Difference between revisions of "Networking"
(→High-level description) |
(→Network hardware) |
||
Line 14: | Line 14: | ||
== Network hardware == | == Network hardware == | ||
*Mikrotik Routerboard 450G as main router | *Mikrotik Routerboard 450G as main router | ||
− | *Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test. | + | *<strike>Netgear WNDR3700 router, donated by [http://projectbismark.net Project Bismark]. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.</strike> |
− | *Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. | + | *<strike>Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss. </strike> |
− | *Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. | + | *<strike>Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef. </strike> |
− | *Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. | + | *<strike>Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef. </strike> |
− | *A 3Com 4924 (:A0) as the main switch, by default everything connects here. | + | *<strike>A 3Com 4924 (:A0) as the main switch, by default everything connects here. </strike> |
− | *A 3Com 4924 (:??) a spare switch. | + | *<strike>A 3Com 4924 (:??) a spare switch. </strike> |
− | *2 D-Link DWL-810+ bridges. | + | *<strike>2 D-Link DWL-810+ bridges. </strike> |
*Netgear GS108T as the lounge switch. | *Netgear GS108T as the lounge switch. | ||
− | *D-Link DWL-7100AP AP. | + | *<strike>D-Link DWL-7100AP AP. </strike> |
− | *D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username "D-Link"). | + | *<strike>D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username "D-Link"). |
− | *A Belkin F5D8236 wireless-N router as spare | + | *<strike>A Belkin F5D8236 wireless-N router as spare </strike> |
− | *3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. | + | *<strike>3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares. </strike> |
− | *Belkin F5D5141-5 switch. | + | *<strike>Belkin F5D5141-5 switch. </strike> |
− | *Cisco 2950 switches #1 and #2 | + | *Cisco 2950 switches #1 and #2. |
*Mikrotik RB750 (small white box) VOI's router | *Mikrotik RB750 (small white box) VOI's router | ||
− | *Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. | + | *<strike>Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris. </strike> |
== Wiring == | == Wiring == |
Revision as of 17:07, 25 March 2015
- Please keep an updated copy of this page printed out and posted in the server room, so there is access to documentation even if the network / internet is down
- Also see IT Policies
- We have many people working with the equipment, remember to attach or tie down anything that could get unplugged/fall/etc. We twice lost internet - first time the router fell and power switch got pressed, second time the power plug was pulled out of main internet switch.
- this page is finally being updated for Sksp2, old page is at Networking/Old
Contents
High-level description
The main router is a RB450G, connected to the main switch (port 2), security switch (4, later), internet feed (3), and other networks later. Main internal switch is a 3Com4924 in the server rack, feeds a GS108T at the lounge PC and a 5-port GigE switch near the meeting table. The main HP AP has SSID skullspace and is mounted on the roof in the middle of the space.
Internet feeds
Primary: Internet from VOI (wifi-based Ubiquity NB5, tested 60mbit down 40mbit up to Speedtest.net Winnipeg).
Network hardware
- Mikrotik Routerboard 450G as main router
Netgear WNDR3700 router, donated by Project Bismark. It had a problem (routed packets fine but services like DHCP/DNS/web server didn't work) so was taken out of the network to test.Linksys WRT54G2 v1.5 as spare. WAN port may sometime have packet loss.Linksys WRT350N with DD-WRT v24SP2 firmware as a spare. Lent by Stef.Linksys WRT54G v2 with tomato 1.28 firmware as a spare. Lent by Stef.A 3Com 4924 (:A0) as the main switch, by default everything connects here.A 3Com 4924 (:??) a spare switch.2 D-Link DWL-810+ bridges.- Netgear GS108T as the lounge switch.
D-Link DWL-7100AP AP.D-Link DES-3224 as a public IP switch, set to management only on port 7 (Telnet, username "D-Link").A Belkin F5D8236 wireless-N router as spare3 Cisco Aironet 1100 APs with .B cards and one (:90) with a .G card as spares.Belkin F5D5141-5 switch.- Cisco 2950 switches #1 and #2.
- Mikrotik RB750 (small white box) VOI's router
Western Multiplex Tsunami 100 5.8ghz - two links (4x IDU, 2x high ODU, 2x low ODU) unused. Panel antenna loaned from Seccuris.
Wiring
Runs A1+B1: from rack to wiring area on top of bathrooms, A2+B2 from wiring area on top of bathrooms to pole in front of classroom. One will be used to feed wifi AP. C+D: from rack to next to a couch in lounge area. A wire goes under the nearby door to the wiring area of the space next door and above a window for the temporary garbage-cam. E+F+G: from rack to area behind rear black desk.
Tasks
- terminate ethernet lines correctly in a panel once we're sure server room is stable
- label networking equipment (IPs etc) and servers, update this page for the latter
- put read-only and full-access passwords on devices
Wireless Networks
skullspace = main SSID, usual password skullspace_rear: linksys G router in the server rack, as a backup.
