Network Operations
From Hack Manhattan Wiki
Administrivia
Operations Contact List
| Name | Phone | |
|---|---|---|
| Hack Manhattan Space VoIP Phone | admin <at> hackmanhattan.com |
+1-646-513-4503 |
Passwords
Every board member should have access to most of the relevant passwords. Some passwords for financial accounts are only held by a couple of board members.
IRC
At the moment only guan, rmd6502, and jacolatern have AFRefiorstv mode on #hackmanhattan on Freenode. obscurite has fo but that's a really weird setup.
Out of House Infrastructure and Utilities
Spectrum
34 West 37th's only option was spectrum business. $89.99 and (400MBPS DL/ 20MBPS UL) *needs confirmation
Network Infrastructure
Network Patch
34W37 has a network patch with rj45 ports going to multiple jacks across the unit.
| Port | Wall | Identifier | Device | Comment |
|---|---|---|---|---|
| 3 | South | S3 | AC1750 Router | Provides primary Wifi |
| 4 | East | n/a | n/a | |
| 5 | East | n/a | n/a | |
| 6 | East | n/a | n/a | |
| n/a | n/a | n/a | ||
| 9 | West1 | n/a | E3P Octoprint? | |
| 10 | West2 | n/a | Uwuntu | |
| 11 | West3 | n/a | n/a | |
| 12 | West4 | n/a | n/a | |
| 13 | West5 | n/a | n/a | |
| 14 | West6 | n/a | ||
| n/a | n/a | n/a | ||
| 17 | East | n/a | Main table Switch | |
| n/a | n/a | n/a |
Static IP allocations (as of 2019-04-17)
Sorted by IP.
⁂: Hesiod enabled. i.e. if you have a hesiod dns record set (ask mz) you can log into all these machines with centralised credentials.
Assigned by DHCP
| Hostname | IPv4 address | MAC address | Device | Maintainer | Comment | Location |
|---|---|---|---|---|---|---|
| space.hackmanhattan.com | 192.168.42.1 | 64:70:02:77:ec:e0 | TP-Link TL-WDR4300 v1 | mz-ish & Guan-ish & Beadsland-ish | Network cubby | |
| 137W14 | 192.168.42.10 | e8:de:27:f9:cc:27 | TP-LINK WR841N | citybadger | Harry Potter Closet | |
| brother-printer | 192.168.42.15 | 30:05:5c:f6:35:db | Brother HL-L2380DW | N/A | Under the tool shelf | |
| chromecast | 192.168.42.16 | 48:d6:d5:39:28:f8 | Chromecast (not 4K) | mz | Shows our space dashboard | Attached to the TV by the desks |
| octoprint-main ⁂ | 192.168.42.17 | b8:27:eb:38:84:a2 | RaspberryPi | jay-ish & mz-ish & beadsland-ish | By the 3D printer t | |
| hydrocontroller ⁂ | 192.168.42.18 | b8:27:eb:5e:c5:bc | RaspberryPi | jay | On the roof | |
| buzzer-pi-shop ⁂ | 192.168.42.19 | b8:27:eb:b4:da:cb | RaspberryPi | jay-ish & mz-ish & beadsland-ish | By the shop buzzer, showing the dashb. Runs OpenVPN for use by jay. | |
| rfid-access-space ⁂ | 192.168.42.20 | 64:cf:d9:fd:42:93 | BeagleBone Black | mz & Guan | Attachted to the back of the space door | |
| rfid-access-building ⁂ | 192.168.42.21 | 64:cf:d9:fd:23:00 | BeagleBone Black | mz & Guan | Also hosts the door camera | Building door, top right when you enter |
| voip-phone (replacement) | ? | ? | Polycom VVX-410 | ? | Laptop island | |
| voip-phone (deprecated) | 192.168.42.30 | 00:0b:82:4d:a0:6c | Grandstream GXP1400 | Guan | Under the network cubby | |
| voip-elevator | 192.168.42.31 | 00:0b:82:47:26:30 | Grandstream HT701 | Guan | Elevator shaft shed on the roof | |
| voip-grandstream | 192.168.42.33 | 00:0b:82:ad:e8:21 | Grandstream HT814 | Guan & mz | Phone gateway for teletron8000 | In the network cubby |
| bricolage | 192.168.42.50 | 98:90:96:d0:63:4a | Dell Optiplex 9020 | Beadsland & jay-ish | On the shelf by the window | |
