Welcome, Guest. Please Login or Register
 
Dark Shadows
Pages: 1 2 
Send Topic Print
Networking Fun! (Read 38490 times)
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7464
Battle Creek, Michigan
Gender: male
Re: Networking Fun!
Reply #15 - May 29th, 2010 at 11:59pm
 
Here are a couple shots of my (mostly) finished racks, along with some hardcore "network security" tools.


Here's the lab rack.  I've got to order a few more cable management thingamabobs, so ignore the cable mess on the floor.

...


And the production rack.  Cable management is on my "to do" list.

...



-b0b
(...takes information security very seriously.)
Back to top
 

...
WWW JamesRRogers2  
IP Logged
 
MediaMaster
GeekCrew Administrator
FTP Server
*****
Offline


Holy Xenu!

Posts: 1884
Detroit
Gender: male
Re: Networking Fun!
Reply #16 - May 30th, 2010 at 12:16am
 
those are some seriously secure routers.
Back to top
 

"Our Constitution is designed only for a moral and religious people. It is wholly inadequate for any other."&&&&John Adams&&
WWW  
IP Logged
 
computerjuvenile
GeekCrew Luser
***
Offline



Posts: 154
Houghton, Michigan
Gender: male
Re: Networking Fun!
Reply #17 - Jun 15th, 2010 at 6:10pm
 
Can you explain why you have 9 antennas on that thing.  Are you transmitting on multiple channels, using multiple protocols (802.11g/b/a/n)?
Back to top
 

And that, knowing the time, that now it is high time to awake out of sleep: for now is our salvation nearer than when we believed.
WWW computerjuvenile attebiz  
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7464
Battle Creek, Michigan
Gender: male
Re: Networking Fun!
Reply #18 - Jun 15th, 2010 at 9:39pm
 
Here's a clear shot of the wireless hardware.  It's somewhat hard to see in the earlier pictures...



All four devices are somewhat more visible in this shot.

...


On the left side of the rack is a Cisco 1231G-A-K9.  The top two antennas are 2.4GHz antennas running 802.11b and 802.11g.  The big square antenna on the bottom center runs 802.11a.

...


On the right side of the rack is my old Cisco 1220B-K9.  It only runs 802.11b from the two antennas on top.

...


The left-center access point is my shiny new Cisco 1242G-A-K9.  The top two antennas run 5.0GHz 802.11a and the bottom two run 2.4GHz 802.11b and 802.11g.  The small AP in the back is Cisco 350B which only runs 2.4GHz 802.11b from its two antennas.

...




The Cisco 350B and 1220B are only turned on when I need them for my lab, which is somewhat rare.  The newer and more powerful 1231G-A-K9 and 1242G-A-K9 run 802.11a/b/g and are running constantly as redundant pairs.  They each serve three SSIDs tied to my three primary VLANs.  Two SSIDs run WPA2-Enterprise for my internal and lab networks, and one SSID runs WPA2-PSK for the "guest/gaming" network.  Channels are automatically negotiated, with the two live AP's choosing between the non-overlapping channels 1, 6, and 11.


-b0b
(...got root?)
Back to top
 

...
WWW JamesRRogers2  
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7464
Battle Creek, Michigan
Gender: male
Re: Networking Fun!
Reply #19 - Sep 1st, 2010 at 10:24pm
 
New toys!  These are crappy eBay pictures, but I'll take a picture of the actual products as soon as I have a moment to fire 'em up.


Cisco 3550 48-port multi-layer switch with the enhanced image.  This bad boy will replace my 2950 and will allow me to route between VLANs right on the switch instead of handing the traffic off to the 3745 router.

...


Cisco PIX 515 firewall with restricted license.  This is a firewall/VPN endpoint that will allow me to scan traffic entering my network to a deeper degree than my router can do by itself.  This will probably remain a "lab" firewall and I'll buy a beefier model for the production rack.

...



-b0b
(...is excited.)
Back to top
 

...
WWW JamesRRogers2  
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7464
Battle Creek, Michigan
Gender: male
Re: Networking Fun!
Reply #20 - Oct 18th, 2010 at 10:41am
 
I've bought some new toys for the network!  I've got a fairly drastic perimeter redesign coming up in the next week or two to implement this stuff.  Ultimately, my goal is to provide VPN access to everyone by the end of the year.  Nothin' says sexy like a 256-bit AES VPN connection!

