Networking Overview

The Mikrotik CRS309-1G-8S+IN functions as our core networking switch. It is capable of both layer 2 and layer 3 routing. See here for exact configuration details.

The Mikrotik CRS309-1G-8S+IN has 8 SFP+ 10G ports. Ports 1-3 are each linked to a TRENDnet TEG-3102WS.

Each TRENDnet TEG-3102WS has 8 2.5G Ethernet ports, these are connected to the patch panel where the Work PC's Ethernet is terminated.

Port 4 is used for the high speed storage server.

Port 5 is linked to a TRENDnet TEG-3102WS. This switch is used to provide 2.5G speeds to each server for the room.

Port 6 is linked to the Cisco WS-C3650-48FQ-S Catalyst 3650, a separate layer 3 capable switch used for the lab VLAN.

Port 7 is configured as a mirror port, and is used for traffic monitoring by the security onion server.

Port 8 is our upstream connection, it is linked to the Netgate 1100 pfSense Firewall.

The single ethernet port is used for management by the WinBox utility.

The room is divided into VLANs, designed to separate class and lab traffic and prevent downtime for the Work PCs. The VLANs and IP address structure are below.

There are additional addresses used for backend device communication: