Building an enterprise network at home

cat << EOF | curl -X PUT -d @- uberleet.org

Decided to upgrade to enterprise level gear for the home network for about $310!
This has solved some issues with shoddy wifi propagation mainly, but I wanted a decent security gateway too.

Hardware

  • Pfsense on a server (firewall/gateway/router) ($60)
  • Cisco Cataylist 2960S (24 port switch) ($40)
  • CISCO

  • 3 Ubiquity Wifi UAP access points ($150)
  • Rasberry Pi for DNS advertisement blocking/Ubiquity configuration server ($60)

Why PFsense?

I decided to go with this because the amount of features for free.
IPSec VPN, DNS, DHCP, Firewall, IDS (Suricata), Routing, Forwarding… it’s all there.

The install was as easy as grabbing a server and running

dd if=release.img of=/dev/sdb

setup asked me which VLANs and interfaces I wanted.
I noticed hardware checksum offloading on Asus NICS causes a ton of issues with the IDS and had to disable that (to little detriment on overall CPU.)

Cisco Cataylist 2960S
switch
Configured the uplinks for the Vlans and attached the appropriate interfaces. Once you learn IOS you never forget.
I notice the links on my Ubiquiti’s don’t negotiate at full duplex on both sides, this is likely a cable issue.

Rasberry Pi

I setup the DNS server and Ubiquity control software on the rasberry pi to keep these resources separate. Had one lying around and threw it up.

Ubiquity Access Points

I deployed 3 of these in my house with enough isolation to prevent receiver front-end overload. Two broadcast LAN1 SSIDs and roam, while one is dedicated to LAN2

 

EOF
POST_CATEGORIES = ['Uncategorized']
POST_TAGS = ''[6:].split(', ')

Leave a Reply

Your email address will not be published. Required fields are marked *