Hardware Changes, ESXi Returns, and CUCM

PhoenixNet-Labs Feb 2, 2024

When it comes to budgeting for a homelab, you have to think critically of what you spend your money on, and how you execute your plans. Spend too much on switching and wireless, and you might not have enough for infrastructure and storage. Lock yourself in to an ecosystem, and it's hard to escape.

Ubiquiti hardware is way overpriced, for example, take a USW-48-PoE and compare it to something like a Cisco 2960S-48-FPS-L, both have 48 ports, 4 SFP ports, and POE+ (at). Yet, the Ubiquiti switch is $600 used (at minimum), vs $80-100 used for the Cisco equivalent.

Sure, Ubiquiti has "cloud managed" capabilities, and a fancy GUI, but at a fundamental level, both devices can perform the same tasks.

Ubiquiti has this way of "trapping you" into their ecosystem; it's like Apple, you buy one product, and next thing you know you've got every product they make.

This is exactly why I decided to completely ditch Ubiquiti completely, and switch over to Cisco for switching, wireless, and telephony.

Switching

Keeping things simple, for my distribution switch (whole home networking) I got a 2960S-48LPD-L, 48 ports, PoE+ (AT), and 2 SFP+ ports for core switching back to the rack.

This switch does an excellent job powering my APs, phones, and whatever else I throw at it, and runs iOS 15 codebase, which met all of my goals. And, it only cost me $70 on eBay.

/r/v6ZWZq.png?compress=false — What a steal!

For the rack core switch, I went a little "above and beyond" selecting a WS-C3750X-48P-S, and opting for a C3KX-NM-10G module for 10GB network connectivity.

Amazon.com: Cisco Catalyst 3750X-48T-E - Switch - L3 - Managed - 48 X 10/100/1000 - Rack-Mountable "Product Type: Networking/Lan Hubs & Switches" : Electronics — Cisco 3750X-48P-S (Pictured Without Module)

This switch opens up the possibility for layer-3 switching later on down the road, although for now I've elected to stick with an easy to manage layer-2 network model, leveraging a router-on-a-stick inter-VLAN communication setup.

I purchased this from a mutual for $60, as he does equipment recycling and said he could hook me up.

For my 10GB Network, I had a hard time determining what to deploy, it needed to have at least 16 ports, and of course, be rack mountable.

☎️

Everything must have 10GB!

After eBay sleuthing for a couple of weeks, I came across a stupid-to-pass-up deal on an Arista 7124SX. Sure it's a datacenter switch, and it might be a bit loud, but for $100, how could I possibly say no!

/r/MESSKu.png?compress=false — Now THAT is a steal!

This switch is a bit "hungry" in terms of power, sipping 100w+ from the wall, and sounding like a jet engine at times, but boy does it "just work" and that's good enough for me to keep it.

Wireless Connectivity

This one was a bit of a headscratcher. I wasn't honestly sure what I was going to go with. At first, I was going to use Cisco wireless APs in Mobility Express mode, but I'm always itching to have fine-control over how my hardware operates. To do that, I had to opt for a Cisco vWLC, or "Virtual Wireless LAN Controller" which is a virtualized appliance.

/r/PsXAbP.png?compress=false — Cisco 9800-CL Web Management Interface

Sure there are other options, like the c2504, or the c5508, but they both run older codebases, and I like the newer stuff Cisco has to offer in terms of management panels and compatibility.

I picked some APs on eBay that were fairly priced, 2802i's and a 1810w, and got to work.

/r/Bq3aTR.png?compress=false — A Solid Ceiling-mount AP Choice

/r/FfIOcb.png?compress=false — Nice for mounting on walls, or hidden up on desks.

I elected to use the 9800CL vWLC, it's modern, supports a lot of devices, and runs on almost anything. Licensing is weird, Cisco uses an "honor system" on alot of their products, basically you don't "technically" have to license anything, but if you get audited they might fine you, or terminate your service contract.

❗

This goes without saying, please don't do this in a production environment. They won't fine/terminate a service contract with me (because I don't have one) but they can, and will with a business.

There were a few compatibility issues, apparently the 28xx series was "unsupported" and then "readded" to a later revision of 9800CL firmware, it's weird, but I guess enough companies complained and Cisco waivered.

Then, the 1810w wouldn't work, so I had to go back a few more revisions to a compatible version, but not too far back to lose 28xx support, eventually I found the sweet-spot where everything is supported and stuck with it.

/r/cvgURG.png?compress=false — Access Point List in the vWLC Web Management Interface

Finally, I ran into issues with getting packet routing to work, basically in a nutshell, there's 3 important (VLANS) "networks" (I'm going to say VLANs, since it's easier) that you have to setup.

Management VLAN (Accessing the GUI, aduh)
CAPWAP VLAN (Sending instructions, and generalized network traffic to APs)
and network traffic. (I'm grouping these together, but various access VLANs associated with SSIDs)

Cisco calls this deployment method "Central Switching" or "3rd Generation"

/r/jcbXGq.png?compress=false — Source: Cisco Canada

I found that you CANNOT tag a wireless network with VLAN 1. No matter how much I tried, or how I went about doing it, it just wouldn't work. So I had to setup a separate network for my wireless clients and configure ACLs to allow communication on my router.

After all that headache, I finally got everything working. Wireless clients connect, traffic flows, and everything is Hunky-Dorey.

Is this overkill for a home network? Oh yeah, absolutely. But was it fun? Sure, if you like torturing yourself.

In the end, the APs are cheaper than dirt at like $15-40/ea for AC/B/G/N, WAVE2 capable devices, and the controller is technically free as long as you're okay with spending a few hours troubleshooting things.

Telephony

Phones, nobody uses them at home anymore! Why bother?