| box0rs | 192.168.42.100 | f0:de:f1:03:00:0f | Lenovo T410 | mz | In the network cubby | |
| teletron8000 ⁂ | 192.168.42.108 | 00:16:3e:5e:e2:ee | box0rs | Guan-ish & mz-ish | asterisk server hosting the phone project |
Note: there used to be no system with regards to how these IPs are assigned, it was basically just whatever DHCP first gave these machines made permanent through OpenWRT's LuCI. New devices ought to be assigned to up to 192.168.42.150
Static configurations
| Hostname | IP address | MAC address | Device | Maintainer | Comment | Location |
|---|---|---|---|---|---|---|
| ap-west | 192.168.42.2 | 30:b5:c2:b2:76:3a | TP-Link Archer C7 | mz-ish | AP/switch for WPA2-PSK | mounted on the left side of the tool shelf |
| ap-elevator-shaft | 192.168.42.6 | 64:66:b3:c6:f1:d4 | TP-Link TL-WDR4300 v1 | Guan-ish & mz-ish | AP/switch for the rooftop | Inside the elevator maintenance shed |
| 3rdfloor | 192.168.42.7 | 64:66:b3:fa:af:c4 | TP-Link TL-WDR4300 v1 | Guan-ish & mz-ish | AP/switch for the 3rd floor | 3rd floor, left from the office hallway door |
| wrtnode-webcam | 192.168.42.22 | 64:51:7e:80:06:d6 | WRTNode | Guan-ish & mz-ish | Hanging by the cubby power strip |
Not integrated in our normal network
| Hostname | IP address | MAC address | Device | Maintainer | Comment | Location |
|---|---|---|---|---|---|---|
| 192.168.88.1 | 64:d1:54:ad:12:04 | MikroTik SXTsq 5 ac | N/A (yet) | For potential LinkNYC uplink | Mounted on the satellite dish on the rooftop |
Notes about subnets, routes and DHCP
Since bo.x0.rs provides its own 10.133.7.0, 10.8.0.0, 10.0.59.0, and 10.0.93.0 subnets, it essentially acts as a second router. Hence, we send out classless static routes via DHCP to make sure none of the clients run into problems and the containers can identify which device is talking to them. This also means static routes are set on the router, plus the necessary DHCP-options may be found in LuCI: Network -> Interfaces -> lan -> DHCP -> Advanced -> DHCP Options.
Since the spec says to ignore the default route packet if classless static route options are seen, we include the default route in the static routes we send out.
Dynamic allocations start at 192.168.42.150.
Network Hierarchy (as of 2019-08-09)
---
network:
- name: foo
type: router
children:
- name: verizon
type: uplink
interface: em0
- name: 24-port-switch
type: unmanaged-switch
interface: em1
vlans:
- name: NYC Mesh
vid: 68
- name: NYC Mesh Clients
vid: 99
children:
- name: box0rs
type: server
- name: cnc
type: device
- name: rfid-access-space
type: device
- name: buzzer-pi-shop
type: device
- name: voip-space
type: voip-phone
- name: voip-teletron8000
type: voip-ata
- name: wrtnode-webcam
type: device
- name: north-switch
type: unmanaged-switch
children:
- name: ap-basement
type: ap-switch
wireless:
- ssid: hackmanhattan west
wpa2: true
- ssid: hackmanhattan west 5Ghz
wpa2: true
- ssid: -NYC Mesh Community WiFi-
vlan: 99
crypto: false
- ssid: nycmesh-3664-inside
vlan: 99
crypto: true
- name: west-switch
type: unmanaged-switch
children:
- name: ap-west
type: ap-switch
wireless:
- ssid: hackmanhattan
crypto: false
- ssid: hackmanhattan west
crypto: true
- ssid: hackmanhattan west 5Ghz
crypto: true
- ssid: -NYC Mesh Community WiFi-
vlan: 99
crypto: false
- ssid: nycmesh-3664-inside
vlan: 99
crypto: true