New IP Ranges
- 172.30.4.x = testing/reserved for later use
- 172.30.5.x = half Security/Management network half VPNs
- 172.30.6.x = Main network DHCP .100-.240 router .1 network gear .10-.29 printers .30-.39 VMs, servers .40-.99 VPNs .241-254
- 172.30.7.x = CTF Network DHCP ??? router .1
Internal IP usage
Check these
Legacy IPs
- 192.168.1.1 main Linksys/Netgear router
- 192.168.1.9 noel, alex's linux container on vmsrv
- 192.168.1.10 kyle, a linux container on vmsrv
- 192.168.1.11 stefen, a linux container on vmsrv
- 192.168.1.12 Samsung CLP-310N printer
- 192.168.1.15 Cisco 2950 switch
- 192.168.1.16 Netgear GS108T workshop switch
- 192.168.1.17 Cisco 4924 Switch-1 (main)
- 192.168.1.18 Cisco 4924 Switch-2
- 192.168.1.22 DES-3224
- 192.168.1.26 vmsrv
- 192.168.1.27 Who took this and didn't document?
- 192.168.1.31 not in use, but don't use
- 192.168.1.32 Skullhost on vmsrv
- 192.168.1.33 iscsi server on vmsrv
- 192.168.1.34-35 Kenny servers
- 192.168.1.36 VPN server on vmsrv - contact Jay or Alex
- 192.168.1.37 Ben's server
- 192.168.1.38 Driftnet laptop
- 192.168.1.39 open for use
- 192.168.1.40 Pablodraw VM - http://picoe.ca/pablodraw/ for the client.
Current 172.30/16
- 172.30.6.1 Micro-tik Router
- 172.30.6.2 SkullSpace-External (Cisco 2850 Switch)
- 172.30.6.3 SkullSpace-Internal (Cisco 2850 Switch)
- 172.30.6.10 WAP-A (UniFI AP Management IP)
- 172.30.6.11 WAP-B (UniFI AP Management IP)
- 172.30.6.12 WAP-C (UniFI AP Management IP)
- 172.30.6.30 latest Ubuntu graphical shell service on vmsrv
- 172.30.6.31-32 Mark's temporary project ips
- 172.30.6.33 Wifi config app host
- 172.30.6.40 vmsrv
- 172.30.6.50-53 Chris Otto Servers
- 172.30.6.100-240 Main router DHCP space
- 172.30.6.241-254 VPN IPs
- 172.30.7.1 Micro-tik Router (WIFI VLAN)
VOI IP usage
VOI gave us 206.220.196.48/28 (mask 255.255.255.240), 206.220.193.64/29 (mask 255.255.255.248) as well as 2604:4280:1:c0de::/64, you must reserve IPs here before using them. You'll need to plug into the new VOI-Static switch, currently a Cisco in the 'top' rack.
IP | DNS | Use | Contact | used by? | reason for public IP and notes | ||
---|---|---|---|---|---|---|---|
206.220.193.65 | TBD | VOI router | VOI | all machines | required by network design | ||
206.220.193.66 |
|
Mark temporary | mark@markjenkins.ca | Mark | temporary ipsec test | ||
206.220.193.67 |
|
||||||
206.220.193.68 |
|
||||||
206.220.193.69 |
|
Richard's Server | rjr point work at gmail | development server, potentially Starbound server | |||
206.220.193.70 |
|
Chris's Server | cotto at ieee point org | development server, occasionally Terraria server | |||
206.220.196.49 |
|
VOI Mikrotik RB750? router | VOI Networks | now | required by network design | ||
206.220.196.50 |
|
Sksp Main Router | CStanners a gmail.com or Sksp admins | ||||
206.220.196.51 | 2604:4280:1:c0de::53
|
SKSP DNS | it@skullspace.ca | 2014-10-08 | Skullspace Primary DNS Server | ||
206.220.196.52 |
|
Vobster Nepharia Services | mak@kolybabi.com and dave@ysarro.com | 2012-02-17 | Runs DNS, SMTP/IMAP, OpenVPN, Asterisk, SSH & IRC, and HTTP for Nepharia and its associated domains. | ||
206.220.196.53 |
|
Vobster SkullSpace Services | mak@kolybabi.com and dave@ysarro.com | 2012-02-17 | Runs DNS, SMTP/IMAP, SSH & IRC, and HTTP for SkullSpace. | ||
206.220.196.54 |
|
Vobster CTF Services | mak@kolybabi.com and dave@ysarro.com | 2013-04-09 | |||
206.220.196.55 |
|
Edwin Amsler | edwinguy at gmail dot calm | 2015-02-23 | |||
206.220.196.56 |
|
Colin / Jeremy FreeBSD server | phoul@insecure-complexity.com | 2013-10-01 | |||
206.220.196.57 |
|
vmsrv | mark@parit.ca | 2012-08-27 | VM server open to all members, will run an http proxy to allow this one ip to host many web servers | ||
206.220.196.58 | 2604:4280:1:c0de::314
|
Sean's server. | sean _at_ tinfoilhat _dot_ ca | 2013-09-27 | L2TP etc. | ||
206.220.196.59 |
|
Ron's server | ron @ skullsecurity.net | Now | Websites and stuff | ||
206.220.196.60 |
|
Colin's project server | CStanners @ gmail | Occasional | IPv6, VPN services and testing | ||
206.220.196.61 |
|
Ben's server | ben@benbergman.ca | 2012-12-18 | http/ssh/vpn/other | ||
206.220.196.62 |
|
The Danger Zone | ctfadmin@ | 2012-06-01 | The home of the SkullSpace Teaching CTF. |
Access
All members currently have full access to all devices. Later it may be a good idea to have different full-access passwords for all devices restricted to NetOps and by request, and the read-only password being publically known among our members.