Difference between revisions of "Network"

Revision as of 19:25, 21 February 2011

Network

This page will be used for discussion of the proposed network topology & for suggestions for network design / modification.

Hackspace Network

External IP address 92.27.61.158.

Internal IP address range with reserved IP's available from 10.0.0.2 - 10.0.0.99 and DHCP allocation from 10.0.0.100.

WiFi for Hackspace SSID: HSNOTTS passcode uses WPA2 protocol AES encryption. Members only, passcode on request (I'll email this out to the usual suspects, ask if needed)

WiFi for other clients (e.g. Anthem Films) to be on setup when details finalised, on seperate VLAN.

The Nottinghack VLAN would have access to local resources - e.g. a future NAS file-share , a local dropbox server for projects & collaborations, a backup of all Web / Wiki files (to allow a remote restore in the event of moving hosts / outage of services) and anything else we don't want to be web facing.

The VPN (when enabled) would allow remote management of the VLANS, which could come in handy in the event of issues with the client WiFi access point.

Router management username & password only for Authorised users.

As far as "Authorised users" go, I'd suggest that anyone who is a permanent member, with access to all of the key-codes & building key should be eligible. Usual rules apply, as to any tool - if you don't know how to use it / don't do anything :)

Holly

Holly prides himself on the fact he had an IQ of 6,000 (apparently the same IQ as 6,000 PE teachers or 12,000 car park attendants), but after three million years by himself, he had become computer senile, or as Holly put it, "a bit peculiar".

Our first server is past the days of being called fast or prim hardware, it can take a while to boot/respond. However its likely to be our only workhorse for a little while so please don't ridicule Holly on his senility!

Fanless Via Epia Mini-ITX 533MHz

512mb RAM
1 20GB HDD (/, /var, /var/log, /tmp, swap, /usr)
1 13GB HDD (/home)
ubuntu 10.04LTS
Low power so fine for always-on.
Has parallel port!
Has serial port!
Ripe for HackSpace Instrumentation
general usage account is 'nottinghack'
members can have personal accounts on request (512meg soft limit?)

Equipment

See here for a list of our network gear

@@ Line 2: / Line 2: @@
 This page will be used for discussion of the proposed network topology & for suggestions for network design / modification.
-[[File:Proposed_layout.jpg|800px|thumb|none|alt=A |Proposed Layout]]
+[[File:Hackspace network 21-02.jpg|800px|thumb|none|alt=A |Hackspace Network]]
+External IP address 92.27.61.158.
-IP address ranges can be decided on implementation & set to sensible ranges, with reserved IP's outside of DHCP, unless there are any specific requirements.
+Internal IP address range with reserved IP's available from 10.0.0.2 - 10.0.0.99 and DHCP allocation from 10.0.0.100.
-The above config sets anything connected directly to the switch as a 1st level DMZ, aimed for services / clients that need to be outwardly facing with little / no restrictions.
+WiFi for Hackspace SSID: HSNOTTS passcode uses WPA2 protocol AES encryption.  Members only, passcode on request (I'll email this out to the usual suspects, ask if needed)
+WiFi for other clients (e.g. Anthem Films) to be on setup when details finalised, on seperate VLAN.
-All machines / services connected via the router are designed to allow access to the internet, and to services or resources, but not remote access from the internet (unless via the VPN - not enabled initially).
+The Nottinghack VLAN would have access to local resources - e.g. a future NAS file-share , a local dropbox server for projects & collaborations, a backup of all Web / Wiki files (to allow a remote restore in the event of moving hosts / outage of services) and anything else we don't want to be web facing.
-The router would offer 2 WiFi access points - 1 for Nottinghack permanent members & 1 for potential clients (Anthem films etc).
-These would be on seperate VLANS - the Nottinghack VLAN would have access to local resources - e.g. a future NAS file-share, a local dropbox server for projects & collaborations, a backup of all Web / Wiki files (to allow a remote restore in the event of moving hosts / outage of services) and anything else we don't want to be web facing.
 The VPN (when enabled) would allow remote management of the VLANS, which could come in handy in the event of issues with the client WiFi access point.
+Router management username & password only for Authorised users.
-*Note: the Admin PC would not be a static machine, rather the switch would be configured to only allow admin access to designated machines, via MAC binding, as well as knowledge of the required login's etc.  This would help prevent any user with physical access to the switch to alter the permissions / settings unless they were an "Authorised user".  As far as "Authorised users" go, I'd suggest that anyone who is a permanent member, with access to all of the key-codes & building key should be eligible.  Usual rules apply, as to any tool - if you don't know how to use it / don't do anything :)
+As far as "Authorised users" go, I'd suggest that anyone who is a permanent member, with access to all of the key-codes & building key should be eligible.  Usual rules apply, as to any tool - if you don't know how to use it / don't do anything :)
-I'm undecided about remote management of the gigabit switch, as I've yet to check out it's functionality / certificate management.
-Suggestions / comments?
 == [http://en.wikipedia.org/wiki/Holly_%28Red_Dwarf%29 Holly] ==

Difference between revisions of "Network"

Revision as of 19:25, 21 February 2011

Network

Holly

Equipment

Navigation menu

Search