Jump to content
  • 0
Sign in to follow this  
Followers 0

Redoing my network...

Question

Posted

Hello,

Well, I bit the bullet and got the microserver. Now it is time to plan before deploying:

I have this (excuse the crude Paint drawings):

[attachment=356713:network.png]

That R is the router and is a 802.11n The AP/Switch I believe is also 802.11n and extends my wireless network (on different channels but both broadcasting the same SSID). Both run DD-WRT. Laptop1 is 802.11n This can be done differently so Im willing to reconfigure it a bit The TV is 802.11g, the Blu-Ray is 802.11n, and the laptop2 is 802.11g

Two cells are 802.11n, one is 802.11g

Here is what Im thinking my new network is gonna look like:


[attachment=356715:newnetwork.png]

Noting that the Microserver has 2 LAN ports, one will be connected to my ADSL modem. The other will be everything else (DHCP/DNS/AD/NAS/etc). The router will turn into a AP giving everything on that level 802.11n and the rest will basically stay the same.

Thats part one. The "problem" I mostly see is the wireless networks. While Im on this, I wanna "fix" any issues I might have with them currently. I know the Blu-Ray connects at 802.11n because of the status screen (and because it is increibly able to stream HD content from my PC to the Blu-Ray). Obviously the TV doesnt really NEED wireless access but some people in my house are lazy and use it as a web browser :laugh:

Later, we will get with configuring pfSense and I guess Ill leave the WS2012R2 box for last (supposing I get ESXi working before)

I have questions about AD because local users are gonna turn into domain users and Im not really sure how to handle that with their files and settings and etc. Ideally I would like them NOT to notice ANY changes but I imagine this is very difficult to do.

I imagine this is gonna be a long thread so thank you to everything that participates before hand and has to put up with my limited and stupid knowledge. I apoligize before hand for my idiotic questions.

Thank you.

Share this post


Link to post
Share on other sites

33 answers to this question

  • 0

Posted

Ok for starters -- you have have copy of 2k12 server that you can use to run your domain in production. But you don't have visio ;)

Here use this then for your next and future drawings. http://www.gliffy.com/ FREE!!

Back to a domain? Why, what use do you have in a home setting? Your complicating it way too much! If you want to run 2k12 as domain sure, use another vm as its member to play.

There is no reason to run it as your production network and have your machines login into the domain for day to day access. There just isn't.

I have worked with windows domains, since before they were -- windows for workgroups 3.11, NT 3.51, NT 4, 2k, 2k3, 2k8, etc.. You think I have my pc or my wifes laptop, or any actual use box login to a domain? Why??

Now I do have a VM domain I can fire up if I need to validate or test something... But it really has little use in a home setup and is only going to bring you added headaches, especially if you have never actually used it.

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,

Ok for starters -- you have have copy of 2k12 server that you can use to run your domain in production. But you don't have visio ;)

Here use this then for your next and future drawings. http://www.gliffy.com/ FREE!!

Im a fan of creately.com :) Nice diagrams.

Back to a domain? Why, what use do you have in a home setting? Your complicating it way too much! If you want to run 2k12 as domain sure, use another vm as its member to play.

There is no reason to run it as your production network and have your machines login into the domain for day to day access. There just isn't.

One of the reasons is just because people in my house install too much crap on their PC. Allowing them to install A, B, etc. could be done with a domain (yeah, I could make them normal users and me admin on there but where is the fun in that :p )

I have worked with windows domains, since before they were -- windows for workgroups 3.11, NT 3.51, NT 4, 2k, 2k3, 2k8, etc.. You think I have my pc or my wifes laptop, or any actual use box login to a domain? Why??

I saw them in 2k :laugh: just to see the experience difference...

Now I do have a VM domain I can fire up if I need to validate or test something... But it really has little use in a home setup and is only going to bring you added headaches, especially if you have never actually used it.

Well, I could always undomain everything, right?

