Difference between revisions of "Information Systems:LAN infrastructure at uniPHARM"
Jump to navigation
Jump to search
| (42 intermediate revisions by 6 users not shown) | |||
| Line 9: | Line 9: | ||
! Hostname !! IP address || Switch model !! Location !! Username !! Password !! Notes |
! Hostname !! IP address || Switch model !! Location !! Username !! Password !! Notes |
||
|- |
|- |
||
| − | | '''coresw |
+ | | '''coresw''' || 172.30.16.4 || Cisco CBS350 || Server room || adminit || Newvisionit! || '''Core switch.''' Stack of 3. |
|- |
|- |
||
| − | | atpsw |
+ | | atpsw || 172.30.16.3 || 3Com 4200 || Server room || admin || visionit || Feeds data to POE injectors for Mirador temp. sensors '''(Retired)''' |
|- |
|- |
||
| − | | accountingsw |
+ | | accountingsw || 172.30.16.11 || Cisco SG350-28P || Accounting Wallmount Network Rack || adminit || NewVisionIT || POE, ~175W power budget |
|- |
|- |
||
| − | | |
+ | | buyerswcisco || 172.30.16.18 || Cisco SG350-28P || Buying department closet || adminit || visionit|| - |
|- |
|- |
||
| − | | itsw |
+ | | itsw || 172.30.16.6 || 3Com 4200G || IT department ceiling tile. Yup. || admin || visionis || - |
| ⚫ | |||
| + | | cagesw || 172.30.16.12 || 3Com 3870 || Computer lab || admin || visionit |
||
|- |
|- |
||
| dumpsw.unipharm.local || 172.30.16.7 || 3Com 4200G? || Electrical Room? || admin || visionds || - |
| dumpsw.unipharm.local || 172.30.16.7 || 3Com 4200G? || Electrical Room? || admin || visionds || - |
||
|- |
|- |
||
| − | | pickingsw |
+ | | pickingsw || 172.30.16.8 || 3Com 3870? || Rx picking zone network rack || adminit || visionit || - |
|- |
|- |
||
| − | | |
+ | | receivingswcisco || 172.30.16.17 || Cisco SG350-28P || DC Manager's Office || adminit || visionit || - |
|- |
|- |
||
| − | | wallsw |
+ | | wallsw || 172.30.16.9 || Cisco CBS250 || Candy Mezzanine || adminit || Newvisionit! || Functions merely to bridge the physical wiring between Receiving area and core network |
|- |
|- |
||
| − | | |
+ | | OTC-SWITCH || 172.30.16.20 || Cisco CBS350 || OTC-Picking Station || OTC-SWITCH || Gu20Da51NewEra || |
|- |
|- |
||
| + | | HABA-SWITCH || 172.30.16.21 || Cisco CBS350 || HABA-Picking Station || HABA-SWITCH || Gu20Da51NewEra || |
||
| − | | norwinusw || 172.30.16.15 || Netgear GS105PE || Norwin's office || - || visionit || Used to access multiple VLANs, network administration, and testing. This switch has PoE passthrough. |
||
|- |
|- |
||
| − | | |
+ | | HHC-SWITCH || 172.30.16.26 || Cisco CBS350 || HHC-Picking Station || HHC-SWITCH || Gu20Da51NewEra || |
| + | |- |
||
| + | | TEST-SWITCH || 172.30.16.23 || Cisco CBS350 || Outside Jeremy's office || TEST-SWITCH || Gu20Da51NewEra || |
||
| + | |- |
||
| + | | DCTEST-SWITCH || 172.30.16.24 || Cisco CBS350 || Manager's Office in DC || DCTEST-SWITCH || Gu20Da51NewEra || |
||
| + | |- |
||
| + | | jeremymsw || 172.30.16.16 || TP-Link SG105E || Jeremy's office || admin || visionit || Used for testing Yealink, web-managed smart switch |
||
| + | |- |
||
