Network Management: Unterschied zwischen den Versionen
| Zeile 3: | Zeile 3: | ||
Management of all network devices is restricted to the management network MGMT, VLAN 99, IP 10.10.99.0/24. | Management of all network devices is restricted to the management network MGMT, VLAN 99, IP 10.10.99.0/24. | ||
=== Physical connection to the switch === | |||
There's a dedicated management port on the switch, i.e. an (untagged) assignment to VLAN 99 on core switch port 24. Given the lack of DHCP in the MGMT network, you will need to manually assign the following IP settings: | There's a dedicated management port on the switch, i.e. an (untagged) assignment to VLAN 99 on core switch port 24. Given the lack of DHCP in the MGMT network, you will need to manually assign the following IP settings: | ||
| Zeile 13: | Zeile 14: | ||
</pre> | </pre> | ||
=== Remote management === | |||
In order to manage the FabLab network infrastructure from anywhere, an OpenVPN access is required. | In order to manage the FabLab network infrastructure from anywhere, an OpenVPN access is required. | ||
The OpenVPN client will get an IP within the subnet 10.10.23.0/24, which on the firewall is allowed to access all networks. Therefore, this VPN should be restricted to authorized admins only. | The OpenVPN client will get an IP within the subnet 10.10.23.0/24, which on the firewall is allowed to access all networks. Therefore, this VPN should be restricted to authorized admins only. | ||
== Switching Infrastructure == | == Switching Infrastructure == | ||
Version vom 15. Mai 2014, 18:04 Uhr
Prerequisites
Management of all network devices is restricted to the management network MGMT, VLAN 99, IP 10.10.99.0/24.
Physical connection to the switch
There's a dedicated management port on the switch, i.e. an (untagged) assignment to VLAN 99 on core switch port 24. Given the lack of DHCP in the MGMT network, you will need to manually assign the following IP settings:
IP: 10.10.99.1xx Subnet mask: 255.255.255.0 Gateway: 10.10.99.1 DNS: 10.10.99.1 Domain: mgmt.fablab.local
Remote management
In order to manage the FabLab network infrastructure from anywhere, an OpenVPN access is required. The OpenVPN client will get an IP within the subnet 10.10.23.0/24, which on the firewall is allowed to access all networks. Therefore, this VPN should be restricted to authorized admins only.
Switching Infrastructure
The core switches are manageable via SSL and SSH on their hostnames flz-sw-01 and flz-sw-02 respectively, or simply https://flz-sw.mgmt.fablab.local for the one currently in operation.
There are various unmanaged Netgear 5-port Gigabit switches spread across the room to be used as access switches.
WiFi Infrastructure
WiFi is provided on 2.4 and 5 GHz by a Cisco/Linksys WRT610N running OpenWRT.
The AP can be managed on https://flz-ap.mgmt.fablab.local
Firewall Infrastructure
The firewall can be managed on https://flz-fw.mgmt.fablab.local
NAS
The NAS can be managed on https://flz-nas.srv.fablab.local:5001