It doesnt have use in my home (much less the number of users) but it is a fun experiment :)

Share this post


Link to post
Share on other sites
  • 0

Posted

People installing crap is quite easy to FIX - Tell them to stop it, if you have a question if they should install something - ask. There you go problem solved ;)

Make them normal user, set password on admin account and set uac to require password to elevate. None of which requires a AD.. What are you going to use the AD for other than setting a couple of settings via GP? Set the GP local if you want to play.

Here is a question that has not come up from what I recall - what OS are they other machines running, home versions of windows can not even join a domain.

Its great FUN, do it it a VM and play all you want with another VM as client.. Your going to over complicate it, if after you have played and experimented with it for a while you feel that hey I want my real machines to be part of the AD, then join them then.

Keep in mind if you join machines to domain that their dhcp and dns should be the AD, not your router (pfsense).

Do what you want, happy to answer questions about AD until the cows come home - but I just do not see its place in a home setup, even for experiment for other users. Hey if you want to put your machine in go for it.. Cuz I tell you wants going to happen - something is going to not work exactly how you think it should, or you will make a configuration thing that is not right and now the users of your PCs that are member of the domain are going to have an issue.
1 person likes this

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,

People installing crap is quite easy to FIX - Tell them to stop it, if you have a question if they should install something - ask. There you go problem solved ;)

Make them normal user, set password on admin account and set uac to require password to elevate. None of which requires a AD.. What are you going to use the AD for other than setting a couple of settings via GP? Set the GP local if you want to play.

The problem is that since this is not work related, people can tell me to F off basically...

My wish would be to be able to "push" programs; Install them from the WS2012R2. Im not even sure if this is possible :) but the users would tell me "Hey I want Word" and I would be able to install Word remotely.
 

Here is a question that has not come up from what I recall - what OS are they other machines running, home versions of windows can not even join a domain.

Yup :) Checked this out. All machines are able to join a domain :)

 

Its great FUN, do it it a VM and play all you want with another VM as client.. Your going to over complicate it, if after you have played and experimented with it for a while you feel that hey I want my real machines to be part of the AD, then join them then.

I do feel that I (my PC and/or laptop) should be the first one to join the AD and test it out anr play with it. The problem is that being obvious admin, I wouldnt have much problems.

Now that I say that, question: There should be a domain admin and a computer(s) admin right? Example: UserA should be domain admin, UserB should be admin of all computers in the domain, and UserC should only be admin of his own computer. Correct?
 

Keep in mind if you join machines to domain that their dhcp and dns should be the AD, not your router (pfsense).

That is a touchy subject which I imagine Ill get in when I start with pFsense...

pFsense should be my gateway and WS2012R2 should point to it as gateway to pass to all other clients when DNSing/DHCPing right?

 

Do what you want, happy to answer questions about AD until the cows come home -

Never heard that one.

 

but I just do not see its place in a home setup, even for experiment for other users. Hey if you want to put your machine in go for it.. Cuz I tell you wants going to happen - something is going to not work exactly how you think it should, or you will make a configuration thing that is not right and now the users of your PCs that are member of the domain are going to have an issue.

I agree that I should first test it on my physical machine out first. Then, when I think Im ready, I should deploy it to the rest.

I feel also doing this, after a few months in my home, that I should be able to somewhat, admin my work domain a bit better. I have no idea of some things but I think this would be a good practice exersize. But before all that pFsense...


pFsense looks pretty straight forward and Ive been reading some simple tutorials. I do have questions about my other two APs: How exactly do I set them up?

This is my router's wireless settings right now:

[attachment=356723:router.png]

I cant access right now the other one because its on a 192.168.2.x network so...

Other settings:

[attachment=356725:moresettings.png]

Here there are a bunch of things wrong or that need to be changed.

First thing is that the connection is set to PPPoE when as soon as I change to pfsense I need to be.....? This AP is NOT going to be my DHCP server but I need to be able to pass out addresses to wireless clients from the WS2012R2...

