Page Index Toggle Pages: [1] 2  Send TopicPrint
Hot Topic (More than 20 Replies) Networking Fun! (Read 55635 times)
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7787
Location: Battle Creek, Michigan
Joined: Oct 15th, 2005
Gender: Male
Networking Fun!
Apr 12th, 2010 at 3:16am
Print Post  
It's 3:00am and I'm jet-lagged like crazy, so I thought I would create a separate thread to isolate my networking rants from the "Forum Stuff" thread.  Forum Stuff is mostly for forum maintenance, so I thought it would make sense to split this stuff into its own area.


-b0b
(...needs some Z's!)
« Last Edit: Apr 12th, 2010 at 5:28am by b0b »  

Back to top
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7787
Location: Battle Creek, Michigan
Joined: Oct 15th, 2005
Gender: Male
Re: Forum Stuff
Reply #1 - Apr 12th, 2010 at 4:14am
Print Post  
I finished the memory install in the current router tonight and updated IOS to the latest version of Advanced Enterprise.  Every release of IOS has 25-30 different versions, each containing a different set of features.  Advanced Enterprise is effectively the Cadillac version of IOS that contains every possible feature, including some really crazy stuff like AppleTalk and SNA.  I haven't seen an AppleTalk or SNA-compatible device in production since we were in middle school!

I also ordered the new router to replace the current one, since it is getting flaky.  It should be here by the end of the week.  Here it is:




The Cisco 3745 is three times the size of my current Cisco 1760 router, but it offers a helluva lot more power.  The 1760 can push about 16,000 packets per second, but the 3745 can move about 225,000.  Also, the 1760 is limited to one 100Mb port and two 10Mb routed ports, whereas the 3745 can support ten 100Mb ports and eleven 10Mb ports.  This will allow me to connect the forum server and e-mail server directly to secured ports on the router, rather than rigging up switch ports to isolate web and e-mail server requests from my internal devices.


-b0b
(...is sure nobody cares.)
  

Back to top
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7787
Location: Battle Creek, Michigan
Joined: Oct 15th, 2005
Gender: Male
Re: Networking Fun!
Reply #2 - Apr 12th, 2010 at 5:00am
Print Post  
Also ordered one of these a few minutes ago:



I need another switch for my Cisco lab, so I bought a newer 2950 switch to replace the aging 2924 switch that my "production" gear (PCs, servers, printers, APs, etc) is connected to.  This will be faster and consume less electricity (meaning less heat!), and I can use the 2924 in my lab.

The 2950 is half the height of the 2924, but has twice the port density (48 vs 24).  Best of all, the uplink ports are integrated on the model I bought, whereas the 2924 requires a separate gigabit uplink module (GBIC).  Those modules stick out about two inches from the front of the switch, which prevents me from closing my rack door.  This will no longer be an issue!


-b0b
(...w00t!)
  

Back to top
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7787
Location: Battle Creek, Michigan
Joined: Oct 15th, 2005
Gender: Male
Re: Networking Fun!
Reply #3 - Apr 12th, 2010 at 5:26am
Print Post  
Since I'm replacing super-obsolete gear with semi-obsolete gear, I thought it was time to ditch my old Cisco 350 and 1220 access points and replace them with a more recent 1230 access point.  The 350 and 1220 are both 802.11b APs (11Mbps max, blech!) and they both run an operating system called VXworks.  Cisco bought out VXworks years ago, but it took them awhile to get the Cisco-standard IOS operating system working on the AP hardware.

The 1230 runs a relatively recent version of IOS and has a lot more horsepower under the hood.

This is a bit of a convoluted upgrade.  To save a boatload of cash, I bought the standard 1230 access point that runs 802.11b:



However, since 802.11b sucks harder than Wes's Mom at a Hoover convention, I'm replacing the internal 802.11b radio with an 802.11g radio (AIR-MP21G-A-K9) that supports 54Mbps throughput:



I have a handful of 802.11a devices that work really well in areas congested by 2.4GHz traffic (by cordless phones, two-way radios, baby monitors, other APs, etc).  They operate at 54Mbps like 802.11g, but operate on the licensed 5.0GHz spectrum.  Since I like having this functionality available, I'm adding a second radio with a separate integrated antenna (AIR-RM20A-A-K9) that operates at 5.0GHz:



Finally, the wimpy dipole antennas that come with the 1200 APs just don't cut the mustard.  I want a wireless signal half-way across town, dang it!  To accomplish that, I'm buying two of these massive omnidirectional antennas to replace the tiny dipole antennas that are pictured above.  They are about 3x wider and 2.5x taller than the dipole antennas, and have approximately 3x the reception and transmission capability.



