🧠 Full Stack Network Lab

A simulated enterprise network built on Proxmox, integrating routing, security, identity, wireless, and monitoring into a single cohesive architecture.

---

📌 Overview

This project demonstrates a real-world enterprise network design, combining:

• 🛣️ Advanced routing (Multi-area OSPF)
• 🔁 High availability (VRRP)
• 🧩 VLAN segmentation
• 🔥 Firewall & gateway (OPNsense)
• 🔐 Identity & AAA (Cisco ISE)
• 📡 Wireless infrastructure (Cisco WLC + AP)
• 🪟 Directory services (Active Directory, DNS, NTP)
• 📊 Monitoring (Zabbix)

---

🏗️ Topology Architecture

---

☁️ Virtualization Layer (Proxmox)

All core services are deployed inside Proxmox, simulating a private cloud environment.

Service	VLAN	Subnet
🔐 Cisco ISE	VLAN 10	10.100.10.0/24
📡 Cisco WLC	VLAN 20	10.100.20.0/24
🪟 AD / DNS / NTP	VLAN 30	10.100.30.0/24
📊 Zabbix	VLAN 40	10.100.40.0/24

---

🔥 Core Network (OPNsense)

OPNsense acts as the central security and routing point:

• 🔥 Firewall (NAT & policy control)
• 🌐 Inter-VLAN routing
• 🌍 Internet gateway

Key Configuration

• Loopback: 12.12.12.12
• Uplink:
  • 🛣️ VLAN 100 (Transit)
  • 🔗 Trunk VLAN 10–40 (Services)

---

🌐 Internet Connectivity

• WAN Network: 10.255.255.0/30
• Default Gateway:
  • 🌍 Internet: 10.255.255.1
• Internal routing via Layer 2 core switch

---

🧩 Core & Distribution Layer

🛡️ R1-A & R1-B (ASR1001-X)

🔁 High Availability (VRRP)

• Virtual IP: 192.168.100.254
• R1-A: 192.168.100.1 (Active)
• R1-B: 192.168.100.2 (Standby)

🧠 Loopbacks

• R1-A → 1.1.1.1
• R1-B → 11.11.11.11

🔗 Connectivity

• Connected to Layer 2 core via VLAN 100

---

🛰️ Branch Architecture

Each branch router is dual-homed to the core for redundancy.

---

🛰️ R2 (Branch Site 2)

• Loopback: 2.2.2.2
• Networks:
  • 🛠️ MGMT → 10.2.2.0/24
  • 💻 WIRED → 172.20.2.0/24
  • 📶 WIRELESS → 172.19.2.0/24

---

🛰️ R3 (Branch Site 3)

• Loopback: 3.3.3.3
• Networks:
  • 🛠️ MGMT → 10.3.3.0/24
  • 💻 WIRED → 172.20.3.0/24

---

🛰️ R4 (Branch Site 4)

• Loopback: 4.4.4.4
• Networks:
  • 🛠️ MGMT → 10.4.4.0/24
  • 💻 WIRED → 172.20.4.0/24
  • 📶 WIRELESS → 172.19.4.0/24

---

🧭 Routing Design (OSPF)

Area	Purpose
🌐 Area 0	Core Transit
🛰️ Area 2	Branch R2
🛰️ Area 3	Branch R3
🛰️ Area 4	Branch R4

🔁 Design Features

• Stub areas for scalability
• Reduced routing table size
• Faster convergence

---

🔌 VLAN Design

VLAN	Purpose
🔐 10	Cisco ISE
📡 20	WLC
🪟 30	AD / DNS / NTP
📊 40	Zabbix
🛣️ 100	Core Transit
🌐 999	Internet

---

🔐 Security & Identity Flow

User → WiFi → AP → WLC → Cisco ISE → Active Directory → VLAN Assignment → Internet

🔑 Authentication Types

• 📶 Wireless → 802.1X (RADIUS via ISE)
• 🖥️ Device Admin → TACACS+
• 👤 Identity Source → Active Directory

---

📊 Monitoring & Visibility

• 📡 SNMP → Zabbix
• 📈 Device health & performance monitoring
• ⏱️ NTP ensures log consistency

---

🛠️ Technologies Used

• 🛣️ Routing: OSPF (Multi-area)
• 🔁 Redundancy: VRRP
• 🔥 Firewall: OPNsense
• 🔐 AAA: Cisco ISE (RADIUS + TACACS+)
• 📡 Wireless: Cisco WLC
• 🪟 Directory: Active Directory (DNS + NTP)
• 📊 Monitoring: Zabbix
• ☁️ Virtualization: Proxmox

---

📚 Documentation

1. 🔐 Base Configuration
2. 🏗️ Infrastructure Setup
3. 🖥️ Proxmox Setup
4. 🔥 OPNsense Setup
5. 🪟 Windows AD Setup
6. 🔐 Cisco ISE Setup
7. 📡 Cisco WLC Setup
8. 📊 Zabbix Setup

---

🎯 Learning Objectives

This lab demonstrates:

• 🧠 Enterprise network architecture design
• 🔁 High availability implementation (VRRP)
• 🧭 Scalable routing (OSPF multi-area)
• 🧩 Network segmentation (VLANs)
• 🔐 Identity-based access control (ISE + AD)
• 📡 Secure wireless deployment (802.1X + WPA3)
• 📊 Monitoring & observability