More home network fun
A while back I wrote up my personal network build. Recently I swapped out the SSG5 that I had on loan for a cheaply available 5gt. The 5gt went EOL last year, but it’s a pretty reasonable box.
I had an interesting time figuring out the quirks of the 5gt, and I now have some respect for what Juniper did to the line after they bought up Netscreen.
Notable things about the 5gt: The interface names are lame. If you change the interface mode, the config will be defaulted.
Only the Trust/Untrust mode supports tagging, so that’s what I ended up with.
Netscreen thought it would be funny to make you use zone Trust on interface Trust. (same with Untrust) I ended up creating subinterfaces on interface trust and placing them into the custom zones that I wanted.
To use it, I put all the end point ports on my Cisco switch into vlan access and set the uplink port to 802.1q trunk mode.
I’ve done the same thing with my wireless controller, so now I can create unlimited wireless networks and up to 10 tagged subinterfaces on the 5gt.
In order to annoy my freeloading neighbors more, I re-created my guest network and rate limited it by policy to 256kbps. Guest users should be able to get basic internet, but now they can’t over run my bandwidth. It should also discourage any behavior that could encur the wrath of a dmca notice.
Finally I took advantage of the SIP alg on the 5gt to allow my sip trunk to work.
At this point I’ve got a one hella sweet network build for the house. I may shove a router inline so I can generate netflow statistics, but I’m not all that bored this week.