| + | | itlabswcisco || 172.30.16.19 || Cisco SG350-10MP || IT Lab/Cage || adminit || visionit || |
||
|} |
|} |
||
| Line 46: | Line 56: | ||
| '''1''' || Main LAN || 172.30.16.0/21 (172.30.16.1 - 172.30.23.255) || Default VLAN, untagged across the network for simplicity (so that every device doesn't have to be configured to talk this VLAN, or even be VLAN-aware at all). || Routed out Telus Fibre |
| '''1''' || Main LAN || 172.30.16.0/21 (172.30.16.1 - 172.30.23.255) || Default VLAN, untagged across the network for simplicity (so that every device doesn't have to be configured to talk this VLAN, or even be VLAN-aware at all). || Routed out Telus Fibre |
||
|- |
|- |
||
| − | | '''2''' || |
+ | | '''2''' || Alt LAN (Staff/ guest BYOD, Shipping terminals) || 192.168.0.1/23 (192.168.0.1 - 192.168.1.254) || Colloquially known as the "Guest VLAN", but staff wifi devices are not technically guest devices. Currently, shipping computers are on this network, but they should be moved to VLAN 7 when it is created. || Routed out Shaw Business Internet |
|- |
|- |
||
| − | | '''3''' || vMotion LAN || ?? || Small network to isolate vMotion traffic between the 3 virtual hosts. || |
+ | | '''3''' || vMotion LAN || ?? || Small network to isolate vMotion traffic between the 3 virtual hosts. || - |
|- |
|- |
||
| − | | '''4''' || Shaw WAN || Network of the Shaw static WAN IP (/ |
+ | | '''4''' || Shaw WAN interfaces || Network of the Shaw static WAN IP (/32) || Network to isolate WAN traffic between Shaw modem and Sophos WAN interface from the rest of the network. Lots of ARP going on here! || - |
|- |
|- |
||
| − | | '''5''' || Telus WAN || Network of our Telus WAN IPs (/27) || Network to isolate WAN traffic between Telus modem and Sophos WAN interface from the rest of the network. || |
+ | | '''5''' || Telus WAN interfaces || Network of our Telus WAN IPs (/27) || Network to isolate WAN traffic between Telus modem and Sophos WAN interface from the rest of the network. || - |
|- |
|- |
||
| − | | '''6''' || VoIP LAN || 192.168. |
+ | | '''6''' || VoIP LAN || 192.168.44.0/24 || Contains PBX and IP phones || Routed out Telus and Shaw (Sophos multipath) |
| ⚫ | |||
| − | | '''7''' || Alt LAN || 192.168.3.0/24 || Network containing business devices that we do not want in our main LAN e.g. shipping terminals, digital signage player || Routed out Shaw Business Internet, uses Telus Fibre as a backup. |
||
|} |
|} |
||
| + | |||
=Helpful Stuff= |
=Helpful Stuff= |
||
The command to view what MAC address(s) is in use on a port for the Cisco SG350 switch is as follows. You will need to login to the switch via SSH in order to do this: |
The command to view what MAC address(s) is in use on a port for the Cisco SG350 switch is as follows. You will need to login to the switch via SSH in order to do this: |
||
Latest revision as of 14:36, 9 October 2024
Overview
This is the main page for the LAN (wired network configuration) at uniPHARM.
Switches
This table outlines the physical network switches that make up the network.
