As I said in the previous post, I took the time to install the TP-Link SG2424 24-port managed switch under the Verizon Quantum Gateway and setup a pass-through vlan so that I could check to see if the switch was going to work in the network. I should have tried out some other things as well.
It turns out that the SG2424 and the Quantum don't like each other. When I set up the SG2424 with the same settings as the GS108T, moved over the Ethernet lines and attempted to get everything running, the problems began. Problem One: the SG2424 would not keep all of its settings between reboots. I kept having to reset the IP address of the switch even though I made sure that I hit the confirm button. It just would not keep the new IP address and kept reverting back to the initial IP address which conflicted with other elements in my network. Problem Two: the SG2424 seemed to not like pass-throughs where the I came from a different switch (the GS1-08Ts) through the SG2424 to the Quantum Gateway. Problem Three: it would take sometimes 5 to 10 minutes before the Ethernet activity would settle down between the SG2424 and the Quantum. It appeared that the SG2424 kept resetting itself multiple times. Problem Four: After multiple resets, the traffic for my media equipment which flowed through the SG2424 to the Quantum would refuse to come up.
I took the SG2424 back to Micro Center where I bought it. I will review the Netgear GS724 and other switches like it to see if I can use it to replace the one GS108T. Very frustrating!
This is a blog mostly about techie things, what I am doing to my apartment network on the cheap, IOT, 3D Printing, Raspberry Pis, Arduinos, ESP32, ESP8266, Home Automation, Personal Weather Stations, Things That Go Bump in the Night, and some side issues that need discussing. Remember, sometimes the journey to an end is as much fun as the goal achieved!
Friday, February 26, 2016
Wednesday, February 10, 2016
Cluster#2 - Setting up an IPSec VPN into the Cluster
I want to set up the cluster to provide an IPSec VPN into the No-Mans Land vlan. From there, I intend on setting up the other three RPis to connect to various vlans throughout my network. The following diagram shows what I intend on doing:
The RPi coming from the Internet into NoManVlan would run the IPSec VPN. I would then be able to access the cluster from external places. The other three RPis would then perform the function of a gateway into other vlans from there. Quagga would still be used to setup the routing tables in each RPi with respect to the NoManVlan.
The RPi coming from the Internet into NoManVlan would run the IPSec VPN. I would then be able to access the cluster from external places. The other three RPis would then perform the function of a gateway into other vlans from there. Quagga would still be used to setup the routing tables in each RPi with respect to the NoManVlan.
When Something Gets Complicated - Go Simple
Well I spent a decent amount of time contemplating how I was going to mount the new 24-port switch into my network. For the life of me I couldn't figure out how to get this 17 inch box mounted in a space that was only about 12 inches wide. Then I started looking at all of the wires that I was going to plug into the box and I discovered that most of them could be rerouted on the other side of the air duct. On the other side of the air duct is where I have the FIOS Quantum gateway placed. The gateway is placed on top of a wired rack so that I could put things like the HDHomeRun Prime and a USB NAS below it.
Since I am no longer using the Prime, it occurred to me that I could use the space to mount the 24-port switch. I could reroute the Ethernet cables so that the connection point would move from in the tool room to just outside the tool room door. This also works out well because I can now power the 24-port switch from a different outlet which is not being that utilized. So I simplified the problem and it will only cost me an extra three Ethernet cables to connect the current setup.
I experimented over the weekend by moving the 24-port switch under the Quantum gateway and connecting the Ethernet cable from my internal router between the switch and the gateway instead of directly to the gateway. In other words I setup a patch vlan: Ethernet wire from router to switch in one port connected to another port that had an Ethernet wire from switch to gateway. This gives me an out in case I need to logically move the location of my router in my network. I am starting to get the hang of this.
I experimented over the weekend by moving the 24-port switch under the Quantum gateway and connecting the Ethernet cable from my internal router between the switch and the gateway instead of directly to the gateway. In other words I setup a patch vlan: Ethernet wire from router to switch in one port connected to another port that had an Ethernet wire from switch to gateway. This gives me an out in case I need to logically move the location of my router in my network. I am starting to get the hang of this.
Monday, February 8, 2016
Rearranging the Network
I bought a TP-Link SG2424 24-port managed switch over the weekend. This thing is quite the beast and is made for a rack mount:
I am hoping to replace the Netgear GS108T 8-port switch in the center of my network; because I am running out of ports to use. There is absolutely nothing wrong with the GS108T, but as you can see, I have a number of cables that are not connected because of lack of ports:
I am also thinking of other types of things that I can do, like using this switch placement as a main switch point for the network since it is right outside where I have my Fios Quantum router. The biggest problem I am facing at this moment is how to mount the 2424. The current mounting is a simple sheet of plywood with two screws that the GS108T mounts onto. With a rack mount size device, I am going to have to raise it further to get over the heating duct, and potentially have issues with heat and cold on the device.
Added Raspberry Pi Cluster for Experimenting
I just added a Raspberry Pi Cluster (4 RPis) to experiment with BGP and IPSec VPNs. My thought was to have a No-Mans Land VLAN running through the house in which I could tap into with the cluster. Since the NML vlan traffic wouldn't touch any of the other vlans it would make it easy to try out different types of routing protocols. I could also use one of the RPis to act as an IPSec VPN server to connect from the outside to the NML vlan. I could set it up so that it might be on a DMZ or other path. I am therefore not constrained even though I have double routers in my network. The cluster can be seen in this picture taken this morning:
When I was putting this together I was running some tests on a bench with the following layout:
I moved the cluster and router (acting as an 8 port managed switch) to an area where I have a UPS so that the power would be filtered. The first item on the list is to get a reasonable IPSec VPN running, hopefully using StrongSwan with some decent encryption, say AES256. Since the router has a WAN port, I can use that any time that I need to update the RPis in the cluster - just add a wire and then take it away. I did discover one issue though, I am going to have to remove the Mac Mini from the NML vlan because I noticed that all of the ports that were open on my personal vlan were open on the NML vlan. I don't know how to correct that so for now, after I get the IPSec VPN setup, I will remove the Mac Mini so I can reduce the probability that someone will hack into my network.
When I was putting this together I was running some tests on a bench with the following layout:
I moved the cluster and router (acting as an 8 port managed switch) to an area where I have a UPS so that the power would be filtered. The first item on the list is to get a reasonable IPSec VPN running, hopefully using StrongSwan with some decent encryption, say AES256. Since the router has a WAN port, I can use that any time that I need to update the RPis in the cluster - just add a wire and then take it away. I did discover one issue though, I am going to have to remove the Mac Mini from the NML vlan because I noticed that all of the ports that were open on my personal vlan were open on the NML vlan. I don't know how to correct that so for now, after I get the IPSec VPN setup, I will remove the Mac Mini so I can reduce the probability that someone will hack into my network.
Subscribe to:
Posts (Atom)