On the premises many possible connections need to be supported. When a new building is constructed, the network is planned with the building. The network should be planned extendable so new requirements can be installed without drilling new holes. The network should be separated into different tiers that support each other and avoid high install costs.


For connecting with the outside world one or more uplinks are required. They have to be managed by the gateway server. The network that transports the uplink packets should be physically separated from the network that transports internal data.

The wired network is done using ethernet cables that have to be 'hidden' in the walls and need to be accessible on sockets. The usual configuration is that two plugs are in one sockets are available on one wall exit. Each room should have at least one socket and large rooms need more than one socket. Rooms that are planned to have more devices (eg Hackcenter) will even need more sockets. This avoids that the ethernet cables will span through the room. The ethernet wires have the sockets on one side in the room and need to be connected to a patchpanel in a central location. The patchpanel is a passive hardware that allows connecting a switch with short patch-cables. The investment for a reliable network infrastructure therefore is multiple sockets (cat5e or better shielded) and a lot of ethernet wire (cat5e at least, get cat7 if possible). The wires have to be organized as 'star' from the patchpanel. More about this is researchable with keywords from the Structured Cabling wikipedia article.

The wireless network is supported by the wired infrastructure. For starters the router will expose the local network with a common ssid with wpa2 encryption. We choose the ssid 'echo' with the passphrase 'hotel foxtrot' so all echo hacker farms share this. When a larger building is used, multiple access points are required to make a convenient experience. The access points need a very basic configuration that boils down to the following points.

  • DHCP Client (have a IP in the local network)
  • Secure Password (to manage them if required)
  • WIFI configured to be bridged on the LAN
  • WIFI configured to ssid 'echo' and passphrase 'hotel foxtrot'
  • WIFI choose channels so the admin can identify the visible devices (optional)

More advanced is to open the network and use a radius server. The wired network should be planned with the WIFI requirements because a ethernet cable should connect the AP and the router.

To avoid that too much ethernet cables are installed, a backbone should be planned that connects the 'long' ways with a central patch panel and switch and the 'hotspots' that have a dedicated switch and a patch panel to sockets nearby. When multiple buildings are involved this is also preferred. The backbone can be done with fiber and should be done with cat7, so 10G ethernet is possible.

Computers that serve the local network and the public internet should be located in a network that is separated from the clients/WIFI. This allows fine grained access control and management of the services. This requires that a dedicated location for always-on hardware is decided with the cable plan. Think about the noise and heat that the machines may produce.

For experiments and potentially dangerous tasks the hackcenter should have a separated network. The devices in the hackcenter are started at some point and need to be accessible from the outside world and the connection in the hackcenter has higher requirements in speed. When the hackcenter is integrated in the building think about setting up a dedicated WIFI or apply the 'potentially' dangerous rules to all access points. The room(s) of the hackcenter needs the most sockets and should be connected to the backbone with a dedicated switch.


LAN plan

WIFI plan

Hackcenter plan

  • kuckucksmuehle/hackerspace/network.txt
  • Last modified: 2017/02/23 21:46
  • by hairyfotr