Internal Network: Unterschied zwischen den Versionen
Keine Bearbeitungszusammenfassung |
|||
Zeile 20: | Zeile 20: | ||
| 99 || MGMT || 10.10.99.0/24 || mgmt.fablab.local || Management network: Management interfaces of switches, access points, servers etc | | 99 || MGMT || 10.10.99.0/24 || mgmt.fablab.local || Management network: Management interfaces of switches, access points, servers etc | ||
|} | |} | ||
== General network config == | |||
The gateway (i.e. the firewall) is always located at IP x.x.x.1, and is currently also acting as the central DHCP, DNS and NTP server, as well as an Avahi (bonjour) proxy. | |||
The various subnets are within the private 10/8 range defi24ned by RFC 1918. The local supernet is 10.10/16, subnetted into various /24 networks. | |||
The third octet of the address always corresponds to the VLAN ID of the respective network. | |||
=== DHCP settings === | |||
Range: 10.10.[VLAN].100 - 199 | |||
Subnet mask: 255.255.255.0 | |||
Gateway: 10.10.[VLAN].1 | |||
DNS: 10.10.[VLAN].1 | |||
NTP: 10.10.[VLAN].1 | |||
Domain: fablab.local (in order to make DNS entries unter .fablab.local directly accessible because Windows does not seem to properly respect domain search lists provided by DHCP) | |||
DHCP service is provided on LAN, WLAN and GUEST (the latter getting assigned external nameservers) | |||
=== DNS === | |||
The central DNS server, providing forward and reverse name resolution for the various internal networks is implemented using ISC bind running on the local firewall. | |||
In order to make things a bit easier, the internal domain fablab.local has DNS aliases (CNAMEs) pointing to the various servers, e.g. fablabnas.fablab.local is actually a DNS CNAME pointing to flz-nas-01.srv.fablab.local, the 'real' name of the NAS device. | |||
This way, clients can simply reach all services by using their hostnames (e.g. 'ping fablabnas') |
Version vom 3. Mai 2014, 17:54 Uhr
Network topology
Network segments
The internal network is segmented into the following logical domains, implemented via VLANs on the switch and separate IP subnets:
VLAN | Name | Network | Subdomain | Purpose |
10 | SRV | 10.10.10.0/24 | srv.fablab.local | Service network: Servers, printers etc |
11 | LAN | 10.10.11.0/24 | lan.fablab.local | Local Area Network: Clients using Ethernet cable infrastructure |
12 | WLAN | 10.10.12.0/24 | wlan.fablab.local | Wireless Network: Authenticated clients using WiFi infrastructure |
13 | GUEST | 10.10.13.0/24 | guest.fablab.local | Guest Network: Unauthenticated cliens using WiFi infrastructure |
69 | ATELIER | 10.10.69.0/24 | atelier.fablab.local | Ateliergemeinschaft: The Ateliergemeinschaft next door |
99 | MGMT | 10.10.99.0/24 | mgmt.fablab.local | Management network: Management interfaces of switches, access points, servers etc |
General network config
The gateway (i.e. the firewall) is always located at IP x.x.x.1, and is currently also acting as the central DHCP, DNS and NTP server, as well as an Avahi (bonjour) proxy.
The various subnets are within the private 10/8 range defi24ned by RFC 1918. The local supernet is 10.10/16, subnetted into various /24 networks.
The third octet of the address always corresponds to the VLAN ID of the respective network.
DHCP settings
Range: 10.10.[VLAN].100 - 199 Subnet mask: 255.255.255.0 Gateway: 10.10.[VLAN].1 DNS: 10.10.[VLAN].1 NTP: 10.10.[VLAN].1 Domain: fablab.local (in order to make DNS entries unter .fablab.local directly accessible because Windows does not seem to properly respect domain search lists provided by DHCP) DHCP service is provided on LAN, WLAN and GUEST (the latter getting assigned external nameservers)
DNS
The central DNS server, providing forward and reverse name resolution for the various internal networks is implemented using ISC bind running on the local firewall. In order to make things a bit easier, the internal domain fablab.local has DNS aliases (CNAMEs) pointing to the various servers, e.g. fablabnas.fablab.local is actually a DNS CNAME pointing to flz-nas-01.srv.fablab.local, the 'real' name of the NAS device. This way, clients can simply reach all services by using their hostnames (e.g. 'ping fablabnas')