- name: octoprint-main
type: device
- name: brother-printer
type: printer
- name: bricolage
type: server
- name: hallway-switch
type: unmanaged-switch
children:
- name: ap-south
type: ap-switch
wireless:
- ssid: hackmanhattan
crypto: false
- ssid: hackmanhattan west
crypto: true
- ssid: hackmanhattan west 5Ghz
crypto: true
- ssid: -NYC Mesh Community WiFi-
vlan: 99
crypto: false
- ssid: nycmesh-3664-inside
vlan: 99
crypto: true
- name: ap-3rdfloor
type: ap-switch
wireless:
- ssid: hackmanhattan
crypto: false
- ssid: hackmanhattan west
crypto: true
- ssid: hackmanhattan west 5Ghz
crypto: true
- ssid: -NYC Mesh Community WiFi-
vlan: 99
crypto: false
- ssid: nycmesh-3664-inside
vlan: 99
crypto: true
- name: rfid-access-building
type: device
- name: elevator-shed
type: unmanaged-poe-switch
poe: 48V @ 1.25A
children:
- name: mesh-hub
type: ap-switch
poe: 18W
wireless:
- ssid: -NYC Mesh Community WiFi-
vlan: 99
crypto: false
- ssid: nycmesh-3664-back
vlan: 99
crypto: true
- ssid: nycmesh-wds
vlan: 68
crypto: true
- name: ap-mesh-hybrid
type: ap-switch
poe: 24V @ 3A - ~18W
wireless:
- ssid: hackmanhattan west
crypto: true
- ssid: hackmanhattan west 5Ghz
crypto: true
- ssid: -NYC Mesh Community WiFi-
vlan: 99
crypto: false
- ssid: nycmesh-3664-front
vlan: 99
cryppto: true
- ssid: nycmesh-wds
vlan: 68
crypto: true
children:
- name: mesh-east
type: ap
poe: 10.5W
wireless:
- ssid: -NYC Mesh Community WiFi-
vlan: 99
crypto: false
- ssid: nycmesh-3664-east
vlan: 99
crypto: true
- ssid: nycmesh-wds
vlan: 68
crypto: true
- name: mesh-west
type: ap
poe: 10.5W
wireless:
- ssid: -NYC Mesh Community WiFi-
vlan: 99
crypto: false
- ssid: nycmesh-3664-west
vlan: 99
crypto: true
- ssid: nycmesh-wds
vlan: 68
crypto: true
- name: mesh-uplink
type: wireless-client
poe: 7W
wireless:
- ssid: LinkNYC Private
crypto: true
type: uplink
- name: voip-elevator
type: voip-ata
- type: unused
interface: em2
- name: emergency
type: static
interface: em3
|
The content of the following article/section isn't up to date. If you have some spare time, please consult the usual suspects and help update it! |
Machine and IP Allocation Table (Old)
| IP | Hostname | Device | Maintainer | Comment (Location) |
|---|---|---|---|---|
| n/a | n/a | Alcatel I-211M-K | Operations | ONT and Modem for Verizon FiOs |
| 192.168.42.1 | rtr1.ratpark.net | TP-Link TL-WDR4300 v1 | Operations | Main router. Also does DNS, DHCP. Channel 1. Nonstandard port for external connections. Nonstandard password. (Hack Manhattan) |
| n/a | n/a | Netgear JGS516 | Operations | 16 Port Gigabit Switch |
| n/a | n/a | ? | Operations | 8 Port Switch |
| n/a | n/a | ? | Operations | 4 Port Switch |
| 192.168.42.2 | rtr2.ratpark.net | TP-Link TL-WDR4300 v1 | Operations | Channel 11. (2rd Floor Hallway) |
| 192.168.42.3 | rtr3.ratpark.net | TP-Link TL-WDR4300 v1 | Operations | Channel 6. (3rd Floor Hallway) |
| 192.168.42.4 | rtr4.ratpark.net | TP-Link TL-WDR4300 v1 | Operations | Channel 11. (Elevator Machine Room) |
| surv-frontdoor.ratpark.net | WRTnode | Guan Yang | Operates wirelessly. Can we change that? (First Floor) | |
| surv-main.ratpark.net | WRTnode | Guan Yang | Operates wirelessly. Can we change that? (Hack Manhattan) | |
| wrtnode-hmdoor.ratpark.net | WRTnode? | Guan Yang | Controls door strike. (First Floor) | |