Later, that gateway: I have NO idea why it is 192.168.2.1 I imagine that 192.168.2.1 is the other AP but why is the router pointing THAT as its gateway? Must be some tutorial I watched....

Later I see I can change that to a DHCP forward which looks good for what this AP is going to do.

Obviously I left no-ip as the address because I need pfsense to do DDNS. BTW, some of these things are obvious but Neowin is making me a good "to-do" list if I forget...

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,

I wasnt able to find the server applicance again (I downloaded it at work and now want it at home) but I was able to get the one we downloaded in the first place so....it will have to do.

The microserver should arrive tommorow (in theory) so...

Share this post


Link to post
Share on other sites
  • 0

Posted

You mean the vcenter appliance -- why do you need that? I would think you would go with 5 or 5.1 after all the talk of management of 5.5?

And even if you go with 5.5 vcenter really brings nothing to the table in a home setup.

As to your APs -- why do they even need gateways? For what reason does the AP actually have to get off your network.. Why would it need to phone home for example? If you want to point to a ntp server, point to one inside your network - esxi provides ntp server, pfsense can be a ntp server, etc. Unless you need to get off the network in the ap web gui or ssh'd to it they have no need of a gateway. But yes anything that needs a gateway should point to pfsense lan IP when you get it setup.

As to when the cows come home - its a bit dated, remember I have generation on you ;)
http://idioms.thefreedictionary.com/until+the+cows+come+home

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,

You mean the vcenter appliance -- why do you need that? I would think you would go with 5 or 5.1 after all the talk of management of 5.5?

Yup. Well, I could manage it with Workstation but I still want the (free) appliance to learn from it.

As to your APs -- why do they even need gateways? For what reason does the AP actually have to get off your network.. Why would it need to phone home for example? If you want to point to a ntp server, point to one inside your network - esxi provides ntp server, pfsense can be a ntp server, etc. Unless you need to get off the network in the ap web gui or ssh'd to it they have no need of a gateway. But yes anything that needs a gateway should point to pfsense lan IP when you get it setup.

I believe they are configured like this to extend the range of the same wireless network instead of having two. Its something I read in a DD-WRT tutorial. Might be outdated.

If I understood you correctly, the aps should then be:

AP
IP: 192.168.1.6 (AP1) / 192.168.1.7 (AP2)
Sub: 255.255.255.0
GW: Blank, 0.0.0.0 or 192.168.1.1 (which is the LAN IP SIDE of pFsense)

Correct?

Good news: The gen 8 arrived today.
Bad news: The 8GBs didnt.

Im gonna go ahead and start with the pFsense setup today. ESXi is going on a USB 2.0 2GB flash drive. As for pFsense....does it apply like Workstation? I have a 1TB and select what I want to use of it for the VM?

Share this post


Link to post
Share on other sites
  • 0

Posted

Yes your AP gateway would be block or point to pfsense.

As to pfsense and 1TB?? Your nuts, it needs at most few GB for disk space ;) What do you think it would do with 1TB of disk?

As to the vcenter appliance

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2007619
Downloading and deploying the vCenter Server Appliance 5.x (2007619)

[attachment=356775:pfsensedisk.png]

I gave pfsense vm 4GB disk.. Its not even touching that..

[2.1-RELEASE][root@pfsense.local.lan]/root(2): df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/da0s1a 2.9G 597M 2.1G 22% /
devfs 1.0k 1.0k 0B 100% /dev
/dev/md0 3.6M 60k 3.3M 2% /var/run
devfs 1.0k 1.0k 0B 100% /var/dhcpd/dev

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,

As to pfsense and 1TB?? Your nuts, it needs at most few GB for disk space ;)

NO! NO! :laugh: :rofl: Im crazy but not that crazy.

In Workstation, you have your OS installed on a 1TB HDD. When making a VM, you make a disk in Workstation (of example 20GB). What I ment is if this is the same way: Do I make a disk of say 4GB (like you, and it seems like overkill) and thats it? Or do I have to manually partition?


