAC address, hostname (not reliable if we have multiple things called "raspberrypi") or your current IP. Newer leases are closer to the top.
  • Click the + on the right next to your device.
  • Enter the following:
    • IP Address: the ip address you picked earlier.
    • Hostname: what you want the hostname to be. This will also update DNS. Please be specific, bonus points for also using your name.
      • Being a good member: aaronv-pi
      • Being a bad member: raspberrypi
    • Everything else can be ignored.
  • Click Save.
  • Click Apply.
  • Renew your DHCP lease or, if you're lazy, reboot.


Back to Space