Networking-Forums.com

Hi everyone! Always interested to hear what setups other Networking folks have at their houses.

My House:

• Motorola Surfboard Modem
  Cisco 1941 Router
                 Running several IPsec/GRE tunnels to other people with BGP and EIGRP
                 Running a DMVPN (Spoke Site) to 2 other sites
  TP-LINK Wireless router plugged into the Cisco 1941 (Cisco runs DHCP and Default Gateway)
  WD MyBook Live for streaming media

Mother-in-Laws

• Motorola Surfboard Modem
  Cisco 2821 Router
                 Running several IPsec/GRE tunnels to other people with BGP and EIGRP
                 Running a DMVPN (Hub Site) to 2 other sites
                 Running CME with a VoIP phone installed at this location and my house
  Netgear Wireless Router plugged into the Cisco 2821 (Cisco runs DHCP and Default Gateway)
  

:matrix:

I'm sure this is a "minor" setup compared to some of y'all. Whatchu got? :drama:

I just scored an ASA 5550 for my home firewall, for free. 

Quote from: javentre on February 25, 2015, 05:50:00 PM
I just scored an ASA 5550 for my home firewall, for free. 

5550? Damn, that's awesome. I bought a 5505 for $75 and it should be here in another week or so.

It's loaded up with licenses too, AC Mobile, failover, 5K VPN Peers, etc.

I was just about to buy a 5506 too, this saved me a bit of money.


Where'd you get a 5505 for $75?

Quote from: javentre on February 25, 2015, 06:21:46 PM
It's loaded up with licenses too, AC Mobile, failover, 5K VPN Peers, etc.

I was just about to buy a 5506 too, this saved me a bit of money.


Where'd you get a 5505 for $75?

My buddy works for a Cisco Gold Partner and gets refurbished equipment for about 80% off. All of my gear up until now has been free thanks to work. I have a 48 Port 3560 with POE as well. I need to get a small rack before I add that to the mix though.

On the network side I have;
2 x 5510s full licenses one also has the IPS module in it.
4 x 2811s with assorted WICs. One of these has a dead power supply I need to fix.
2 x 3550 switches
1 x 1241 with the .a module installed
1 x no-name 5 port 1Gb switch

On the server side;
1 x white box FreeNAS server. 12TB storage using an external SATA enclosure
1 x Dell T310 server running ESXi 5.0
6 (I think) x Raspberry Pi systems doing a bunch of random stuff including console server, logging server, tac_plus, cacti, and other stuff.

Most of this sits in a 42U Dell rack in my home office.

-Otanx

 :eek:   :wtf: WHOA!

Well, here goes mine:

Incoming a bridged modem from the provider, which goes to a 3560-8PC switch with 15.0(2) IP Services IOS. It's part of the "WAN" VLAN from there with direct public IP addresses. My provider hands out a public IP address to any DHCP-capable device on that VLAN, which is useful fo experimenting (I've had four public IP's at one point).
From there towards an Intel NUC with only one NIC that acts as a router. For that reason it's a trunk port with VLANs. The NUC runs Debian and I configured it from the ground up with BIND, Squid with SSL Inspection, ddclient, iptables and DNSCrypt. My little project that got me quite some experience in Linux :-)
The 3560-8PC has an internal VLAN which it shares with the NUC for routing towards the internet. All internal inter-VLAN routing is done in hardware in the 3560, together with GRE and BGP tunnels.
From that 3560 I have a Raspberry Pi which terminates the OpenVPN SSLVPN connections for when I want to connect remotely.
The 3560 also provides PoE towards a Cisco 7912 IP Phone which has an account with a voice provider, and PoE towards an AIR-LAP1142N-E-K9, which I converted to a standalone image and provides wireless.
The 3560 also links through to a 2940 switch on another floor with a trunk link. The 2940 connects television, game console and provider settop box which requires a direct internet connection. So it's in that "WAN" VLAN, which is useful because many other people in my country need to lay multiple cables towards their television: one for a game console or smart TV (behind the router) and one for the settop box (before the router).
Then there's a NAS connected somewhere, and everything else is wireless for the moment.

I have more Cisco gear but all of this is running 24/7 so I tried keeping it low-power (hence the NUC and the Raspberry).

To do's: I want an Asterisk somewhere for better control of the voice calls + hooking it up to friend's Asterisks for free calls. Everything is 100 Mbps, gigabit would be nice but I don't want to give up layer 3 IP Services and PoE for it. I want to work out some kind of monitoring solution, and IPv6 would be nice too but my provider promised that a long time already.

Home network: SRX100B (used to be a 1841 ZBFW until last week) running OSPF towards a 3550-24-SMI which is running a couple of VLANs. Wireless on a Cisco 1142N access point, on which basically all my devices hang due to lack of cabling. All my data is on a FreeNAS with ZFS mirroring. DNS, DHCP and NTP server on a Raspberry.