I swear I heard this like 100 times from my fiancée, each and every time I switch vendors he goes on this tangent about "why do we need a house phone, they're annoying, we'll get spam calls, etc."

He's not wrong, we don't need house phone(s), but there's just something so magical about running a whole PBX in-house for giggles. Not everyone can say they operate a call-center grade setup just to make and receive like maybe 5 calls a year.

That, and A LOT of companies run their business on CUCM / some sort of PBX, and being able to say "yeah I've setup, and maintained a PBX" is pretty handy in interviews.

Moving on; In my setup, I've got a handful of VMs that operate "the stack" as I dub it:

You've obviously got CUCM for registering phones, managing end-users, etc.
CUP for managing IM and presence, mostly for Jabber.
CUC for voicemail and call-routing
and, because you want to make inbound/outbound calls, a CSR1000v.
(Virtual Cloud Services Router)

/r/5egxtK.png?compress=false — Cisco "CUCM Stack" in vCenter

This stack was the bane of my existence for a solid 2 weeks, I had to learn the fundamentals of how they all work together hand-in-hand, and how to connect them all together.

How Cisco Call Manager Works – Part 1 - PBXDom — Cisco's CUCM Stack Diagram

Another thing to note is Cisco doesn't like you running their appliances on non-approved virtualization hosts. I.e. Proxmox, XCP-NG, etc. They have a limited set of options, being mostly VMware and Citrix products (Of course). We'll circle back to this in a bit.

Solved: Installing CUCM on ESXI Linux | Experts Exchange — The infamous "hardware not supported" message.

I noticed that Cisco likes to "split things up" compared to other vendors that tend to package everything in one VM, like FreeSwitch or FreePBX. It's weird, but I can see the reasoning. You want scalability when you have a setup with thousands or hundreds of thousands of phones across the country; a single VM isn't going to cut it. You need to split the load, and when it gets overloaded you just fire up another instance of whatever you need and connect it to your stack.

Previously, I'd picked up a few 7821's from a mutual, and converted them to MPP following Cisco's guidelines and using some sketchy licenses, but they felt really "half-baked" and I didn't use them with my own PBX, instead opting for VOIP.ms's free solution.

/r/qitPBF.png?compress=false — Cisco's Firmware Migration Guide

I converted those back to UC firmware, and picked up a few more UC devices:

8845 Video Phone for my desk, replacing an 8861, as it was 3PCC native (Migration license is expensive, not worth it)

Cisco IP Phone 8845 - Cisco — It has an itty-bitty camera ontop!

7925 Wireless Handset
(These are dope, always saw them in hospitals and wanted one)

Cisco CP-7925G Unified Wireless IP Phone & battery - Simpson Advanced Chiropractic & Medical Center — These are crazy popular with nurse/doctor/warehouse setups apparently.

A Telepresence device (DX80) for experimenting with.

Cisco Webex DX80 - Cisco — I bought this one for our "DND nights" where some of our friends will dial-in to play with us. I typically fire up Discord and put them up on screen with a laptop.

I tackled provisioning those devices, grabbing firmware packs from the internet and uploading them to CUCM so that it has firmware to provide to the phones, and got everything onboarded and ready to go.

I also deployed Jabber on my mobile devices, as well as my desktop so that I could make / manage calls from anywhere, always nice to have the option.

Download Cisco Jabber — Cisco Jabber Desktop

After setting up "the stack" in an experimental configuration, I finalized things, and switched over my VOIP.ms call routing to send everything to CUCM.

Not too bad, although licensing is difficult w/CUCM. Cisco is a bit more "tighter" on the whole "no freeloaders" thing and doesn't do the honor system here. Instead, I opt for 90-day demo licenses and apply them as needed. A solid workaround, but I wish they had NFR/Lab licensing.

ESXi Returns

A while back, I picked up a 3rd VMhost from a buddy. He purchased a Hyve Zeus box after he saw I had purchased one, but ultimately decided it wasn't for him. I offered to buy it off him for a significant discount and he obliged.

I noticed that it supports ESXi 7.0, and because I love labbing everything decided to roll it on there for some specific labs.

I loaded it up with 128GB of DDR3 ECC, slapped in an Intel X520-DA2 and off she went. Super-simple setup, and runs just like my other 2 hosts!

I also opted to deploy vCenter so that if in the future, I add additional nodes w/ESXi, I can manage them centrally.

I'm still debating on migrating another host over to ESXi, I'm more accustomed to it, as my first lab ran ESXi, but alot of labbers are moving away from it as the Broadcom acquisition changed how licensing works, and took away free licensing.

Businesses aren't going to be willing to switch on a dime like that unfortunately, it costs a lot of money to migrate things over, and purchase new contracts, so it's not like it'll be useless knowledge. Most companies will still be using it!

Upcoming Projects, A Note From the Author

I've decided I'm going to probably continue gapping these posts, I don't have a lot of time these days to write these and work on projects like I used to. 4 months seems reasonable, and I can cram a lot more content into these posts that way, making them feel like a well-fleshed out article.

/r/9jDHvy.png?compress=false — Man, that is a lot of words!

At work, I've picked up quite a few new responsibilities and the "downtime" that I used to have has withered away lately. Always a new fire to put out, or new problem to solve. Typical.

I've been trying to project manage more at work, picking up migration projects, deployments, etc. Really teaches me a thing or two about laying out an idea and planning on how to enact it with our team of contractors and my boss.

There are a few more projects planned down the pipeline; WIFI-HALOW / PTP networking, I want to build a backup server for Veeam, upgrade APs, etc.

I'll get to them eventually, I've got a few trips planned this year, and that may affect budget a bit. We'll just have to wait and see.

Until next time,

Thanks for reading!