I haven't taken pictures of the new gear yet, so forgive the stock/borrowed pics:



First up, I bought this AIM-VPN/HPII-Plus card for my existing router.  Cisco made a total of nine encryption cards for the 3745 router, of which this is the most powerful and feature-rich.  It will allow me to support AES VPN tunnels in 128-bit and 256-bit flavors.

...



These bad boys will become the core of my network security strategy.  These are Cisco PIX 525 firewalls that operate as a failover bundle.  I've maxed them out with 512MB of PC100 ECC SDRAM and have upgraded them with the latest OS and management software.  

...



In addition to maxing out the RAM, I've added five more network interfaces to each PIX along with this bad boy.  The Cisco PIX-VAC-PLUS serves a similar role to the AIM-VPN/HPII-Plus above and offloads encryption duties from the CPU.  It increases the VPN throughput of the PIX 525 from 30Mbps to ~145Mbps.

...



For intrusion prevention, I picked up a Cisco IDS 4215.  This device sits inline and monitors all traffic that passes through the network, looking for known-bad traffic.  Think of it as network-based antivirus/anti-malware/etc. device that also looks for attack signatures (hacking attempts, port scanning/reconnaissance/etc).

...



Finally, I picked up this bad boy to terminate VPN connections.  It's a Cisco 3030 VPN concentrator.  Fully loaded, it is capable of supporting up to 10,000 VPN connections.  Somehow, I don't think we'll need quite that many.

...
Back to top
 

...
WWW JamesRRogers2  
IP Logged
 
X
Post Whore
FTP Server
******
Offline


Truth Is Treason, In The
Empire Of Lies

Posts: 3903
Gender: male
Re: Networking Fun!
Reply #21 - Oct 18th, 2010 at 5:44pm
 
How/what are you using to keep all that equipment cool?  Or does your -10 degree room still exist with its sub-Arctic temps?

X
Back to top
 

In the land of the blind, the one eyed man is king. - Max Payne
agentx216  
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7464
Battle Creek, Michigan
Gender: male
Re: Networking Fun!
Reply #22 - Oct 18th, 2010 at 7:35pm
 
X wrote on Oct 18th, 2010 at 5:44pm:
How/what are you using to keep all that equipment cool?  Or does your -10 degree room still exist with its sub-Arctic temps?


I have a rather large window air conditioner that serves no other purpose than to keep my office at a balmy 66 degrees all year around.  That said, I'm not sure just how much all of this new equipment will affect the overall heat in the room.  Most of that equipment operates at 35-55 watts, so thermal output shouldn't be too crazy.  I bet all of my production network gear will only consume 50% of the power (and, thus, produce half the heat) that the Bobulator draws.


-b0b
(...and just wait until I build the next Bobulator!)
Back to top
 

...
WWW JamesRRogers2  
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7464
Battle Creek, Michigan
Gender: male
Re: Networking Fun!
Reply #23 - Nov 15th, 2010 at 2:55pm
 
b0b wrote on Oct 18th, 2010 at 7:35pm:
X wrote on Oct 18th, 2010 at 5:44pm:
How/what are you using to keep all that equipment cool?  Or does your -10 degree room still exist with its sub-Arctic temps?


I have a rather large window air conditioner that serves no other purpose than to keep my office at a balmy 66 degrees all year around.  That said, I'm not sure just how much all of this new equipment will affect the overall heat in the room.  Most of that equipment operates at 35-55 watts, so thermal output shouldn't be too crazy.  I bet all of my production network gear will only consume 50% of the power (and, thus, produce half the heat) that the Bobulator draws.


After placing the PIX firewalls and the intrusion detection system into production on Saturday, the production network cabinet is definitely displacing more heat than it was before.  All three devices draw approximately 65 watts, so I've effectively added another PC worth of heat in a small, tightly-enclosed cabinet.  I'm definitely going to have to look into buying or building a rack-mount cooling solution for this beast.


-b0b
(...more pictures soon!)
Back to top
 

...
WWW JamesRRogers2  
IP Logged
 
Pages: 1 2 
Send Topic Print