JOURNAL.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119


Journal
Mostly written in English for concistency with Mikrotiks WinBox configuration software and my prefferency of keeping most Servers and Network devices set to English other than Domain Controllers ofcourse :^) 
2025-02-21
Summary : Testing with my prod networks Mikrotik Routers was done to see if my projects essentials would work out with my soon to be made portable test lab for this module.
2025-02-27
Summary : Absent but was capable of gobling together some hardware that I prefer using and make a basic repo describing my project and what will be done.
2025-03-07
Summary :
Took testing Mikrotik Router RB2011UiAS-2HnD-IN to School with me to do basics of testing due to actual router going missing for some reason.
Work done on MT RouterOS
Only changed values from default are listed to save on documentation work having to be done.

Router was Reset to default config
Set password for Default SSID broadcast on built in AP
Wireless -> Wireless -> Security Profiles Tab -> Default :
Mode : Dynamic Keys
Auth. Types : WPA2 PSK + WPA2 EAP
WPA2 Pre-Shared Key : PasswordIWontGiveYou123


Changed IP of default net (VLANID1) to 10.201.0.1/24
IP -> Addresses -> 192.168.88.1/24 on bridge interface.
Address : 10.201.0.1/24
Network : 10.201.0.0


Changed DHCP server on bridge Network to match actual network
IP -> DHCP server -> Networks -> 192.168.88.0/24
Address : 10.201.0.0/24
Gateway : 10.201.0.1
DNS Servers : 10.201.0.1 + 9.9.9.9
Domain : 1.m145.teleco.ch


IP -> Pool -> default-dhcp 
Addresses : 10.201.0.50-10.201.0.150


Added the three new VLANs
Interfaces -> VLAN Tab
New
Comment : Virtual Hosts
Name : vlan101
VLAN ID : 101


New
Comment : Users
Name : vlan102
VLAN ID : 102


New
Comment : Guests
Name : vlan103
VLAN ID : 103


Future repetitive tasks that use the same similar values will not be listed repeatedly


Assigned an address to the VLAN interfaces
IP -> Addresses
New
Address : 10.201.1.1/24
Interface : vlan101


Rinse and repeat for other VLANs


Added IP Pools for DHCP on the VLANs
IP -> Pool
New
Name : pool101
10.201.1.50-10.201.1.150


Rinse and Repeat for all VLANs


Added DHCP Networks for VLANs
IP -> DHCP Server -> Networks Tab
New 
Comment : dhcp101
Address : 10.201.1.0/24
Gateway : 10.201.1.1
DNS Servers : 10.201.1.1
Domain : 101.m145.teleco.ch


Rinse and repeat


Added DHCP Servers to Interfaces
IP -> DHCP Server
New 
Name : server101
Interface : vlan101
Address Pool : pool101


Rinse and repeat


Add VLANs to LAN Interface list for testing (for defconf firewall rules to work)
Interfaces -> Interface List Tab
New
List : LAN
Interface : vlan101


Rinse and repeat for all VLANs


Set wifi name of default VLAN to teleco-admin
Wireless -> Wireless -> wlan1
SSID : teleco-admin


Create wifi networks for teleco-user and teleco-guest
Wireless -> Wireless
New -> Virtual
SSID : teleco-user
Master Interface : wlan1


Repeat for guest


Add wifi interfaces to bridge interface
Bridge
wlan1
Clone
Interface : wlan2
PVID : 102


Repeat for wlan3


Test by connecting and seing if IP is assigned and router can be reached
Change Passwords for each wifi (set one for guest temporarily too as no firewall rules exist for it yet)
Wireless -> Wireless -> Security Profiles Tab
default
Clone
Name : profile102
WPA2 Pre-Shared Key : PasswordIWontGiveYou124


Repeat for 103


Assign Security Profile to Actual wifis

Wireless -> Wireless
wlan2
Security Profile : profile102


Repeat for wlan3


End of Lesson

Goals next lesson :
Wireguard Site to Site VPN working
Firewall rules to block Guest to other Nets
(Optional, maybe later) Captive Portal for Guest wifi