 

As to the vcenter appliance

http://kb.vmware.com...ernalId=2007619
Downloading and deploying the vCenter Server Appliance 5.x (2007619)

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2007619
Downloading and deploying the vCenter Server Appliance 5.x (2007619)


I feel like a moron because I end up here (following the instructions): https://my.vmware.com/web/vmware/details?downloadGroup=VC550B&productId=353&rPId=5008 it asks me to register, I do, then it says i cant download it ???

 

attachicon.gifpfsensedisk.png

I gave pfsense vm 4GB disk.. Its not even touching that..

[2.1-RELEASE][root@pfsense.local.lan]/root(2): df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/da0s1a 2.9G 597M 2.1G 22% /
devfs 1.0k 1.0k 0B 100% /dev
/dev/md0 3.6M 60k 3.3M 2% /var/run
devfs 1.0k 1.0k 0B 100% /var/dhcpd/dev

:laugh: That 1TB thing to pfSense was a misunderstanding, sorry.


BTW, Neowin, after I get pfSense up and running Ill problably post a user review since the guy that won his Gen8, hasnt really said anything about it here and didnt post a user review. Ill try to add as much as I can and also compare it to the Neowin review :)

For now, Im really feeling iLO 4; Remember that this is very new to me so I may be easyly impressed but it looks nice to manage it. The only "but" Im for now putting is that the fan is pretty loud, even from first boot and now idle setting saying it cannot find anything to boot off.

Its obvious I have to dedicate my weekend to his box as I dont have time. Ill problably get today and tommorrow thru the ropes; As in Ive only found the web console for iLO; Havent found the Windows console yet (if there is one)

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,

Another but except this really isnt the server's fault, is that the warranty is set to expire November of this year :( Thats just where I bought it from I guess. Also, the serial number SEEMS to be specified to a Pentium, not a Celeron processor. Just little its and bits.

Been powered on all night idle. In 11-12 hours, let me see if I can get some time to at least install ESXi....

Share this post


Link to post
Share on other sites
  • 0

Posted

"the fan is pretty loud"

I told you about that - and linked to thread talking about it.

As to the disk in esxi, for pfsens just create a 4, could prob go 2 and yes pfsense will do everything to the disk you don't have to do anything. Do you have freebsd to partition with ;) pfsense runs of freebsd so you wouldn't create partitions and format with windows ;)

As to your download - did you get a trial license? That link downloads fine for me after I log in.

[attachment=356811:downloadappliance.png]

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello

"the fan is pretty loud"

I told you about that - and linked to thread talking about it.

Its not that bad in idle; Ill have to check under load.

I have a couple of places I can tuck it away so...

It has developed a buzz from the back fan so Im RMAing it on Monday :( Either that or a tech from HP will come by and fix it.


As to the disk in esxi, for pfsens just create a 4, could prob go 2 and yes pfsense will do everything to the disk you don't have to do anything. Do you have freebsd to partition with ;) pfsense runs of freebsd so you wouldn't create partitions and format with windows ;)

OK :)

As to your download - did you get a trial license? That link downloads fine for me after I log in.

attachicon.gifdownloadappliance.png

For some strange reason I cant find the link :s

Share this post


Link to post
Share on other sites
  • 0

Posted

the actual download - you prob don't see it unless you have gotten a trial of esxi

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,

the actual download - you prob don't see it unless you have gotten a trial of esxi

Finally found it (and a firmware update for iLO)

I feel like a "I told you so" is coming :p but the fan connectors on the Gen8 are some propitiatory 6pin connector. After HP comes to fix it, I might swap it out for a lower spinning fan and forget about fan control...

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,

After some time, finally tommorow someone is coming by to check out the fan and replace it.

Ill leave it running again from tommorow and see if it fails again or not.

