# Journal

## 2025-03-07
Summary :

Took testing Mikrotik Router RB2011UiAS-2HnD-IN to School with me to do basics of testing due to actual router going missing for some reason.

### Work done on MT RouterOS
Only changed values from default are listed to save on documentation work having to be done.

- Router was Reset to default config
- Set password for Default SSID broadcast on built in AP
    - Wireless -> Wireless -> Security Profiles Tab -> Default :
        - Mode : Dynamic Keys
        - Auth. Types : WPA2 PSK + WPA2 EAP
        - WPA2 Pre-Shared Key : PasswordIWontGiveYou123
- Changed IP of default net (VLANID1) to 10.201.0.1/24
    - IP -> Addresses -> 192.168.88.1/24 on bridge interface.
        - Address : 10.201.0.1/24
        - Network : 10.201.0.0
- Changed DHCP server on bridge Network to match actual network
    - IP -> DHCP server -> Networks -> 192.168.88.0/24
        - Address : 10.201.0.0/24
        - Gateway : 10.201.0.1
        - DNS Servers : 10.201.0.1 + 9.9.9.9
        - Domain : 1.m145.teleco.ch
    - IP -> Pool -> default-dhcp 
        - Addresses : 10.201.0.50-10.201.0.150
- Added the three new VLANs
    - Interfaces -> VLAN Tab
    - New
        - Comment : Virtual Hosts
        - Name : vlan101
        - VLAN ID : 101
    - New
        - Comment : Users
        - Name : vlan102
        - VLAN ID : 102
    - New
        - Comment : Guests
        - Name : vlan103
        - VLAN ID : 103
    - Future repetitive tasks that use the same similar values will not be listed repeatedly
- Assigned an address to the VLAN interfaces
    - IP -> Addresses
    - New
        - Address : 10.201.1.1/24
        - Interface : vlan101
    - Rinse and repeat for other VLANs
- Added IP Pools for DHCP on the VLANs
    - IP -> Pool
    - New
        - Name : pool101
        - 10.201.1.50-10.201.1.150
    - Rinse and Repeat for all VLANs
- Added DHCP Networks for VLANs
    - IP -> DHCP Server -> Networks Tab
    - New 
        - Comment : dhcp101
        - Address : 10.201.1.0/24
        - Gateway : 10.201.1.1
        - DNS Servers : 10.201.1.1
        - Domain : 101.m145.teleco.ch
    - Rinse and repeat
- Added DHCP Servers to Interfaces
    -  IP -> DHCP Server
    - New 
        - Name : server101
        - Interface : vlan101
        - Address Pool : pool101
    - Rinse and repeat
- Add VLANs to LAN Interface list for testing (for defconf firewall rules to work)
    - Interfaces -> Interface List Tab
    - New
        - List : LAN
        - Interface : vlan101
    - Rinse and repeat for all VLANs
- Set wifi name of default VLAN to teleco-admin
    - Wireless -> Wireless -> wlan1
        - SSID : teleco-admin
- Create wifi networks for teleco-user and teleco-guest
    - Wireless -> Wireless
    - New -> Virtual
        - SSID : teleco-user
        - Master Interface : wlan1
    - Repeat for guest
- Add wifi interfaces to bridge interface
    - Bridge
        - wlan1
            - Clone
            - Interface : wlan2
            - PVID : 102
        - Repeat for wlan3
- Test by connecting and seing if IP is assigned and router can be reached
- Change Passwords for each wifi (set one for guest temporarily too as no firewall rules exist for it yet)
    - Wireless -> Wireless -> Security Profiles Tab
        - default
            - Clone
            - Name : profile102
            - WPA2 Pre-Shared Key : PasswordIWontGiveYou124
        - Repeat for 103
- Assign Security Profile to Actual wifis
    - Wireless -> Wireless
        - wlan2
            - Security Profile : profile102
        - Repeat for wlan3

- End of Lesson
    - Goals next lesson :
        - Wireguard Site to Site VPN working
        - Firewall rules to block Guest to other Nets
        - (Optional, maybe later) Captive Portal for Guest wifi