Because the 3550 doesn't support IPv6 I'm thinking of ditching the VLAN thing and go flat network with prefix delegation  on the SRX. Another option I am considering is buying a passive 3560 or Juniper EX2200 because the 3550 is too noisy for my office.

Lab hardware laying around: around 5 x 1841s, 1 x 2811, 1 x 2621XM, 4 x 3550, 1 x 3560, 2 x 2950, 2 x SRX100B and an ASA5505. Then I also have bluecoat proxy which I will test on the gf one day :)

Right now, I just SSH to the machines at work and that's lab enough for me for now.
:matrix:

Quote from: deanwebb on February 26, 2015, 07:30:37 AM
Right now, I just SSH to the machines at work and that's lab enough for me for now.
:matrix:

That's what I do for lab gear too.  I have a lab with dozens of 6500/6800s, Nexus 6K/5600s, ONS 15454s, ACE, ASAs and a lot of other gear.  There's no reason for me to keep a home lab with quality/current gear available for my use, without almost no restrictions.

My home network is pretty basic. Mikrotik 951 and I remotely access lab environment at the office.

For home I use a surfboard modem, a Asus ac56 with custom firmware, and a gs108t. Surprisingly, the netgear CLI isnt drastically different than IOS. For my gf's apt in the next building over, I'm using the 5ghz band as a backhaul into my network.
I have my home lab and servers all at home, with VPN access so I can access network shares/equipment remotely. Gotta love IP switched PDU's :)

WAN - ASA 5505
LAN - NETGEAR ProSAFE JGS524E 24-Port Gigabit Rackmount Plus Switch 10/100/1000Mbps (silent gigabit switch)
Hosts and NAS connect to this switch

My lab rack is in a dedicated bedroom, I use an Apple Airport Extreme to extend the Layer 2 network to the room to an Airport Express, which connects to an Cisco IE-3000 switch.

The IE-3000 connects to three branch sites and two ESX workstations within my rack:

Branch 1

• ASA 5505
• 3750 (4x stacked) switches
• Raspberry Pi host

Branch 2

• SRX 210 firewall
• Juniper EX 3200
• HP switches (one dumb and one smart)
• Raspberry Pi host

Branch 3

• Cisco IPS 4420
• 3560 switches (2x)
• 3550 switch
• Kali Linux host

ESX hosts:

• 20 CSR 1000v routers
• 4 ASAv firewalls
• 2 vWAAS appliances
• 2 Juniper Firefly firewalls
• Solarwinds NPM 11.5
• Observium
• SQL server
• Active Directory environment
• IOU server
• Unix hosts

I also have two 3825 routers, a PIX, a 3524 switch, and other random gear that I haven't fired up in over a year. Rarely do I light up the rack, most of my work is done via ESX and GNS3/IOU. So sad, but I need to start selling my gear before it loses all value.

Some of you guys have some very impressive setups! Definitely taking some notes. I want to get a raspberry Pi soon and have it do some cool stuff. Also, I'd love to get some Juniper gear but it's super pricey. Id also love to get a small block of public IPs like Reggle, but again, it's too pricey for me.

Quote from: Ironman on February 26, 2015, 10:47:31 AM
Also, I'd love to get some Juniper gear but it's super pricey. Id also love to get a small block of public IPs like Reggle, but again, it's too pricey for me.

Check eBay for SRX100s. You can find them pretty cheap and they support a whole lot of features

Here,  DSL Modem (basic firewall configured here) into L2 12 port switch,  cable TV box and video game console go into this switch too, as well the hardware firewall.  hardware firewall has more granular firewall configuration than modem, static routes send internal traffic  to the network core switch,  the hardware firewall connects via a fiber across the house into my  24 port routing capable switch, this is where all the intervlan routing occurs. I have several vlans defined, for dedicated purposes, one is for my PC,  software firewall runs on PC (detailed firewall rules set here).  another is wireless AP.  ACL on the wireless vlan svi only permits traffic to the internet, no internal network access for wireless users.  DHCP for wireless is on the core switch, pool size is exactly the same size as the number of wireless devices the family has.

fairly secure, still need to finish that project to remove vlan 1 from the network.

Quote from: SimonV on February 26, 2015, 10:49:52 AM

Quote from: Ironman on February 26, 2015, 10:47:31 AM
Also, I'd love to get some Juniper gear but it's super pricey. Id also love to get a small block of public IPs like Reggle, but again, it's too pricey for me.

Check eBay for SRX100s. You can find them pretty cheap and they support a whole lot of features

Thanks, its on my wish list now!

