Networking

2014-10-17T02:48:55Z

Gygar:

*Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down
*Also see [[IT Policies]]
*We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.
*this page is finally being updated for Sksp2, old page is at [[Networking/Old]]

== High-level description ==
The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.

== Internet feeds ==
Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).

== Network hardware ==
*Mikrotik Routerboard 450G as main router
*Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.
*Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss.
*Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef.
*Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef.
*A 3Com 4924 (:A0) as the main switch, by default everything connects here.
*A 3Com 4924 (:??) a spare switch.
*2 D-Link DWL-810+ bridges.
*Netgear GS108T as the lounge switch.
*D-Link DWL-7100AP AP.
*D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username "D-Link").
*A Belkin F5D8236 wireless-N router as spare
*3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares.
*Belkin F5D5141-5 switch.
*Cisco 2950 switches #1 and #2 - currently unused.
*Mikrotik RB750 (small white box) VOI's router
*Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris.

== Wiring ==
Runs
A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP.
C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam.
E+F+G: from rack to area behind rear black desk.

== Tasks ==
*terminate ethernet lines correctly in a panel once we're sure server room is stable
*label networking equipment (IPs etc) and servers, update this page for the latter
*put read-only and full-access passwords on devices

== Wireless Networks ==
skullspace = main SSID, usual password
skullspace_rear: linksys G router in the server rack, as a backup.

New IP Ranges
*172.30.4.x = testing/reserved for later use
*172.30.5.x = half Security/Management network half VPNs
*172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254
*172.30.7.x = CTF Network DHCP ??? router .1

== Internal IP usage ==
Check these
*192.168.1.1 main Linksys/Netgear router
*192.168.1.9 noel, alex's linux container on [[vmsrv]]
*192.168.1.10 kyle, a linux container on [[vmsrv]]
*192.168.1.11 stefen, a linux container on [[vmsrv]]
*192.168.1.12 Samsung CLP-310N printer
*192.168.1.15 Cisco 2950 switch
*192.168.1.16 Netgear GS108T workshop switch
*192.168.1.17 Cisco 4924 Switch-1 (main)
*192.168.1.18 Cisco 4924 Switch-2
*192.168.1.22 DES-3224
*192.168.1.26 [[vmsrv]]
*192.168.1.27 Who took this and didn't document?
*192.168.1.31 not in use, but don't use
*192.168.1.32 [[Skullhost]] on [[vmsrv]]
*192.168.1.33 iscsi server on [[vmsrv]]
*192.168.1.34-35 Kenny servers
*192.168.1.36 VPN server on [[vmsrv]] - contact Jay or Alex
*192.168.1.37 Ben's server
*192.168.1.38 [[Driftnet]] laptop
*192.168.1.39 open for use
*192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.
*172.30.6.30 [[mumd|latest Ubuntu]] graphical shell service on [[vmsrv]]
*172.30.6.31-32 Mark's mail server project
*172.30.6.40 [[vmsrv]]
*172.30.6.50-53 Chris Otto Servers
*172.30.6.100-240 Main router DHCP space
*172.30.6.241-254 VPN IPs

== VOI IP usage ==
VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently DES-3224 in the rack.

