Skip navigation

Category Archives: The Lab

lab_end_2013

Unfortuntely I didn’t have much time to update my blog over the year as I had originally planned. This year I replaced the Cisco XL 2924 switch with a Cisco SF300. The reason for this is that the old switch did not support 802.1x authentication and I had wanted to try it out. In fact, some interesting projects that i have successfully completed on my lab throughout this year include:

1) 802.1x wired (cisco SF300) and wireless (AP bridges) authentication. Windows server 2008 server was used as the authentication server, the radius server and the internal Certificate Authority. The setup works quite well. There are some issues though, such as sometimes the laptop NIC doesn’t authenticate properly but once i unplug and plug in again the network cable it successfully connects. I read somewhere that it could be a bug and which needs to be addressed on some systems. However on mine, it didn’t seem to work.

2) Squid Transparent Proxy. I setup squid on ubuntu and through WCCP, redirected HTTP taffic entering the ASA to the proxy server and back. This allowed to proxy all my http traffic for every client, being tablet, laptop, mobile. However i did come across some limitations. For example, the proxy server had to be in the same vlan/network that the “proxy-ed” clients are in. If you try placing it in some management vlan,(and provide routing for it) it will not work. Apparently, this limitation is present only with ASAs, since with a bare cisco router, i was told it worked fine.

3) Cluster NTP Server. I used two ubuntu machines to setup a clustered NTP Server. No rocket science but it worked very well. Heartbeat was the package which allowed server clustering.

That is about it. Time permitting i will include the configurations of the three projects on the blog.

Merry Christams!

Advertisements

I saved another 2 PIXs 515E from the skip and decided to give them a new home. They turned out to be 2 PIXes with 16/128 flash/RAM and with Unrestricted licenses. That was a lucky find. These boxes can support IOS 8.0.4 and run as an Active/Active cluster. They also support 6 NICs and they came with a PCIX Quad NIC. Enough said, I was pleased with them.
I was also motivated to upgrade one of them to 8.0.4, so it is now somewhat equivalent to an ASA and also installed ASDM. Youtube is your friend, there are videos which explain the upgrade procedure. The “new” PIX 515E already replaced my 515E restricted PIX. ASDM, although i don’t fancy it much, makes life easier when it comes to those on the fly configurations. Also some nice statistics can be gathered. I also configured the modem as a PPPoE client to ensure all internet traffic hit the PIX first. No more ISP pro-modems for me, I prefer this setup.

Image

Managed to get hold of another x2 DL 360, so now i have 3x DL 36Os and each server having two quad cores. One server has been beefed up with 16Gb of RAM, 1x300GB Sata drive, 4x 146GB SAS drives. That is the ESX 5i server.

The other two are handling 8Gb of Ram and 1x72Gb SAS for ad hoc testing labs, such as Check Point and GNS3 labs.

Cabinet (June 2012)

The other DL 360 G5s…

Another addition to my home lab is the HP DL360 G5. The specs are following:

2x Quad Core 3.0 Ghz CPUs

8Gb Ram

3x 146Gb SAS drives

1x Dual PCI-e NIC card.

2x PSUs

HP DL360  G5 (front)

HP DL360 G5 (rear)

I already installed ESXi5 on it,  conveniently the hardware is fully supported. It will probably used to host Check Point SPLAT firewall setups including a basic LDAP server.  I will then trunk the NICs to the Cisco switches to expand the environment. Fun stuff! 🙂

Recently i noticed that SAS and SATA are in fact compatible. SATA drives can be used to replace SAS drives but not vice versa. In fact, i decided to replaced one of the HP 146GB drives with a 300GB SATA Samsung i had running around. I can confirm it worked perfectly. What is important to note though, is the difference in rps the drives support. The SAS/HP drives are 10,000 while the ordinary 2.5′ drivers come in 5,400 or 7,200 which could make a significant performance difference in a production environment. However, in my case a 5400 rpm drive was enough for my lab, so long i increased the disk to a 300G. I haven’t tried the SATA drives with the HP smart array though –  this might introduce some issues.

Hi all,

It has been a while since i wrote on my blog. I have been busy with work, studies and life in general i guess.  I have dedicated myself mostly to security than networking over these years and i foresee more to come.

Anyway, i’ll leave you with a teaser of my current Lab setup.. i got hold of 3 Cisco Pixs to play around with and a 27U Cabinet. Fits perfectly in my room! 😉

27U Cabinet

Lab in 2008

 

 

27U Cabinet - 2011

My Gear…

  • 1x Cisco 2610 (Nm-1e Module included)
  • 2x Cisco 4000
  • 1x Cisco Catalyst 5000
  • 1x Cisco 3600 (NM-FE & 4A/s Serial modules included)
  • 1x Cisco 2500 (4 sync/async serials)
  • 1x Cisco 2924-XL-EN
  • 1x Cisco 2924-XL-A
  • 1x Cisco 186 Analogue to Digital Phone converter
  • Mikrotik Router OS v3.11 x86 (7 Network Interfaces Included)
  • 1x AMD Quad Core 4 GB Ram, server (VMware Server)
  • 1x AMD Dual Core, 2 GB Ram raid 1, server (Windows Server 2003)
  • 2x Trendnet access points (b/g/n) repeater mode
  • 2x Trendnet Basic Switches
  • 1x ODS Pizza Switch
  • 2x Blazer 1000VA UPS
  • 2x Cisco PIX 501 Firewalls
  • 1x Cisco PIX 515SE Firewall
  • 27U Conteg cabinet

Software…

  • Mikrotik  –  The Dude (Network Monitoring System)
  • Windows XP
  • Windows Server 2003
  • Linux Ubuntu Server x64
  • Linux Ubuntu Desktop (on laptop)
  • Cisco Network Assistant
  • CiscoWorks (evaluation copy)
  • VMware Server 2.0 RC (linux version)
  • Dynamips (Cisco 7200 VXR, 2x bridged interfaces)
  • Acronis Data Backup