After an unintentional break from working on my lab, and writing about it, I figured today was a good time to jump back in and give a bit more insight into my networking woes that I mentioned in the last post. The short version is that the original design of my lab network was built upon incomplete knowledge of how VLANs work. As a reminder, below is the diagram I put together of this idealized network.
So looking at the diagram and thinking about my implementation from the Cisco SG300 down, everything was actually setup correctly. I had the VLANs deployed and configured, and connectivity appeared to be working the way I intended across those VLANs. The problem was that in order to configure outbound Internet access through my home router (actually a BAS-N600-DD), the home router needed to be made aware of all the VLANs that I created. I did the research and found that my router actually does support VLANs, however the interface and CLI commands necessary to correctly set everything up was not exactly intuitive or confidence-inspiring for me. Additionally, I wasn’t sure exactly what the impact would be if I simply flipped things so that the BAS connected out through the SG300 (aside from the need for a new firewall). This lab does exist within my home after all, and I needed to ensure Internet access wasn’t extensively disrupted to the various devices in use throughout the house. I had the same concerns about attempting the VLAN configuration on the BAS, combined with the fact that I really didn’t want to deal with the the headache of potentially bricking the configuration (even though I did take a backup).
Right now all the networking is functional, but essentially everything is an extension of my BAS-600-DD network. To make things somewhat sane, I have a series of CIDR blocks that I manually reserve for the Admin, VM, and Storage networks. The BAS has DHCP service enabled, but I’ve configured it to only allocate addresses out of a small portion of the full CIDR block that it manages. A nice benefit of this setup is that any machines I spin up on the network automatically get an IP address, which I can then modify later if I want. I’m not happy with the setup overall, but as I said, it’s functional for now.
In my next post, I’ll move on from the physical infrastructure and get into my virtualization setup. Beyond detailing what I am using and how it’s deployed, I’ll lay out some of the plans I have for that space going forward.