As I stated in a previous post, I’m getting a LAB environment up and running, and the next step is getting the basic equipment together and up and running and making sure I have connectivity access to it.
- Domain to use for Active Directory: escort.is
- Deciding on IP address range to play with: 10.208.0.0/16
- 10.208.1.0/24 – microsoft servers
- 10.208.254.0/24 – other/management
- 10.208.255.0/24 (split in /32’s for network connectivity)
- Firewall: FirePower 2110 – racked up
- I just got this.
- f5: f5 2000s – was already racked up
- L3 capable switch: Cisco 3750G-24 – racked up
- This is the best I could find to start with, but it’s an EoS/EoL switch and doesn’t support everything I need (IBNS2.0) so I plan to find a replacement for it soon.
- Connectivity to internet – done
- I have a public /28 network dedicated for testing that I used.
- Connectivity to UCS(vmware) – In progress, ish.
- The c3750 is connected to the UCS Fabric Interconnect, but I will need assistance from a colleague with the vmware networking.
- I made a temporary workaround (secondary IP address on another lab vlan) to get started with the virtual machines.
Here’s the diagram I “drew” while I was connecting the cables and “documenting” what port went where:
Putting it together:
The Cisco 3750G was running 12.2(25) IP base software with no crypto.
That limits my possibilities and I cant use SSH, so I upgraded it to 12.2(55)SE12 with crypto and enabled SSH.
After getting the inital connectivity working, and going through the quick setup of the firepower 2110 appliance, I was able to ping the 3750 from my computer but not the FirePower 2110.
However I was able to ping the FirePower 2110 from the C3750.
It probably took me 15 minutes of troubleshooting before I realized that I forgot to add “ip routing” command to the C3750 to make it act as a L3 device and not only as a L2 device.
When I had this working I proceeded to install a Windows 2016 server that I plan to use as a Active Directory Domain Controller.
I have limited or no experience with running AD, except within a LAB, so I’ll have to figure things out here as we move forward.
The AD server got the IP of 10.208.1.16, and that got my thinking: How am I going to manage IP addresses within this LAB enviroment?
The possible options are:
- No documentation, just try to remember what is being used and ping IP addresses to find out what is in use.
- This method is widely used in both small and large production environments.
- Excel spreadsheet
- If you are ever in this position and think that a spreadsheet is a good place to manage your IP addresses, you’re going to the wrong path.
- Whatever you do, this will not work.
- I’ve seen this attempted multiple times, I’ve never seen a spreadsheet up to date.
- This is commonly used by the same type of people that save all the system documentation to PDFs, because things should never change.
- NetBox IPAM
- free. Looks promising.
- Men and Mice IPAM
- not free.
- This is in used in a few environments that I have access to, so it could be beneficial to add to the LAB.
I’m going to postpone this decision until later.