Network: Difference between revisions

From Unallocated Space
Jump to navigation Jump to search
(Created page with "== Hardware == * Cisco 2960 48-port switch * Cisco 2950 24-port switch * Cisco 2948G-L3 48-port switch * Juniper SSG5 Firewall * Buffalo Technologies WZR-AG300NH * Netgear 24-por...")
 
 
(3 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== Hardware ==
== Hardware ==
* Cisco 2960 48-port switch
* [http://www.cisco.com/en/US/products/ps6406/index.html Cisco WS-C2960-48TT-L]
* Cisco 2950 24-port switch
* [http://www.cisco.com/en/US/products/hw/switches/ps628/ps4434/index.html Cisco 2950SX 24]
* Cisco 2948G-L3 48-port switch
* [http://www.cisco.com/en/US/products/hw/switches/ps606/products_data_sheet09186a008009267f.html Cisco 2948G-L3 48]
* Juniper SSG5 Firewall
* [http://www.juniper.net/us/en/products-services/security/ssg-series/ssg5/ Juniper SSG5]
* Buffalo Technologies WZR-AG300NH
* [http://www.buffalotech.com/products/wireless/wireless-routers/airstation-highpower-n600-gigabit-dual-band-wireless-router-wzr-hp-ag300h/ Buffalo Technology WZR-AG300H]
* Netgear 24-port Gigabit smart switch
* Netgear GS724TR
* Supermicro machine with 4x NICs for 8Gbps routing with Vyatta
* Supermicro machine with 4x NICs for 8Gbps routing with Vyatta


Line 12: Line 12:


{|
{|
| 10.101.0.0/24 || Management/Internal Devices
| 10.101.0.0/24 || Management/Internal Devices || VLAN 100
|-
|-
| 10.101.1.0/24 || User Wired LAN
| 10.101.1.0/24 || User Wired LAN || VLAN 101
|-
|-
| 10.101.2.0/24 || User Wireless LAN
| 10.101.2.0/24 || User Wireless LAN || VLAN 102
|-
|-
| 10.101.3.0/24 || VMWare environment for [[The Lab]]
| 10.101.3.0/24 || VMWare environment for [[The Lab]] || VLAN 103
|-
|-
| 10.101.4.0/24 || DMZ for Chaos and Internet
| 10.101.4.0/24 || DMZ for Chaos and Internet || VLAN 104
|-
|-
| 10.101.5.0/24 || Reserved for future use
| 10.101.5.0/24 || Reserved for future use || VLAN 105
|-
|-
| 10.101.6.0/24 || Reserved for future use
| 10.101.6.0/24 || Reserved for future use || VLAN 106
|-
|-
| 10.101.7.0/28 || Used for Point to Point connections (will expand as needed)
| 10.101.7.0/28 || Used for Point to Point connections (will expand as needed) || VLAN 999
|}
|}




There will be more here once I get designs built out in Visio or Dia (whichever I happen to use)
There will be more here once I get designs built out in Visio or Dia (whichever I happen to use)
== LDAP ==
    We have an LDAP server running FreeIPA and FreeRADIUS to provide authentication services.
    IP Address: 10.0.1.5
    Hostname: authentication.uas
    Web Management: https://authentication.uas
For more information about policies, groups, and configuration, please see the currently non-existent UAS FreeIPA Document
RADIUS for WiFi Access
    The server is running FreeRADIUS with the LDAP plugin enabled to grant users access to the UnallocatedMembers wireless network. Please see the Wireless Access Points section for more details
Server Access via LDAP
    Users are granted different levels of access to servers based on their role within the space. Current roles are Board, Keyholder, Member, and Student. Individuals can be granted other accesses outside of their role as needed.
    When a new server is spun up, freeipa-client should be installed. After the installation is complete, run the following command:
        “ipa-client-install --domain=uas --server=authentication.uas --realm=UAS --mkhomedir”
    Anyone with admin privileges in FreeIPA should be able to run that command
    While “--mkhomedir” is in the command, it does not work for Ubuntu server. You will need to add the following line to “/etc/pam.d/common-session”:
        “session required        pam_mkhomedir.so skel=/etc/skel/”
After adding that line, please reboot and try logging in with your LDAP credentials.
[[Category:Project]]

Latest revision as of 12:53, 8 January 2023

Hardware

Subnets

All IPv4 subnets are built off of a /21 provided by the ChaosVPN

10.101.0.0/24 Management/Internal Devices VLAN 100
10.101.1.0/24 User Wired LAN VLAN 101
10.101.2.0/24 User Wireless LAN VLAN 102
10.101.3.0/24 VMWare environment for The Lab VLAN 103
10.101.4.0/24 DMZ for Chaos and Internet VLAN 104
10.101.5.0/24 Reserved for future use VLAN 105
10.101.6.0/24 Reserved for future use VLAN 106
10.101.7.0/28 Used for Point to Point connections (will expand as needed) VLAN 999


There will be more here once I get designs built out in Visio or Dia (whichever I happen to use)


LDAP

   We have an LDAP server running FreeIPA and FreeRADIUS to provide authentication services.
   IP Address: 10.0.1.5
   Hostname: authentication.uas
   Web Management: https://authentication.uas

For more information about policies, groups, and configuration, please see the currently non-existent UAS FreeIPA Document RADIUS for WiFi Access 

   The server is running FreeRADIUS with the LDAP plugin enabled to grant users access to the UnallocatedMembers wireless network. Please see the Wireless Access Points section for more details

Server Access via LDAP 

   Users are granted different levels of access to servers based on their role within the space. Current roles are Board, Keyholder, Member, and Student. Individuals can be granted other accesses outside of their role as needed. 

   When a new server is spun up, freeipa-client should be installed. After the installation is complete, run the following command:
       “ipa-client-install --domain=uas --server=authentication.uas --realm=UAS --mkhomedir”
   Anyone with admin privileges in FreeIPA should be able to run that command
   While “--mkhomedir” is in the command, it does not work for Ubuntu server. You will need to add the following line to “/etc/pam.d/common-session”:
       “session required        pam_mkhomedir.so skel=/etc/skel/”

After adding that line, please reboot and try logging in with your LDAP credentials.

Retrieved from "https://www.wiki.unallocatedspace.org/wiki/index.php?title=Network&oldid=1259"