Archives

All posts for the month January, 2018

BACKGROUND

Most people don’t have this problem on a Home or Small Office network.  Being a Cisco fan (Cisco networking), I eat my own dog food when it comes to networking at my house.   We live in a two story victorian home, circa 1886 with all its charm, it has 21st century smarts.  When we moved into our home, one of my firsts projects was to put in an “enterprise” type of network, using all Cisco network equipment.  This meant, amongst other things, installing wired ethernet drops in every room.  Each room has a CAT5 drop for phones, security cameras, and access points.  Each room has a Cisco 7960 voip phone/intercom and we enjoy having room to room intercom, whole house paging, and land line (for free) using Google Voice for PSTN termination.  Sure, WiFi is great, but is best used for laptops and mobile devices.  Non-mobile devices like phones, cameras, DVR, and multimedia (TVs, set top boxes, etc) are all ethernet connected for maximum reliability and performance.  As you can imagine, fishing wired network drops through old horsehair plaster & lathe walls is NOT a fun undertaking!  The older construction of our home and the options for installing jacks in older 20th century construction requires a great deal of patience and finesse to ensure a good outcome.  That all being said, I was determined to complete this project.   

When I ran all the cables to a central point in a closet upstairs, which became the server/controls closet, I setup my core switch (a Catalyst 3750 stacked with a 12 port Cisco SFP gigabit switch) and router (a Cisco 3825).  I provisioned different vlans for differing uses:

  • Kids network
  • Multimedia
  • Home Lab
  • Automation & Control
  • Home Office
  • Guest Network
  • Network Management
  • Voice

Each vlan was established with its own 10.x.x.x/24 subnet and by building the network in this way, allowed me to ensure separation of traffic and use ACLs to provide additional security by application.  With great flexibility on how I could build this, came a level of complexity not seen in most Home networking, but by building our network in this way, allowed for some really cool features.   I had to be sure to build a backup and recovery scheme that could backup all the route, ACL, DHCP pool, NAT, VLAN, and interface configuration!  What if I lost a switch, or made a mistake and needed to recover?   Given the cost of Cisco equipment, I wasn’t buying my gear new, but rather used from Ebay for pennies on the dollar.   I had to be prepared in case a switch let go.

THE SOLUTION

I had a few Raspberry Pi boards laying around, and decided to cook up a quick and cheap solution.   I killed two birds with one stone.   I had planned to use the Pi for building a GPS time source (for accurate stratum 0 NTP time on my network).  I decided to setup a folder on the Pi and TFTP server, as well as a cron job to automate a bash/expect script to login to each Cisco device and TFTP its configuration to the folder on the Pi every week.  The script creates time stamped backup configs for each switch should I ever need to restore.  In addition, each network switch is set to be an NTP peer with the GPS clock on the Pi – BONUS!

An example of the expect script: 

Showing the TFTP folder with all the Cisco backups: 

This quick and dirty “get out of jail free” card has already saved my bacon at least once.  Restoring the config to a switch via TFTP is a well documented procedure that is in Cisco’s documentation.