You’ve found my corner of the internet; My one external IP address out of 4.2 Million IPv4 addresses / 333.8 Million and growing domains.
This blog is where I will be posting about my homelab projects that I often undergo. I will also be posting notes and informational posts about tutorials that I find online, and anything else I learn as I go along.
I am not the worlds best blogger but hopefully as I do this more, it will get easier with time.
I’ve been super busy at work recently, I just finished up two big projects. We switched over to Mimecast’s email security suite. The whole deployment took a bit of planning and some of fixing of DNS/MX records but I am proud to say that the project is finished. So far, Mimecast has been working great and has been catching a lot more spam/phishing emails than the previous solution that was in place.
The other project I have been working on was switching over to unifi wifi setup with a Ubuntu VM as the Unifi Controller. Man, this project has been a headache and we ran into multiple roadblocks. The network diagram is configured as below. I had to trunk the port from out Cisco Firepower 2110 to all of the switches so we could put APs on any of the IDF switches.
At first, everything seemed fine… Then came the complains about not being able to connect. This seemed to be a DHCP issue with Windows Computers. All Android or iPhones were able to get a DHCP address but computers were not able to obtain an IP. Our Cisco Firepower was the acting DHCP server. I don’t know why but the Firepower was having some issues so I made the Firepower a DHCP relay to have our DC hand out DHCP. This seemed to fix the issue with people not being able to connect but then a new issue arose.
The APs would be working fine for hours and then they would all go to “Missing Heartbeat” status. After hours of troubleshooting, giving the APs static IPs, and hair pulling, I ended up putting the APs onto the same VLAN as the controller and allowed the wireless SSIDs to place people onto the correct VLAN.
Since then, the APs seem to be very stable and I have not seen any issues with the wireless. This was my first roll out of the Unifi APs and even though I pulled my hair out for days trying to see what I was missing, I would still recommend them to anyone needing an enterprise solution because of the controllers ease of use.
At the time of writing this, we do not have very much in place to enforce what passwords can and can’t be used on the network aside of the standard group policy controls. In the past, I used to gather AD Password hashes from the domain controller and then run the password through hashcat in order to give me a list of user passwords; The Domain Password Spray Powershell script from Dafthack changes everything.
I am currently working on setting up my website (austinoneil.com) to be SSL encrypted. The webserver is currently setup with Microsoft IIS and is not currently configured to be SSL secure. Today, we shall change this.
This is my network overview of the “Milkyway.Galaxy” domain. My entire network is named after planets and the solar system. Every week I decide to change/add/remove something so it’s constantly evolving. My network is broken into multiple VLANs to allow segmentation of the network. I use a custom built PfSense router running version 2.4.x as of the time of writing this. From my router, it feeds into my 2960x stack which is setup as router on a stick VLAN configuration.
Recently, I setup Grafana at my workplace to allow more visibility on our network. In the past I have played with Grafana in my homelab but I didn’t understand how It could be useful for me at the time when I only had one server. Now that I have a handful of servers that can be a pain sometimes to monitor, I’ve decided to give Grafana another go.
To kick things off on this blog, I want to talk about where I currently am in my life.
Unfortunately due to some family events at the end of 2017, I feel like I have been slacking for the past year. I am in a process of trying to straighten my life up from top to bottom. So what does that mean you may ask?