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,

Well the technical support guy came today. Called the noise little and hes worked on servers much louder (kinda of arragont guy) but I am very sure most of you would have said the same thing :) Im just worried that it started 3 days after being idle and with the warranty dying in Nov...

Never the less, he called his replacement department, described the noise as a "electrical buzz" (I would have described it exactly the same) and gave me the option of either replacing the fan or the server.

I really didn't think it thru (I would have thought he brought a replacement fan on him but didn't) so I choose to replace the entire server. Its better safe than sorry don't you think?

15 days till someone comes and picks up the old one and gives me the new one. He actually told me that they destroy these faulty servers (I was surprised at that) but the tone he said it, it sounded like it was my problem or I should feel sorry. I don't at all.

Anyways, Im getting it replaced I guess...its sad its gonna take SO long...

Share this post


Link to post
Share on other sites
  • 0

Posted

lol you should hear the PowerEdge server I have then if you think your microserver is loud. 

 

Sounds like you're over complicating your setup at home. 

 

- Keep DNS and DHCP with the router, and keep it all hardware. If you want your router to have special\advanced features, buy a box that supports them. Turning a PC into a router is a waste of electricity, hardware, and man hours.

 

- No need for AD. Install Server 2012R2 as a standalone box, create some local user accounts on the server itself and use them on your clients. Maybe even use Win7\8.1 instead of Server.

 

- Deploy software at home? It'd  be a lot quicker to create a file share on your server with all the installs, and then browse and click install on the clients.

 

- If you want to play with VMWare, go for it - but I suggest staying away from vCenter as you'll get no benefit (besides maybe templates). 

Share this post


Link to post
Share on other sites
  • 0

Posted

Agree with the vcenter, it makes no sense in a home setup - just uninstalled mine after the trial.  It was just sucking up host resourcesfor no reason in a home setup.  It uses a LOT of ram, even tweaked down to 3GB, when you only have 16 I could use that for like 3 other vms at 1GB each that actually do something - for example just fired up a vm to run splunk.

 

Also agree running an AD in your home is just complication for no good reason, now if you want to fire it up and join a vm or two it for play/learning great, but I would not put your physical use every day machines in it.

 

And its only the gen8 that has noise issues, my n40l is quiet as mouse - its sitting here right next to me on the floor and other than the HP light and the power light on the button I would not know its on.

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,

lol you should hear the PowerEdge server I have then if you think your microserver is loud.

We have two PowerEdges here; One is old and its it loud as hell (about 5 meters way and a door and if I conc

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,
We have two PowerEdges here; One is old and its it loud as hell (about 5 meters way and a door and if I conc

Share this post


Link to post
Share on other sites
  • 0

Posted

"- I find "soft" routers to be a pain in the ass to setup"

 

And how many have you played with?  What do you think runs on hardware? Setting up "soft" router is no harder than configuring some hardware you buy with the software already installed.  So you have a hard time following instructions like which nic is your wan and which is your lan?  Cuz other than that the install doesn't ask you much.  After that is no different than any "hard" router.

 

For that matter there are many people running pfsense on watchguard hardware ;)

 

As you suggest esxi - that is great place to run this "soft" router..  Running your router in VM on top of your OS in something like virtualbox or vmware player I would not really suggest that, but if your going to dedicate hardware to your VMs anyway - its quite simple to leverage that hardware to run your router as well.. If it has at min 2 nics its no different than running any other router.

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,

- I find "soft" routers to be a pain in the ass to setup. I've always found finding a hardware solution (watchguard, or something along those lines) has always been less troublesome setting up than software solutions (that I suspect runs in a VM ontop of linux\Windows). But then again, if you've got the time to play around with all - go for it!

Really when it comes down to it, all routers are "soft" routers. They all run software (a OS) on hardware. And I would agree that most of them are harder (well, harder, just takes a min or two and BudMan ;) to get it up and running ) but in the long run I think it will be worth it.

I would be running this (and the rest) on strictly ESXi. No OS.

