Add to Google Reader or Homepage |
~ pjvenda / blog
$home . blog . photography

24 August 2009

Home network / Cisco testing lab

[1]: "Dog's bollox' syndrome", autistic geekiness, paranoid overkill network admin, will to learn. Call it what you like, I don't care.

This is about my home network. I've been getting my hands on some Cisco kit because it has always been a technology I wanted to learn about. After gathering a few newer or older devices, I was able to re-do my home network, with separated user, management, service and DMZ networks - done with the good help of ACLs, NATting and inter-VLAN routing. Internal services are explicitly accessible or transparently proxied, external service are NATted into the DMZ network. I am even setting up a direct Internet access network as fall back. Most of this stuff is provided over Wired Ethernet and 802.11g Wireless. Why? See [1] (top of post).

It all looks like this at the moment:

At the moment, the following devices compose and actively participate in this horrible wire mesh that I call "home network":

  • Cisco Catalyst 3548XL: 48 10/100Mbps Ethernet port core switch;
  • Cisco 2621XM: Core/Internal router and firewall;
  • Cisco Aironet 1231G: Wireless access point;
  • Cisco 877W: External router and firewall with DSL modem and wireless interface;
  • Linux server: (not seen in the picture) Provides storage and other network services such as SMB, authoritative and cache DNS, HTTP proxy, etc; There is a web page about this box on my website: Home server;

Because I am still a Cisco "newb", I needed to learn about the features that I needed as I went along. Stuff like configuring native and tagged VLANs with trunks on the switch, multiple networks on the access points (each going to a different LAN segment), setting up static routing, ACLs and NATting, enabling and using an ADSL cisco interface, managing Cisco IOS images and configurations, etc. It starts making a lot of sense as all the pieces of the jigsaw find their place in my mind, but it seemed a bit strange when I started.

I know for a fact (because I have seen them) that certain company setups are light-years away of mine both in size and in complexity. What is funny is that certain cases are light-years more complex but others are light-years simpler (d'ough!).

I quickly learnt that a network like this requires absolutely the permanent presence of an up-to-date network diagram and detailed notes with IP addresses and ranges, interface names, VLAN to IP mappings on the various devices, VLAN and trunk mappings on the switch.

[A random network diagram I ripped off the Internet for illustration purposes only. Mine is hand-written.]

I also learnt that Cisco is a huge corporation in such a good market position that allows charging of hefty sums for hardware and licensing together with software limitations on their devices (dependent on licensing levels). This is not easy for me to swallow. But I must say that their documentation is terrific in every aspect! In particular the following guides are absolutely top-notch in content and references:

There are many more great Cisco guides that should be on the list above, but it would just group exponentially. And I am not even thinking about Cisco Press paper books.

Apart from being an over-zealous sysadmin, I am also a bit paranoid with security. So I will not be giving away details about configurations :]. At least not at the moment.

Following the logical steps, I should be taking a CCNA exam in the near future...

Cheers, PJ.