====== VHS Network ======

**NOTE: Currently under revision**

{{::vhs-network.jpg?200 |}}

Summary description of the area and perhaps some misc notes about its purpose!

^ Status             | Operational as of Nov 20, 2013                               |
^ Training           | Recommended                                                  |
^ Usage Restrictions | Members Only                                                 |
^ Creation Date      | VHS Epoch                                                    |
^ Location           | Space is wired, main system is on top of server rack         |
^ Champion           | See [[tool:compendium_of_champions|Compendium of Champions]]|

===== Current Network =====

==== Layer 1 (Physical) ====
See Talk thread about ethernet wiring of the space here: [[https://talk.vanhack.ca/t/project-network-wiring-the-space/10544|Project: Network Wiring the Space!]]



==== Layer 2 (Data Link) ====

=== VLANs ===

^ ID ^ Name ^ Type ^ In-Use ^
| 1 | Default | Default | Yes |
| 1 | Auto VoIP | Auto VoIP | No |
| 3 | Auto Video | Auto Video | No |
| 99 | Management | Configured | Yes |
| 100 | Servers | Static | Yes |
| 101 | Access | Static | Yes |
| 102 | HVAC | Static | Yes |
| 103 | IoT | Static | Yes |
| 104 | IoT-Isolated | Static | Yes |
| 201 | VoIP | Static | No |

=== Switch Configuration ===

^ Port ^ Description ^ Role ^
| g1 | vhs-pfsense2-lan0 | Infrastructure (Trunks) |
| g2 | vhs-ubnt1 | Infrastructure (Trunks) |
| g3 | vhs-ubnt2 | Infrastructure (Trunks) |
| g4 | vhs-vmware1 | Infrastructure (Trunks) |
| g5 | vhs-pfsense2-lan1 | Infrastructure (Trunks) |
| g6 | | Infrastructure (Trunks) |
| g7 | vhs-toughswitch1-mgmt | Infrastructure (Trunks) |
| g8 | vhs-toughswitch1-trunk | Infrastructure (Trunks) |
| g9 | | Access |
| g10 | | Access |
| g11 | | Access |
| g12 | | Access |
| g13 | | Access |
| g14 | | Access |
| g15 | | Access |
| g16 | | Access |
| g17 | vhs-voip1| Access |
| g18 | | Access |
| g19 | SpaceTime| Access |
| g20 | | Access |
| g21  |switch-laser-cutter| Access |
| g22 | | Access |
| g23 | switch-3d-printers| Access |
| g24 | | Access |
| g25 | | Access |
| g26 | | Access |
| g27 | | Access |
| g28 | | Access |
| g29 | | Access |
| g30 | | Access |
| g31 | | Access |
| g32 | | Access |
| g33 | | Access |
| g34 | | Access |
| g35 | | Access |
| g36 | | Access |
| g37 | | Access |
| g38 | | Access |
| g39 | | Access |
| g40 | | Access |
| g41 | | Management |
| g42 | | Management |
| g43 | | Management |
| g44 | | Management |
| g45 | | Management |
| g46 | | Management |
| g47 | vhs-vmware1-mgmt | Management |
| g48 | vhs-pfsense2-mgmt | Management |
| g49 | | |
| g50 | | |

=== Trunks ===
^ Interface ^ Default VLAN ^ Tagged VLAN(s) ^
| g1 | 1 | 101,103 |
| g2 | 99 | 99,101-104 |
| g3 | 99 | 99,101-104 |
| g4 | 1 | 99-102 |
| g5 | 1 | 1,100,102 |
| g6 | 99 | 99,101-104 |
| g7 | 99 | 99 |
| g8 | 99 | 99,101-104 |

=== Wireless ===
^ SSID ^ VLAN ^
|Vancouver Hack Space|Access|
|VanHack.ca|Access|
|VHS-HVAC|HVAC|
|VHS-IoTings|IoT|

==== Layer 3 ====

=== Internet ===

^ Provider | Shaw |
^ Netblock | 184.71.172.140/30 |
^ Provider IP | 184.71.172.141 |
^ Firewall IP | 184.71.172.142 |

=== Networks ===

^ IP ^ Role  ^
| 10.99.0.0/16 | Management |
| 10.100.0.0/16 | Servers |
| 172.16.0.0/12 | Access |
| 10.102.0.0/16 | HVAC |
| 10.103.0.0/16 | IoT |

=== Firewall ===

^ Alias ^ Interface ^ VLAN ^ IP ^ Role  ^
| WAN0 | em0 | No | 184.71.172.142/30 | Public |
| LAN0ACCESS | em1 | 101 | 172.16.0.1/12 | Access |
| LAN0IoT | em1 | 103 | 10.103.0.1/16 | IoT |
| LAN1SERVERS | em2 | 100 | 10.100.0.1/16 | Servers |
| LAN1HVAC | em2 | 102 | 10.102.0.1/16 | HVAC |
| MGMT | em3 | Default | 10.99.0.1/16 | Management |

===== Links =====
^ Link               ^ 
| https://vanhack.ca/doku.php?id=servers |
| https://vanhack.ca/doku.php?id=tutorials:vhs_s_openvpn |
| https://vanhack.ca/doku.php?id=tutorials:silc_server |
| https://vanhack.ca/doku.php?id=tutorials:vhs_solidworks |
| https://vanhack.ca/doku.php?id=servers |
| https://vanhack.ca/doku.php?id=tool:server_rack |

===== Maintenance Log ====

Any maintenance, repairs, relocations, changes, etc to the area should be logged below with a note, date and who!