- By box, I mean VM.

Um:

buy a box

as a standalone box

No you didnt.


- When I say VMWare I mean ESXi, not Workstation. I'm just saying vCenter benefits are geared mainly towards enterprise. The only thing I can you see you getting any benefit out of is the option to create templates (but you can do that in standalone ESXi via duplicating a sysprep'd vm).

Ive read that from BudMan and others that it brings nothing to the table. Im trying to search what limitations I would have ESXi 5.1 (based on VMs from Workstation 9) vs ESXi 5.5 (based on VMs from Workstation 10) (besides one being compltely free and the other not)

- If you want to do software deployment, look into SCCM.

I imagine you are talking about this: http://www.microsoft.com/en-us/server-cloud/products/system-center-2012-r2-configuration-manager/

- By standalone I mean install server into a VM

Again:

buy a box

as a standalone box

You might have mistaken in your post...
 
 

"- I find "soft" routers to be a pain in the ass to setup"
 
And how many have you played with?  What do you think runs on hardware? Setting up "soft" router is no harder than configuring some hardware you buy with the software already installed.  So you have a hard time following instructions like which nic is your wan and which is your lan?  Cuz other than that the install doesn't ask you much.  After that is no different than any "hard" router.
 
For that matter there are many people running pfsense on watchguard hardware ;)
 
As you suggest esxi - that is great place to run this "soft" router..  Running your router in VM on top of your OS in something like virtualbox or vmware player I would not really suggest that, but if your going to dedicate hardware to your VMs anyway - its quite simple to leverage that hardware to run your router as well.. If it has at min 2 nics its no different than running any other router.

Initial setup I think is the "hardest" part. But besides that? From what Ive read its all smooth sailing...

BTW, Im gonna have to get another switch. The NetGear 5 port seems like its not enough for this setup...

Share this post


Link to post
Share on other sites
  • 0

Posted

Why do you need another switch?  Your cable modem is direct into the esxi host, no switch.  Your lan goes into your switch just like your old router use too.. So switching to this setup requires no extra switch ports than running normal router.

 

Did you buy another nic for the gen8 so you can breakout vmkern?  If not what else is eating up your switch ports.

Share this post


Link to post
Share on other sites
  • 0

Posted

Hello,

Why do you need another switch?  Your cable modem is direct into the esxi host, no switch.  Your lan goes into your switch just like your old router use too.. So switching to this setup requires no extra switch ports than running normal router.
 
Did you buy another nic for the gen8 so you can breakout vmkern?  If not what else is eating up your switch ports.

Damn, you reply quickly :p

I was making a diagram of my new thought:

[attachment=357569:change.png]

The green wire is the new config and the red wire is the one that is extra. Why would I do this?

Lets say the ESXi box's pfSense for some reason breaks, the PSU pops, the installation breaks, etc. millions of things. That "exrouter" running DD-WRT Im sure can be configured that if it doesnt detect a WAN connection from the pfSense, can start a PPPoE backup connection itself. So basically it would be my backup PPPoE :)

What are your thought on this, BudMan?

Share this post


Link to post
Share on other sites
  • 0

Posted

That it won't work, and is pointless -- your router is listed as an AP.  So how does it magically become a gateway on pfsense loss of wan?

 

What is going to tell all your dhcp clients to start using your new magic gateway as their gateway?

 

Sure if the gen8 box blows up, you could take any of your other routers your now using as AP to be used as your gateway.  You enabled their dhcp, you connect your modem wire into their wan port, renew all your dhcp clients to get the new info now from your routers dhcp and your up and running.  That would take you all of maybe 5 minutes to do.  There is no reason to try and setup a backup solution that auto kicks in a home setup where your hardware blows up.

 

Your drawing shows pfsense with only 1 interface?  So you going to run wan and lan over the same physical interface, vlans?  Yeah your not going to get that to work - what was your switch?  Does it support vlans?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.