The Cisco 350 AP is going in the basement just for redundancy, and the 1220 will go in the garage to provide direct coverage of the garage and back yard.  All of the components for the 1230 should be in shortly.  When I get around the building up the AP, I'll be sure to take step-by-step pictures!


-b0b
(...tried taking step-by-step pictures of the RAM install in the 1760 tonight, but the camera fritzed.)
« Last Edit: Apr 13th, 2010 at 12:59pm by b0b »  

Back to top
IP Logged
 
X
Post Whore
FTP Server
******
Offline


And the truth shall set
you free

Posts: 4107
Joined: Oct 16th, 2005
Gender: Male
Re: Networking Fun!
Reply #4 - Apr 12th, 2010 at 11:53am
Print Post  
Do you still have that router that came from the Capital offices and had Hillary Clinton's set up on it?
  

In the land of the blind, the one eyed man is king. - Max Payne
Back to top
 
IP Logged
 
spanky
Post Whore
FTP Server
******
Offline



Posts: 1540
Location: Detroit-ish
Joined: Oct 23rd, 2005
Gender: Male
Re: Networking Fun!
Reply #5 - Apr 12th, 2010 at 12:26pm
Print Post  
About time the forum was back.  It is like every time you leave the country you suddenly don't care about the forum!
  
Back to top
AIM  
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7787
Location: Battle Creek, Michigan
Joined: Oct 15th, 2005
Gender: Male
Re: Networking Fun!
Reply #6 - Apr 12th, 2010 at 6:36pm
Print Post  
X wrote on Apr 12th, 2010 at 11:53am:
Do you still have that router that came from the Capital offices and had Hillary Clinton's set up on it?


Yeah, that's the 2924 switch that I'm replacing with the 2950.  It still has the old configuration stored on it in a text file.

I've made it a habit to look for old configs on all of the network devices I buy.  I usually have a 50/50 chance of finding one, but none have been as neat at the one on that first 2924.  They're all fairly informative, though, as I can use them to figure out how other people are configuring their systems in the "real world."


-b0b
(...has even learned a couple obscure commands this way.)
  

Back to top
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7787
Location: Battle Creek, Michigan
Joined: Oct 15th, 2005
Gender: Male
Re: Networking Fun!
Reply #7 - May 10th, 2010 at 9:51pm
Print Post  
I've been pretty busy with my home network over the past few weeks.  My new core router, the Cisco 3745, arrived about two weeks ago.  The fans were ridiculously overpowered and really, really loud, so those got replaced right off the bat.  Just to make things really interesting, I also purchased and installed a high-end encryption module that will allow me to establish highly-encrypted VPN sessions (AES 256-bit FTW!) and IPSec tunnels to my home network from wherever I happen to be.  I'll post pictures of those upgrades as soon as I get my crappy digital camera repaired.

In the meantime, here are a couple of teaser pictures of the new router.  I upgraded the machine to it's maximum capacity of 512MB of RAM and 128MB of flash memory right off the bat, and I managed to copy these pictures over before the camera gave up the proverbial ghost.


To get access to the mainboard, the front cover must be removed.  
The cover is deceptively heavy as it contains four of the loudest, most ridiculously overpowered fans you've ever seen in a network device.




Here's a shot of the mostly empty interior of the router.  
This router can support up to four power supplies, but can easily run off of one, like I've got here.  
The mainboard is located on the top of the router, shown here with the vented grill facing forward.




After removing the mainboard, you can see the memory DIMMs and compact flash card on the upper right corner of the board.  
There are two DIMMs stacked on top of each other.




I replaced the two 128MB DIMMs that shipped with the router with two 256MB DIMMs, the largest supported by the 3745.  
The original 32MB compact flash card was replaced with a 128MB flash card, also the largest supported.




After upgrading to 512MB of RAM and 128MB of flash, I was able to install the most feature-filled version of IOS (Cisco's operating system), Advanced Enterprise Services.  Advanced Enterprise Services offers every bell and whistle that you can get from a Cisco router, including IPv6 routing, VPN services, and Voice-over-IP.  This bad boy is now my core router, so every time you click on the forum, you're passing through it!