{| class="wikitable"
|-
! IP
! DNS
! Use
! Contact
! used by?
! reason for public IP and notes
|-
| 206.220.193.65
| TBD
| VOI router
| VOI
| all machines
| required by network design
|-
| 206.220.193.66
|
{|
|-
| Fwd:
|-
| Rev:
|-
|}
|
|
|
|
|-
| 206.220.193.67
|
{|
|-
| Fwd:
|-
| Rev:
|-
|}
|
|
|
|
|-
| 206.220.193.68
|
{|
|-
| Fwd:
|-
| Rev:
|-
|}
|
|
|
|
|-
| 206.220.193.69
|
{|
|-
| Fwd:
|-
| Rev:
|-
|}
| Richard's Server
| rjr point work at gmail
|
| development server, potentially Starbound server
|-
| 206.220.193.70
|
{|
|-
| Fwd:
|-
| Rev:
|-
|}
| Chris's Server
| cotto at ieee point org
|
| development server, occasionally Terraria server
|-
| 206.220.196.49
|
{|
|-
| Fwd: h49-skullspace.winnipeg.voinetworks.net.
|-
| Rev: h49-skullspace.winnipeg.voinetworks.net.
|-
|}
| VOI Mikrotik RB750? router
| VOI Networks
| now
| required by network design
|-
| 206.220.196.50
|
{|
|-
| Fwd:
|-
| Rev:
|-
|}
| Sksp Main Router
| CStanners a gmail.com or Sksp admins
|
|
|-
| 206.220.196.51
| 2604:4280:1:c0de::53
{|
|-
| Fwd: ns1.skullspace.ca (Pending)
|-
| Rev: ns1.skullspace.ca (Pending)
|-
|}
| SKSP DNS
| it@skullspace.ca
| 2014-10-08
| Skullspace Primary DNS Server
|-
| 206.220.196.52
|
{|
|-
| Fwd: <several>
|-
| Rev: mail.nepharia.org
|-
|}
| Vobster Nepharia Services
| mak@kolybabi.com and dave@ysarro.com
| 2012-02-17
| Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH & IRC, and HTTP for Nepharia and its associated domains.
|-
| 206.220.196.53
|
{|
|-
| Fwd: <several>
|-
| Rev: mail.skullspace.ca
|-
|}
| Vobster SkullSpace Services
| mak@kolybabi.com and dave@ysarro.com
| 2012-02-17
| Runs DNS, SMTP/IMAP, SSH & IRC, and HTTP for SkullSpace.
|-
| 206.220.196.54
|
{|
|-
| Fwd: ctf.skullspace.ca
|-
| Rev: ctf.skullspace.ca
|-
|}
| Vobster CTF Services
| mak@kolybabi.com and dave@ysarro.com
| 2013-04-09
| Runs SSH-related services, for now.|
|-
| 206.220.196.55
||
{|
|-
| Fwd:
|-
| Rev:
|-
|}
|
|
|
|
|-
| 206.220.196.56
|
{|
|-
| Fwd:
|-
| Rev:
|-
|}
| Colin / Jeremy FreeBSD server
| phoul@insecure-complexity.com
| 2013-10-01
|
|-
| 206.220.196.57
|
{|
|-
| Fwd:
|-
| Rev:
|-
|}
| [[vmsrv]]
| mark@parit.ca
| 2012-08-27
| VM server open to all members, will run an http proxy to allow this one ip to host many web servers
|-
| 206.220.196.58
| 2604:4280:1:c0de::314
{|
|-
| Fwd: intarweb.ca
|-
| Rev:
|-
|}
| Sean's server.
| sean _at_ tinfoilhat _dot_ ca
| 2013-09-27
| L2TP etc.
|-
| 206.220.196.59
|
{|
|-
| Fwd:
|-
| Rev:
|-
|}
| Ron's server
| ron @ skullsecurity.net
| Now
| Websites and stuff
|-
| 206.220.196.60
|
{|
|-
| Fwd:
|-
| Rev:
|-
|}
| Colin's project server
| CStanners @ gmail
| Occasional
| IPv6, VPN services and testing
|-
| 206.220.196.61
|
{|
|-
| Fwd:
|-
| Rev:
|-
|}
| Ben's server
| ben@benbergman.ca
| 2012-12-18
| http/ssh/vpn/other
|-
| 206.220.196.62
|
{|
|-
| Fwd: dangerzone.skullspace.ca
|-
| Rev: dangerzone.skullspace.ca
|-
|}
| The Danger Zone
| ctfadmin@
| 2012-06-01
| The home of the SkullSpace Teaching CTF.
|-
|}

== Access ==
All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.

[[Category:Space]]
[[Category:Networking]]
[[Category:Required Reading]]

SkullSpace Wiki - User contributions [en]

Networking