Network

Topology

/dev/hack reserves 10.213.0.0/16 as the devhack network containing devhack devices that we want to be accessible from eachother and also accessible from other organizations that we peer with over wireguard or other services. subnets can define further restrictions as needed

MGMT serves 10.213.0.0/24 and serves DHCP on 10.213.0.100 - 10.213.0.200 within it

CAMERAS are on 10.213.5.0/24

CORE serves 10.213.8.1/21 and serves DHCP on all of that except 10.213.8.1/24

VOIP serves

Universal Passwords

Enable (for serial + already logged in)
- devhack
SNMP R/O (community strings) (do not use these for write access)
- public
- devhack

Monitoring

SNMP

A POC deployment of LibreNMS is up at this URL: https://devhack-nms.owo.me

This is currently deployed in a colocation facility at KOMO Plaza. There will be plans to eventually deploy this on prem.

Your choice of SNMP scraping tools can be used on any network device with the default credentials if you know the device’s IP. Keep automated scrapes at a reasonable interval of 1 minute.

Netbox

this exists??

ISP

Item	Value
ISP	Atlas Networks
Gateway	66.170.190.193/29
Public IPs
/dev/hack	66.170.190.194
SCN	66.170.190.197-.198
Unclaimed	66.170.190.195–66.170.190.196

Wifi

devhack_guest : guest network (internet-only)
InternetOfShit : for all the IOT / misc devices
wlan0 : internal wifi for members only

For passwords for wifi networks, contact NetworkingTeam (avery & eliri)

IPv6 Service

AS21903 provides the following IPv6 announced from a machine in KOMO Plaza:

2602:fa6d:300::/48

AS21903 (Arnhem Networks LLC) is operated by Alyx, and NOC contact information can be found at ANL-357.

IPv6 service is provided on a best-effort basis.

It's routed over the wg4 Wireguard interface on the Edgerouter.

All interfaces have their own /64 address that matches the IPv4 network (if the v4 network is 192.168.10.0/24, the corresponding v6 network is 2602:fa6d:300:10::1/64).

The only exception to this rule is the GUEST network which doesn't have IPv6 configured at all. This is intentional, do not change it.

Disabling IPv6

To disable ipv6 per-machine (for various reasons, for example api.telegram.org bans our ipv6 address), run:

nmcli con m «connection name» ipv6.method disabled

And then restart the connection.

VLANs

These VLANs are configured on both the Router and the Switch. The IPs below are the ones configured on the Router.

Trunk - All VLANs
5 - CAMERAS
10 - CORE (10.213.8.1/21)
20 - MGMT / INT (10.213.0.1/24)
30 - PXE / MAAS (10.213.16.1/24)
60 - SCNPUB (?)
80 - OOB (10.213.80.1/24)
69 - CGHMN-RETRO
99 - ISP / WAN Atlas Networks (66.170.190.194/29)

These VLANs are configured on the Router, but aren't setup anywhere else. They're vestigial from the previous version of the network that used the Brocade ICX 6610 as the Switch and the 192.168.0.0/16 address range. They're free to use for other projects. Please move them to the above list when they're actually provisioned.

40 - VOIP (192.168.40.1/24)
50 - IOT (192.168.50.1/24)
70 - FLAN (10.213.28.1/22)

Keystone colors


Color	Description
YELLOW	Trunk
RED	CORE VLAN
BLACK	MGMT / INT VLAN
BLUE	READ DOCS / MISC