^ Note               ^ Date         ^ Who       ^
| Wiki entry created | Nov 20, 2013 | Thomas L. |
| Added current setup, current gear, future setup | Early March | Rob M|
| We are running out of dhcp leases | Mar 14, 2016 | Thomas H. |

===== Legacy Information =====

==== Future Setup ====
Assuming we get a pfsense box, that can do router-on-a-stick kinda setup (or if one of our switches does routing, great)

ISP VDSL modem -> pfsense-> vlans -> core switch -> [details below]

<code>
vlan 1
# General vlan for member devices
# General wireless
# Any untagged traffic

vlan 2
# Space infrastructure
# file servers
# phones
# printers
# isvhsopen box

vlan 3
# Other servers

vlan 101
# Playground. A network with a server (that can run VMware), a (managed) switch, and a wifi access point.

vlan 102
#iot network (possibly on it's own wireless device as well, right now served as a second ssid from cisco wap)

vlan 99
# management interface for network devices
</code>



==== Current Setup ====
ISP VDSL modem  -> ddwrt based router -> dumb acting switch -> 2 Wireless Access points / all the VHS computers

We have the ISP VDSL modem:
<code>
IP: 69.31.160.146
Mask: 255.255.255.252
Gateway: 69.31.160.145
ISP DNS: 69.31.170.249
</code>

Inside the NAT:
<code>
Router IP: 172.16.0.1
Netmask: 255.255.0.0
</code>

<code>

WAP1 (2.4 GHz) : 172.16.0.2 (cisco:cisco)
WAP2 (5 GHz) : 172.16.0.3 (cisco:cisco)
Dlink switch : 172.16.0.4 (admin:blank)
</code>

<code>
DHCP Range: 172.16.0.70 - 172.16.0.250
</code>
===== Available Gear =====

[[http://www.cnet.com/products/dell-powerconnect-2716-switch-16-ports-managed-desktop-series/specs/|Dell PowerConnect 2716]] - 16 Port gigabit managed switch. 802.1Q, 802.3ad

[[http://www.hp.com/rnd/pdfs/datasheets/ProCurve_Switch_5300xl_Series.pdf|HP Procurve modular switch 5308xl]] (PDF link) - 48 100mbit ports, 32 1000mbit ports, 802.1Q, 802.3ad

[[http://www.lannerinc.com/products/network-processing-appliances/rackmount/mr-730|Lanner mr-730 network device???]]

2x [[http://www.cisco.com/en/US/products/hw/switches/ps628/products_data_sheet09186a00801cfb71.html| Cisco Catalyst 2950 Switch]] - 24 port 100mbit + 2 port 1000mbit, managed, 802.1Q, 802.3ad

[[http://support.dlink.ca/ProductInfo.aspx?m=DES-3828P|Dlink DES-3828P]] - POE Layer 3 switch - Managed 24-Port 10/100 Stackable L3 PoE Switch, 4 Gigabit Copper Ports + 2 Combo SFP

Bin of dumb switches

3x [[http://www.cisco.com/c/en/us/products/security/pix-501-security-appliance/index.html| Cisco firewall thingies]] - Likely useless

2x [[http://www.cisco.com/c/en/us/support/routers/2621-multiservice-platform/model.html| Cisco 2621-DC Multiservice Platform]]
- one with 2 serial interfaces & 2 fxs modules (each fxs module has 2 ports)
- one with 2 serial interfaces & 1 fxs module 

2x [[http://www9.cisco.com/c/en/us/products/collateral/routers/2600-series-multiservice-platforms/product_data_sheet0900aecd800fa5be.html| Cisco 2600 Series Modular Access Router]]
- one has one 100mbit ethernet module (2620 XM) 
- one has two 100mbit ethernet module and one T1 (2621) 

[[http://www.cisco.com/en/US/products/hw/routers/ps233/products_data_sheet09186a008009204c.html| Cisco 2509-RJ ]]

[[http://www.cisco.com/en/US/products/hw/routers/ps221/products_data_sheet09186a00800920f2.html| Cisco 1760]]
-T1 and ISDN interface, 2 fxs, 100mbit ethernet port

2x WRT54G 

5 Port 10Base T Hub