| Hostname | IP address | Switch model | Location | Username | Password | Notes |
|---|---|---|---|---|---|---|
| coresw | 172.30.16.4 | Cisco CBS350 | Server room | adminit | Newvisionit! | Core switch. Stack of 3. |
| atpsw | 172.30.16.3 | 3Com 4200 | Server room | admin | visionit | Feeds data to POE injectors for Mirador temp. sensors (Retired) |
| accountingsw | 172.30.16.11 | Cisco SG350-28P | Accounting Wallmount Network Rack | adminit | NewVisionIT | POE, ~175W power budget |
| buyerswcisco | 172.30.16.18 | Cisco SG350-28P | Buying department closet | adminit | visionit | - |
| itsw | 172.30.16.6 | 3Com 4200G | IT department ceiling tile. Yup. | admin | visionis | - |
| cagesw | 172.30.16.12 | 3Com 3870 | Computer lab | admin | visionit | |
| dumpsw.unipharm.local | 172.30.16.7 | 3Com 4200G? | Electrical Room? | admin | visionds | - |
| pickingsw | 172.30.16.8 | 3Com 3870? | Rx picking zone network rack | adminit | visionit | - |
| receivingswcisco | 172.30.16.17 | Cisco SG350-28P | DC Manager's Office | adminit | visionit | - |
| wallsw | 172.30.16.9 | Cisco CBS250 | Candy Mezzanine | adminit | Newvisionit! | Functions merely to bridge the physical wiring between Receiving area and core network |
| OTC-SWITCH | 172.30.16.20 | Cisco CBS350 | OTC-Picking Station | OTC-SWITCH | Gu20Da51NewEra | |
| HABA-SWITCH | 172.30.16.21 | Cisco CBS350 | HABA-Picking Station | HABA-SWITCH | Gu20Da51NewEra | |
| HHC-SWITCH | 172.30.16.26 | Cisco CBS350 | HHC-Picking Station | HHC-SWITCH | Gu20Da51NewEra | |
| TEST-SWITCH | 172.30.16.23 | Cisco CBS350 | Outside Jeremy's office | TEST-SWITCH | Gu20Da51NewEra | |
| DCTEST-SWITCH | 172.30.16.24 | Cisco CBS350 | Manager's Office in DC | DCTEST-SWITCH | Gu20Da51NewEra | |
| jeremymsw | 172.30.16.16 | TP-Link SG105E | Jeremy's office | admin | visionit | Used for testing Yealink, web-managed smart switch |
| itlabswcisco | 172.30.16.19 | Cisco SG350-10MP | IT Lab/Cage | adminit | visionit |
- External link to backdoor access and hidden menus for the 3com 3870 switches http://etherhack.wikia.com/wiki/3Com_3870
- There is a spare, ready to use 3com 3870 24 port switch located at the very bottom of the networking rack in the server room. The switch has been reset to factory defaults and the username is admin and the password is blank. The switch is ready to be put into the core stack if needed.
VLANs
We started using VLANs in 2016, for the same reason why anyone would use VLANs - to manage/separate multiple networks using one physical switch infrastructure. The VLAN implementation being used is the standard 802.1q. The following table outlines the VLAN infrastructure.
| VLAN ID | Name | L3 Network / IP Range | Description | Notes |
|---|---|---|---|---|
| 1 | Main LAN | 172.30.16.0/21 (172.30.16.1 - 172.30.23.255) | Default VLAN, untagged across the network for simplicity (so that every device doesn't have to be configured to talk this VLAN, or even be VLAN-aware at all). | Routed out Telus Fibre |
| 2 | Alt LAN (Staff/ guest BYOD, Shipping terminals) | 192.168.0.1/23 (192.168.0.1 - 192.168.1.254) | Colloquially known as the "Guest VLAN", but staff wifi devices are not technically guest devices. Currently, shipping computers are on this network, but they should be moved to VLAN 7 when it is created. | Routed out Shaw Business Internet |
| 3 | vMotion LAN | ?? | Small network to isolate vMotion traffic between the 3 virtual hosts. | - |
| 4 | Shaw WAN interfaces | Network of the Shaw static WAN IP (/32) | Network to isolate WAN traffic between Shaw modem and Sophos WAN interface from the rest of the network. Lots of ARP going on here! | - |
| 5 | Telus WAN interfaces | Network of our Telus WAN IPs (/27) | Network to isolate WAN traffic between Telus modem and Sophos WAN interface from the rest of the network. | - |
| 6 | VoIP LAN | 192.168.44.0/24 | Contains PBX and IP phones | Routed out Telus and Shaw (Sophos multipath) |
Helpful Stuff
The command to view what MAC address(s) is in use on a port for the Cisco SG350 switch is as follows. You will need to login to the switch via SSH in order to do this:
- show mac address-table interface gi1 (or ge1 sometimes too)
The port name is visible from the switches web interface and goes from gi1 to gi28 or ge1 to ge28. Then cross checking the MAC address in Spiceworks for example will allow you to see who is plugged into what port - however all the Cisco switches should already have human readable labels attached to all in-use ports as of July 2019.