Port Configurations

Rack2 Ciscos
serverroom-sw(1)
Port Name	Port Type	Port VLAN	Native VLAN	Device
TenGigabitEthernet1/0/1	ACCESS	MGMT (20)		C240 M5 (smallpox)
TenGigabitEthernet1/0/2	ACCESS	MGMT (20)		C240 M5 (rubella)
TenGigabitEthernet1/0/3	ACCESS	MGMT (20)		C240 M5 (measels)
TenGigabitEthernet1/0/4	ACCESS	MGMT (20)
TenGigabitEthernet1/0/5	ACCESS	MGMT (20)
TenGigabitEthernet1/0/6	ACCESS	MGMT (20)
TenGigabitEthernet1/0/7	ACCESS	MGMT (20)
TenGigabitEthernet1/0/8	ACCESS	MGMT (20)
TenGigabitEthernet1/0/9	Unconfigured
TenGigabitEthernet1/0/10	Unconfigured
TenGigabitEthernet1/0/11	Unconfigured
TenGigabitEthernet1/0/12	Unconfigured
TenGigabitEthernet1/0/13	Unconfigured
TenGigabitEthernet1/0/14	Unconfigured
TenGigabitEthernet1/0/15	Unconfigured
TenGigabitEthernet1/0/16	Unconfigured
TenGigabitEthernet1/0/17	TRUNK	ALL
TenGigabitEthernet1/0/18	TRUNK	ALL
TenGigabitEthernet1/0/19	TRUNK	ALL
TenGigabitEthernet1/0/20	TRUNK	ALL
TenGigabitEthernet1/0/21	TRUNK	ALL
TenGigabitEthernet1/0/22	TRUNK	ALL		comms room
TenGigabitEthernet1/0/23	TRUNK	ALL		rack1 netgear
TenGigabitEthernet1/0/24	ISP	99		Atlas Networks
FortyGigabitEthernet1/1/1	TRUNK	ALL
FortyGigabitEthernet1/1/2	TRUNK	ALL	20
serverroom-sw(2)
Port Name	Port Type	Port VLAN	Native VLAN
TenGigabitEthernet2/0/1	ACCESS	MGMT (20)		KVM switch
TenGigabitEthernet2/0/2	ACCESS	MGMT (20)		shelly
TenGigabitEthernet2/0/3	ACCESS	MGMT (20)		devhacked (port1)
TenGigabitEthernet2/0/4	ACCESS	MGMT (20)		some lenovo desktop
TenGigabitEthernet2/0/5	ACCESS	MGMT (20)
TenGigabitEthernet2/0/6	ACCESS	MGMT (20)
TenGigabitEthernet2/0/7	ACCESS	MGMT (20)
TenGigabitEthernet2/0/8	ACCESS	MGMT (20)
TenGigabitEthernet2/0/9	Unconfigured
TenGigabitEthernet2/0/10	Unconfigured
TenGigabitEthernet2/0/11	Unconfigured
TenGigabitEthernet2/0/12	Unconfigured
TenGigabitEthernet2/0/13	Unconfigured
TenGigabitEthernet2/0/14	Unconfigured
TenGigabitEthernet2/0/15	Unconfigured
TenGigabitEthernet2/0/16	Unconfigured
TenGigabitEthernet2/0/17	Unconfigured
TenGigabitEthernet2/0/18	Unconfigured
TenGigabitEthernet2/0/19	Unconfigured
TenGigabitEthernet2/0/20	Unconfigured
TenGigabitEthernet2/0/21	Unconfigured	80		Reserved (OOB)
TenGigabitEthernet2/0/22	Unconfigured	80		Reserved (OOB)
TenGigabitEthernet2/0/23	Unconfigured
TenGigabitEthernet2/0/24	Unconfigured
FortyGigabitEthernet2/1/1	TRUNK	ALL		Rack3 juniper
FortyGigabitEthernet2/1/2	TRUNK	ALL		Rack3 juniper

Bauds

Server Room Cisco: 115200
Everything else: 9600

Switches


Installation	Service Area	Model	name	IP
R2 (core)	Core	C9300-24UX	serverroom-sw	10.213.0.6
R3 (hosting)	Rack 3			10.213.0.4
Sunroom	Sunroom		sunroom-asw-01	10.213.0.18
Sunroom	Roof	WS-C2960S-48FPD-L	roof-asw-01
Lounge	Lounge		lounge-asw-01
Foundry	Foundry		foundry-asw-01

Cisco and Cisco-alike Base Configs

vlan 5
name CAMERAS
!
vlan 10
name CORE
!
vlan 20
name MGMT
!
vlan 30
name PXE
!
snmp-server community devhack RO