-b0b
(...thinks the other upgrades were much more interesting!)
« Last Edit: Nov 15th, 2010 at 2:33pm by b0b »  

Back to top
IP Logged
 
X
Post Whore
FTP Server
******
Offline


And the truth shall set
you free

Posts: 4107
Joined: Oct 16th, 2005
Gender: Male
Re: Networking Fun!
Reply #8 - May 11th, 2010 at 12:52pm
Print Post  
Quote:
This bad boy is now my core router, so every time you click on the forum, you're passing through it!


I...I can feeeel itttt....the....the....POWWWWWERRRRR!

X
  

In the land of the blind, the one eyed man is king. - Max Payne
Back to top
 
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7787
Location: Battle Creek, Michigan
Joined: Oct 15th, 2005
Gender: Male
Re: Networking Fun!
Reply #9 - May 11th, 2010 at 3:22pm
Print Post  
Just wait until I show you pictures of the encryption mod.  Then you'll really feel real ultimate power!


-b0b
(...yeah!)
  

Back to top
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7787
Location: Battle Creek, Michigan
Joined: Oct 15th, 2005
Gender: Male
Re: Networking Fun!
Reply #10 - May 11th, 2010 at 8:20pm
Print Post  
Here's a teaser shot of my network lab sitting in the rack I built last weekend.  I'll have more pics up in the next couple of days, along with some descriptions of what the heck you're looking at.




-b0b
(...is glad to finally get all that crap racked.)
  

Back to top
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7787
Location: Battle Creek, Michigan
Joined: Oct 15th, 2005
Gender: Male
Re: Networking Fun!
Reply #11 - May 13th, 2010 at 8:59pm
Print Post  
The 3745 router I bought to replace my old core router is one heck of a packet-routing beast, but it was also ridiculously loud.  You guys have heard the Bobulator and you know that I don't mind moderately loud equipment, but this router was easily 3-4x as loud as my PC.  Even with my tolerance for fan whine, this thing was simply way too loud.

Of course, I wasn't going to pass up the opportunity to use this beast for my core router, so I did something about it...



With the flash on, you can vaguely make out the four 92mm Delta fans behind the front cover.  They spin at nearly 3000RPM and produce a combined 216 cubic feet of airflow per minute... through a half cubic foot box.  Overkill?



The front cover is a two-piece assembly that forms a box, wherein the fans lie.



Once the front cover is removed, four screws must be removed to separate the cover into two pieces.



...like so.



Each of the four fans is held in place by four two-piece plastic clips.  The center protrusion on the interior side must be knocked downward to release the pin.




Once the center pin has been knocked down, the entire retention doo-dad can be pulled out from the exterior side.  A small claw hammer works wonders for this.



Once all four pins are removed, the fan can be pulled away from the cover.



These are the fans I purchased to replace the OEM ones.  They are three-speed fans that push 28CFM at a whisper-quiet 21db.  I can amp them up to 38CFM at 28db, but I don't think that's necessary.



The old fans must be removed first.  The fan power pigtails were ridiculously long, so I left enough wire on the fans to allow them to be reattached if need be (or if used for a future project).



I taped up the pigtails for each fan as I cut them off to ensure I didn't cross any wires.



The new fans were installed using the same clips that held in the original fans, although the screws that came with the new fans would have also worked.



The wires from the original pigtails were mated with the wires from the new fans using Scotch wire connectors.  They're a bit pricey, but you can simply insert both wires and clamp down on the connector with a pair of pliers.  This is a big time saver when you've got to crimp a bunch of low-voltage wires.



Here's a final shot before I cleaned up the wiring and put everything back together.



And here's the completed and reassembled fan tray/cover.  After putting the router back together, I can hardly tell it's even running.




Of course, I was careful to ensure the router stayed nice and cool, and I honestly can't tell the difference in terms of temperature.  If I was running all four power supplies (I only have one in mine) and had all of the expansion bays stuffed, I might need more airflow.  However, 84CFM through a box that is a half cubic foot in size is more than enough for what I'm running.  There is no way I could have used the router in my office with the OEM fans, so I'd say this was a fairly successful ghetto-mod!


-b0b
(...ghetto modding for the win!)
« Last Edit: May 14th, 2010 at 8:12am by b0b »  

Back to top
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7787
Location: Battle Creek, Michigan
Joined: Oct 15th, 2005
Gender: Male
Re: Networking Fun!
Reply #12 - May 13th, 2010 at 9:34pm
Print Post  
I think all of us tend to be somewhat security-conscious individuals, so we can all appreciate the value of a good encryption system.  Since my core router is the focal point of my network security, I wanted to to ensure my replacement core router would be compatible with the latest and most powerful encryption techniques on the market.  I was able to pick up the biggest, baddest encryption module available for the 3745 (the AIM-VPN/HP) for less than $100.

