aboutsummaryrefslogtreecommitdiff
path: root/JOURNAL.md
blob: 86535569fda83cf761554eaee8d2b3847048dfe0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

   

Journal

Mostly written in English for concistency with Mikrotiks WinBox configuration software and my prefferency of keeping most Servers and Network devices set to English other than Domain Controllers ofcourse :^)

2025-02-21

Summary : Testing with my prod networks Mikrotik Routers was done to see if my projects essentials would work out with my soon to be made portable test lab for this module.

2025-02-27

Summary : Absent but was capable of gobling together some hardware that I prefer using and make a basic repo describing my project and what will be done.

2025-03-07

Summary :

Took testing Mikrotik Router RB2011UiAS-2HnD-IN to School with me to do basics of testing due to actual router going missing for some reason.

Work done on MT RouterOS

Only changed values from default are listed to save on documentation work having to be done.

  • Router was Reset to default config
  • Set password for Default SSID broadcast on built in AP
    • Wireless -> Wireless -> Security Profiles Tab -> Default :
      • Mode : Dynamic Keys
      • Auth. Types : WPA2 PSK + WPA2 EAP
      • WPA2 Pre-Shared Key : PasswordIWontGiveYou123
  • Changed IP of default net (VLANID1) to 10.201.0.1/24
    • IP -> Addresses -> 192.168.88.1/24 on bridge interface.
      • Address : 10.201.0.1/24
      • Network : 10.201.0.0
  • Changed DHCP server on bridge Network to match actual network
    • IP -> DHCP server -> Networks -> 192.168.88.0/24
      • Address : 10.201.0.0/24
      • Gateway : 10.201.0.1
      • DNS Servers : 10.201.0.1 + 9.9.9.9
      • Domain : 1.m145.teleco.ch
    • IP -> Pool -> default-dhcp
      • Addresses : 10.201.0.50-10.201.0.150
  • Added the three new VLANs
    • Interfaces -> VLAN Tab
    • New
      • Comment : Virtual Hosts
      • Name : vlan101
      • VLAN ID : 101
    • New
      • Comment : Users
      • Name : vlan102
      • VLAN ID : 102
    • New
      • Comment : Guests
      • Name : vlan103
      • VLAN ID : 103
    • Future repetitive tasks that use the same similar values will not be listed repeatedly
  • Assigned an address to the VLAN interfaces
    • IP -> Addresses
    • New
      • Address : 10.201.1.1/24
      • Interface : vlan101
    • Rinse and repeat for other VLANs
  • Added IP Pools for DHCP on the VLANs
    • IP -> Pool
    • New
      • Name : pool101
      • 10.201.1.50-10.201.1.150
    • Rinse and Repeat for all VLANs
  • Added DHCP Networks for VLANs
    • IP -> DHCP Server -> Networks Tab
    • New
      • Comment : dhcp101
      • Address : 10.201.1.0/24
      • Gateway : 10.201.1.1
      • DNS Servers : 10.201.1.1
      • Domain : 101.m145.teleco.ch
    • Rinse and repeat
  • Added DHCP Servers to Interfaces
    • IP -> DHCP Server
    • New
      • Name : server101
      • Interface : vlan101
      • Address Pool : pool101
    • Rinse and repeat
  • Add VLANs to LAN Interface list for testing (for defconf firewall rules to work)
    • Interfaces -> Interface List Tab
    • New
      • List : LAN
      • Interface : vlan101
    • Rinse and repeat for all VLANs
  • Set wifi name of default VLAN to teleco-admin
    • Wireless -> Wireless -> wlan1
      • SSID : teleco-admin
  • Create wifi networks for teleco-user and teleco-guest
    • Wireless -> Wireless
    • New -> Virtual
      • SSID : teleco-user
      • Master Interface : wlan1
    • Repeat for guest
  • Add wifi interfaces to bridge interface
    • Bridge
      • wlan1
        • Clone
        • Interface : wlan2
        • PVID : 102
      • Repeat for wlan3
  • Test by connecting and seing if IP is assigned and router can be reached
  • Change Passwords for each wifi (set one for guest temporarily too as no firewall rules exist for it yet)
    • Wireless -> Wireless -> Security Profiles Tab
      • default
        • Clone
        • Name : profile102
        • WPA2 Pre-Shared Key : PasswordIWontGiveYou124
      • Repeat for 103
  • Assign Security Profile to Actual wifis

    • Wireless -> Wireless
      • wlan2
        • Security Profile : profile102
      • Repeat for wlan3
  • End of Lesson

    • Goals next lesson :
      • Wireguard Site to Site VPN working
      • Firewall rules to block Guest to other Nets
      • (Optional, maybe later) Captive Portal for Guest wifi