118
edits
Networking: Difference between revisions
From London Hackspace Wiki
no edit summary
No edit summary |
|||
| Line 30: | Line 30: | ||
== TLS == | == TLS == | ||
Ideally we've migrated everything to LetsEncrypt unless we're doing internal network / infrastructure SSL trust/validation | Ideally we've migrated everything to LetsEncrypt unless we're doing internal network / infrastructure SSL trust/validation. | ||
There is a list of our legacy certificates here [[Networking/TLSCerts]] | There is a list of our legacy certificates here [[Networking/TLSCerts]] | ||
| Line 36: | Line 36: | ||
== WiFi == | == WiFi == | ||
We have | We have a number of [https://www.cisco.com/c/en/us/support/wireless/aironet-3500i-access-point/model.html Cisco Aironet 3502i access points] setup at [[Ujima House]]: | ||
We have 3 SSID's: | We have 3 SSID's: | ||
| Line 50: | Line 44: | ||
* LondonHackspace-IOT - for future plans involving sensors | * LondonHackspace-IOT - for future plans involving sensors | ||
All networks are 2.4 and 5GHz with the access points configured to push you towards 5ghz where you will probably get a better experience due to more bandwidth being available | |||
All | All access point configuration should be backed up to the [https://github.com/londonhackspace/oxidized oxidized repository] (available to sysadmins team) | ||
== Layer 2 == | == Layer 2 == | ||
| Line 59: | Line 54: | ||
The connectivity is set to allow everyone in the building full access to the Internet at full speed (ie if you are the only user online then you should get close to 500Mbps up and down on a speedtest site). The line is subject to fair and legal use but as long as no one abuses the connection or monopolises it then you can basically fill your boots (or SSDs). A 3.5 Gbyte Debian ISO DVD will download in approx 3 minutes. Please note that you should not download copyright materials from the web / torrent sites (movies etc.) as these are traceable by IP and it's also not a nice thing to do (unless you've paid for them legally)... more seriously that could lead to being cut off on a three strikes basis which we don't want to risk. There is no external rate shaping or packet inspection done on traffic at the ISP level unless there is any odd activity / complaints. Ben from Onega also happens to be a London Hackspace member so we should get helpful service to any reasonable requests. If / when needed the line could also be upgraded to the full Gigabit, or indeed to 10Gbps connectivity but right now the marginal cost would not be worth it given historic and current observed bandwidth levels. | The connectivity is set to allow everyone in the building full access to the Internet at full speed (ie if you are the only user online then you should get close to 500Mbps up and down on a speedtest site). The line is subject to fair and legal use but as long as no one abuses the connection or monopolises it then you can basically fill your boots (or SSDs). A 3.5 Gbyte Debian ISO DVD will download in approx 3 minutes. Please note that you should not download copyright materials from the web / torrent sites (movies etc.) as these are traceable by IP and it's also not a nice thing to do (unless you've paid for them legally)... more seriously that could lead to being cut off on a three strikes basis which we don't want to risk. There is no external rate shaping or packet inspection done on traffic at the ISP level unless there is any odd activity / complaints. Ben from Onega also happens to be a London Hackspace member so we should get helpful service to any reasonable requests. If / when needed the line could also be upgraded to the full Gigabit, or indeed to 10Gbps connectivity but right now the marginal cost would not be worth it given historic and current observed bandwidth levels. | ||
Our core router connecting this connection is [[Equipment/ | Our core router connecting this connection is [[Equipment/Norton|Norton]] which runs pfSense CE. Norton provides all VLAN routing, firewall and DHCP services. | ||
{| class="wikitable" | {| class="wikitable" | ||
| Line 75: | Line 70: | ||
| DNS2 || 62.244.177.177 || 2a00:1d40:ee:177::177 | | DNS2 || 62.244.177.177 || 2a00:1d40:ee:177::177 | ||
|} | |} | ||
=== Network Switches === | === Network Switches === | ||
There are currently three managed switches serving the | There are currently three managed switches serving the space: | ||
* gf-coreswitch - Cisco WS-C2960S-48FPD-L located ??? | * gf-coreswitch - Cisco WS-C2960S-48FPD-L located ??? | ||
* gf-woodshopsw - Cisco WS-C3560-24PS located in the woodshop | * gf-woodshopsw - Cisco WS-C3560-24PS located in the woodshop | ||
| Line 87: | Line 79: | ||
All switches are currently running old firmware and don't support modern cyphers the following ssh arg is required: <code>-oKexAlgorithms=+diffie-hellman-group1-sha1</code> | All switches are currently running old firmware and don't support modern cyphers the following ssh arg is required: <code>-oKexAlgorithms=+diffie-hellman-group1-sha1</code> | ||
All switch configuration should be backed up to the [https://github.com/londonhackspace/oxidized oxidized repository] (available to sysadmins team) | |||
=== ToDo === | === ToDo === | ||
| Line 95: | Line 89: | ||
Please note that we adhere to the TIA-568B standard of wiring in the London Hackspace connectivity. This is consistent with the existing wiring as well as historic best practices of London Hackspace. Go with (568)B, because Bees are Better. | Please note that we adhere to the TIA-568B standard of wiring in the London Hackspace connectivity. This is consistent with the existing wiring as well as historic best practices of London Hackspace. Go with (568)B, because Bees are Better. | ||
The current state of the network patching is being mapped via a [https://docs.google.com/spreadsheets/d/1-rRVlC1wekyFSl9KzApw9KUawMHdcYTQh1nqou1y_b4/edit?usp=sharing Google Sheet] | |||
=== Ground Floor === | === Ground Floor === | ||