| octopi.ratpark.net | Raspberry Pi | Allows for unattended (no computer needed) printing. Username hackmanhattan. Canonical password. (Hack Manhattan) | ||
| boiler-wired.ratpark.net | WRTnode | Guan Yang | Boiler controller and sensor. Is it still in use? (Where in the 3rd floor is the boiler?) | |
| hackmanhattan.club | ? | Guan Yang | Is it still in use? (Where is it?) | |
| wr703n.ratpark.net | TP-Link TL-WR703N | ? | We definitely do not need this. (Hack Manhattan) | |
| quinn.ratpark.net | What is this? (Where is it?) | |||
| ai-stem.ratpark.net | What is this? (Where is it?) | |||
| kiosk.ratpark.net | What is this? (Where is it?) | |||
| !?!?!? | The list goes on and on. | |||
| 192.168.43.0 | Operations | DHCP Allocation Block | ||
| 192.168.43.255 | Operations | Broadcast |
Network Diagram
Current
parent_device
|(physical port on parent_device)-(physical port on child_device)child_device
null can be used where applicable (device only has 1 port, etc.)
? can be used for incomplete data that could not be obtained due to security reasons or other.
fiosmodem
|(null)-(wan)rtr1
|(1)-(1)jgs516 # Netgear JGS516
|(7)-(null)big-box # Octopi, Big-Box, and Backup_Terminal
|(8)-(8)teg580g # Treadnet TEG-580g 8 port switch on Laptopia
|(9)-(null)gxp400 # IP Phone
|(15)-(1)rtr2
|(2)-(1)rtr3 # light pink cable that gets painted over on it's way up
|(2)-(null)wrtnode # boiler wrtnode
|(3)-(?)firstfloor # goes into box, don't want to break it open
|(4)-(null)null # long blue cable that goes to nothing
|(wan)-(5)tlsg1005d # TP-Link TL-SG1005D
|(4)-(null)ds215j # Synology DS215j
|(1)-(null)null # goes into gray cable that goes to nothing
|(16)-(1)rtr4
|(2)-(null)null # black cable, goes to front of building
|(3)-(null)gx # grandstream telephone line modem/device, need model number
|(4)-(null)null # short blue cable, goes to nothing
I'm not going to use proprietary diagramming tools or bother writing some script to graph this. Text is enough and more than sufficient for our purposes.
Expected
Fiber Modem
|-rtr1.ratpark.net
|-Netgear JGS516
|-IP Phone
|-8 Port Switch On Laptopia
|-Area with octopi, bigbox, and backup terminal?
|-rtr2.ratpark.net
|-First Floor 4 Port Switch
|-rtr3.ratpark.net
|-Stuff in the boiler room?
|-rtr4.ratpark.net?
|-Stuff in the elevator machine room?
Incidents
- 2016-05-31: The space VoIP phone was reported to have no networking. A troubleshooting monkey was dispatched, and it was found that if one plugs said phone in the inappropriate holes, it will not work. RESOLVED.
- 2016-05-23: Since our wrtnodes that run our streams operate within that band, our space stream was no longer accessible (but the front door still was?). This has been rectified by having it connect as a client to a different access point. Resolved.
- 2016-05-23: Whilst performing hotfixes to rectify the 2016-05-23 network problem, one of our volunteer monkeys disabled the wireless interfaces on our space access point, and they are currently still down. Whack the main space stream once this is fixed. UNRESOLVED.
- 2016-05-23: A building community member reported failure to obtain a DHCP lease on all over our access points' 2.4 GHz networks, which is extremely odd since they're all on the same VLAN and on the same hardware as their 5GHz radio interfaces. Regardless, volunteers attempted to look at the problem, which was magically gone by 2016-05-27. Unable to reproduce. Resolved.