Here are a couple of pictures of the installation process...


First, the front cover/fan chassis is removed to reveal the inside of the router.  The encryption module resides on the mainboard, which is visible at the top of the router behind the vented wall.



Once the mainboard is removed from the chassis, you can see the two aim slots located near the bottom right corner.  Above the AIM slot, three screws must be removed to facilitate the risers for the encryption module.



Once the screws are removed, the risers can be installed in their place.  The plastic riser goes in the left-center hole and the metal risers go on the two right-side holes.



Here's a shot of the board with the risers installed.



Once the risers have been installed, the AIM-VPN/HP module is placed onto the risers.  The bottom of the card has a circuit board protrusion that fits snugly into the AIM slot on the mainboard.



The plastic riser snaps into the hole on the left side of the AIM module.  Two screws are used to secure the right side of the module to the metal risers.  Once this is done, the mainboard and fan chassis can be replaced and the router is ready to rock!



Once the router has booted, we can confirm the availability of the encryption module with the show inventory command.  The fifth item in this screenshot, "Virtual Private Network (VPN) Module - Encryption AIM Element" is the newly installed AIM-VPN/HP.



The AIM-VPN series comes in three flavors, with the HP being the most powerful.  It can translate up to 42Mbps of 3DES encryption per second, meaning I could theoretically decrypt my entire Internet connection twice over.  That's pretty neat, even if I'll never be able to use it to its fullest extent.

In addition to encrypting my own traffic, I'd like to offer VPN connections to a few of my most trusted allies.  This would ultimately replace the long-dead FTP server with a much more secure connection, and would allow me to offer access to my file server, lab network, and other network services without presenting them directly to the Interweb.


-b0b
(...rambles.)
  

Back to top
IP Logged
 
MediaMaster
GeekCrew Administrator
FTP Server
*****
Offline


Holy Xenu!

Posts: 1884
Location: Detroit
Joined: Oct 15th, 2005
Gender: Male
Re: Networking Fun!
Reply #13 - May 13th, 2010 at 9:38pm
Print Post  
for the networking challenged, what is actually being encrypted? all your data on the local network? Does it protect more from unauthorized access?

Also,  it's a good thing it doesn't say made in china on it!

  

"Our Constitution is designed only for a moral and religious people. It is wholly inadequate for any other."&&&&John Adams&&
Back to top
WWW  
IP Logged
 
b0b
GeekCrew Administrator
FTP Server
*****
Offline


The revolution will not
be televised.

Posts: 7787
Location: Battle Creek, Michigan
Joined: Oct 15th, 2005
Gender: Male
Re: Networking Fun!
Reply #14 - May 14th, 2010 at 8:45am
Print Post  
MediaMaster wrote on May 13th, 2010 at 9:38pm:
for the networking challenged, what is actually being encrypted? all your data on the local network? Does it protect more from unauthorized access?


With a router, you typically use encryption for three different tasks.  First, encryption is used to establish secure management sessions between the router and a workstation.  This allows you to securely configure the router without worrying about somebody sniffing your user name and password or configuration information.  Cisco routers use SSH for secure management sessions, so the onboard CPU is more than sufficient for this level of encryption.

The encryption module, though, really shines when you start encrypting traffic that crosses the router.  This falls into two categories.  The first is virtual private networking (VPN), which establishes a secure session from a remote system to the local network.  This can be used to establish a permanent secure tunnel between two routers at different sites, or a temporary tunnel between a remote PC (e.g. a laptop) and the local router.  In short, this will allow me to connect my laptop from anywhere in the world back to my home network at home, without worrying about someone sniffing traffic using a rogue access point or a man-in-the-middle attack.

The third purpose of the encryption module is to allow traffic on my local network to be encrypted.  Using IPSec or a similar protocol, I can encrypt traffic flowing between servers, PCs, routers, switches, wireless access points and any other network device that supports encryption.  The goal is to encrypt just about all of the traffic flowing inside of my home network.


Quote:
Also,  it's a good thing it doesn't say made in china on it!


Sadly, I got conned into buying a couple of Chinese rip-off network modules a couple years ago.  They were amazingly good reproductions and came with the right box, manual, packing material, and the whole enchilada.  I'll have to snap some pictures of the modules and the packing material, it's really incredible how accurate the reproduction was.


-b0b
(...schwing!)
  

Back to top
IP Logged
 
Page Index Toggle Pages: [1] 2 
Send TopicPrint