Motorola SurfBoard on the line
Cisco 3825 connecting to the modem doing NAT with ZBF, AnyConnect, and a NM-NAM
Whole house is wired up to a patch panel in the basement
Catalyst 2970 in the basement connects to Synology NAS, Dell T110, WLC 4402, a handful of 1252 AP's, and an 1142 AP
Catalyst 2940 connects all of my home theater equipment to the 2970
Netgear GS108T connects my PC and a few other devices back to the 2970
T110 uses the NAS for iSCSI and runs VMware with Cacti, Console Server, 2x BIND, 3x ASR9K, 3x N7K, Dynamips, IOU, 2x CUCM, and CUC (I'm looking into a new server as 16GB of RAM isn't enough)
NAS also acts as an NVR for a home security camera

Once I've got room for more VMs I'd like to add some CSR100v routers and at least one F5

I also have an SRX100B still sitting in the box, think I got it on eBay for $100 but I could be wrong. As well as a 5505, some 3560's, 3550's, couple 2621's, another 3825, 2801 w/CME, 2511, 3 older Juniper routers, and a couple other random switches or routers.

What is sad is some of you have home labs that put my work lab to shame. Of course you also probably "play" with more complex stuff than I "work" with lol.

Guys for SRX, if you are content to leave a server running 24x7 you can simply use a vSRX. A colleague of mine battle-tested it for months and had no issues. Of course a 'real' SRX100/110 can be had for under 300 USD so not exactly unaffordable.

I've got a couple of SRX100's for sale if any Europeans are interested :)

Why are you not in Australia :(

My current gig has a couple of surplus Nexus 5k's and they want to sell them. Tempted, or would that be madness for a home lab?  :mrgreen:

Madness? Only if you don't get an HA pair!

:challenge-considered:

NX 5010's are selling  us $1200-1500 on ebay 

Pretty affordable, not sure if my gf would agree though. And the noise of course, shutting them down every day is probably not too good either.

Get them now and then sell them off when you're done labbing for your CCIE.

5Ks would be pretty bad ass to have in the lab. INE is still using them for the CCIE DC so they still have a lot of life.

You're right the noise on those guys is a big issue. The 5K is the largest and heaviest 1U/2U switch I have ever seen. And the length of them, damn!

Might be able to buy some low noise fans for them and improve the noise though.

Power consumption... No thank you. And the noise is horrible, I'm pretty sure you can hear them through a thin concrete wall. Also, why bother with Nexus for a lab? CCNP? CCIE Data Center okay, but not for the other tracks.

Use them to heat the basement in winter.

Quote from: Reggle on March 20, 2015, 07:19:23 AM
Power consumption... No thank you. And the noise is horrible, I'm pretty sure you can hear them through a thin concrete wall. Also, why bother with Nexus for a lab? CCNP? CCIE Data Center okay, but not for the other tracks.

I'm sure I would have a lot of fun trying all the niche stuff you can do with the Nexus, but yeah, it's probably more of a nuisance running it at home. And licensing would be an issue too :)

So, I've been looking at NX-OS virtualization, anyone here that has played around with Titanium a lot? Is it worth looking at?

I have not played with Titanium but hear its not that great and buggy. You cant do any of the fun stuff like vPC and FabricPath since they are hardware dependent. So all you really can do it play with NX-OS in general. VIRL has a vNX-OS device but I think it has the same limitations.

I've got Titanium. Haven't messed with it much but the few things I wanted to do I couldn't. One I remember right off was there is no support for anything other than the Admin VDC.

In my home, i am using Netgear Router n300 to connect 6-8 devices, it works efficently for all these devices. Some times when all devices are connected together, then it works slowly and need to restart some time.
But after all, its not a bad deal with such a low price.

Quote from: zarawatsonn on April 05, 2016, 12:43:59 AM
In my home, i am using Netgear Router n300 to connect 6-8 devices, it works efficently for all these devices. Some times when all devices are connected together, then it works slowly and need to restart some time.
But after all, its not a bad deal with such a low price.

It sounds like you're ready to start arranging for a home lab.

I'm about to get another toy for mine. Should be getting a small Palo Alto firewall to play with.

you used to get a free PA-200 when passing your PCNSE. A few guys @ work landed them. Of course I don't think it included any subscription (i.e. all the good stuff).... LOL

all I got was a lousy backpack, which fell apart on me in around 6 months.

Quote from: wintermute000 on April 05, 2016, 08:53:23 PM
you used to get a free PA-200 when passing your PCNSE. A few guys @ work landed them. Of course I don't think it included any subscription (i.e. all the good stuff).... LOL

all I got was a lousy backpack, which fell apart on me in around 6 months.

Well... does the crew you work for do a lot of Palo Work? Talk to them and you can get a PA200 in your home lab, tout de suite.

But that's only if you want to do security stuff.

dont want phy, got virt + partner eval lic :)