LAB equipment (2/n)

As I stated in a previous post, I’m getting a LAB environment up and running, and the next step is getting the basic equipment together and up and running and making sure I have connectivity access to it.

Initial decisions:

  • Domain to use for Active Directory: escort.is
  • Deciding on IP address range to play with: 10.208.0.0/16
    • 10.208.1.0/24 – microsoft servers
    • 10.208.254.0/24 – other/management
    • 10.208.255.0/24 (split in /32’s for network connectivity)
  • Firewall: FirePower 2110 – racked up
    • I just got this.
  • f5: f5 2000s – was already racked up
  • L3 capable switch: Cisco 3750G-24 – racked up
    • This is the best I could find to start with, but it’s an EoS/EoL switch and doesn’t support everything I need (IBNS2.0) so I plan to find a replacement for it soon.
  • Connectivity to internet – done
    • I have a public /28 network dedicated for testing that I used.
  • Connectivity to UCS(vmware) – In progress, ish.
    • The c3750 is connected to the UCS Fabric Interconnect, but I will need assistance from a colleague with the vmware networking.
    • I made a temporary workaround (secondary IP address on another lab vlan) to get started with the virtual machines.

Here’s the diagram I “drew” while I was connecting the cables and “documenting” what port went where:

 

 

 

 

 

 

 

 

Putting it together:

The Cisco 3750G was running 12.2(25) IP base software with no crypto.
That limits my possibilities and I cant use SSH, so I upgraded it to 12.2(55)SE12 with crypto and enabled SSH.
After getting the inital connectivity working, and going through the quick setup of the firepower 2110 appliance, I was able to ping the 3750 from my computer but not the FirePower 2110.
However I was able to ping the FirePower 2110 from the C3750.
It probably took me 15 minutes of troubleshooting before I realized that I forgot to add “ip routing” command to the C3750 to make it act as a L3 device and not only as a L2 device.

When I had this working I proceeded to install a Windows 2016 server that I plan to use as a Active Directory Domain Controller.
I have limited or no experience with running AD, except within a LAB, so I’ll have to figure things out here as we move forward.
The AD server got the IP of 10.208.1.16, and that got my thinking: How am I going to manage IP addresses within this LAB enviroment?
The possible options are:

  • Not
    • No documentation, just try to remember what is being used and ping IP addresses to find out what is in use.
    • This method is widely used in both small and large production environments.
  • Excel spreadsheet
    • If you are ever in this position and think that a spreadsheet is a good place to manage your IP addresses, you’re going to the wrong path.
    • Whatever you do, this will not work.
    • I’ve seen this attempted multiple times, I’ve never seen a spreadsheet up to date.
    • This is commonly used by the same type of people that save all the system documentation to PDFs, because things should never change.
  • NetBox IPAM
    • free. Looks promising.
  • Men and Mice IPAM
    • not free.
    • This is in used in a few environments that I have access to, so it could be beneficial to add to the LAB.

I’m going to postpone this decision until later.

 

Leave a Comment