path: root/JOURNAL.md

   
Go Back
Journal
Mostly written in English for concistency due to my prefference of keeping most Servers and Network devices set to English ...
other than Domain Controllers ofcourse :^) 
2025-02-21
Summary : Testing with my prod networks Mikrotik Routers was done to see if my projects essentials would work out with my soon to be made portable test lab for this module.
2025-02-27
Summary : Absent but was capable of gobling together some hardware that I prefer using and make a basic repo describing my project and what will be done.
2025-03-07
Summary :
Took testing Mikrotik Router RB2011UiAS-2HnD-IN to School with me to do basics of testing due to actual router going missing for some reason.
Work done on MT RouterOS on testing board RB2011
Only changed values from default are listed to save on documentation work having to be done.

Router was Reset to default config
Set password for Default SSID broadcast on built in AP

Wireless -> Wireless -> Security Profiles Tab -> Default :

Mode : Dynamic Keys
Auth. Types : WPA2 PSK + WPA2 EAP
WPA2 Pre-Shared Key : PasswordIWontGiveYou123




Changed IP of default net (VLANID1) to 10.201.0.1/24

IP -> Addresses -> 192.168.88.1/24 on bridge interface.

Address : 10.201.0.1/24
Network : 10.201.0.0




Changed DHCP server on bridge Network to match actual network

IP -> DHCP server -> Networks -> 192.168.88.0/24

Address : 10.201.0.0/24
Gateway : 10.201.0.1
DNS Servers : 10.201.0.1 + 9.9.9.9
Domain : 1.m145.teleco.ch


IP -> Pool -> default-dhcp 

Addresses : 10.201.0.50-10.201.0.150




Added the three new VLANs

Interfaces -> VLAN Tab
New

Comment : Virtual Hosts
Name : vlan101
VLAN ID : 101


New

Comment : Users
Name : vlan102
VLAN ID : 102


New

Comment : Guests
Name : vlan103
VLAN ID : 103


Future repetitive tasks that use the same similar values will not be listed repeatedly


Assigned an address to the VLAN interfaces

IP -> Addresses
New

Address : 10.201.1.1/24
Interface : vlan101


Rinse and repeat for other VLANs


Added IP Pools for DHCP on the VLANs

IP -> Pool
New

Name : pool101
10.201.1.50-10.201.1.150


Rinse and Repeat for all VLANs


Added DHCP Networks for VLANs

IP -> DHCP Server -> Networks Tab
New 

Comment : dhcp101
Address : 10.201.1.0/24
Gateway : 10.201.1.1
DNS Servers : 10.201.1.1
Domain : 101.m145.teleco.ch


Rinse and repeat


Added DHCP Servers to Interfaces

IP -> DHCP Server
New 

Name : server101
Interface : vlan101
Address Pool : pool101


Rinse and repeat


Add VLANs to LAN Interface list for testing (for defconf firewall rules to work)

Interfaces -> Interface List Tab
New

List : LAN
Interface : vlan101


Rinse and repeat for all VLANs


Set wifi name of default VLAN to teleco-admin

Wireless -> Wireless -> wlan1

SSID : teleco-admin




Create wifi networks for teleco-user and teleco-guest

Wireless -> Wireless
New -> Virtual

SSID : teleco-user
Master Interface : wlan1


Repeat for guest


Add wifi interfaces to bridge interface

Bridge

wlan1

Clone
Interface : wlan2
PVID : 102


Repeat for wlan3




Test by connecting and seing if IP is assigned and router can be reached
Change Passwords for each wifi (set one for guest temporarily too as no firewall rules exist for it yet)

Wireless -> Wireless -> Security Profiles Tab

default

Clone
Name : profile102
WPA2 Pre-Shared Key : PasswordIWontGiveYou124


Repeat for 103





Assign Security Profile to Actual wifis

Wireless -> Wireless

wlan2

Security Profile : profile102


Repeat for wlan3





End of Lesson

Goals next lesson :

Wireguard Site to Site VPN working
Firewall rules to block Guest to other Nets
(Optional, maybe later) Captive Portal for Guest wifi





2025-03-08 to 2025-03-09
Summary : 
Work was done outside of school but was interupted by a taking wrong routerboard with me from home and water pipe bursting and flooding the basement of my grandpas workshop lol.
Due to some mistakes with my original planing new MikroTik Hardware was ordered with next day shipping.
README was changed to reflect hardware changes.
Work done on MT RouterOS on RB2011 board
Summary :
Ethernet ports 6-10 were removed from bridge.
Wifi Configs deleted (new router doesnt have one built in)
Exported to backup file.
Work done on MT RouterOS on mAP lite
Summary :
Connected to its default SSID that it Broadcasts (sometimes takes a few tries on MacOS machines)
Updates were installed from RouterOS 6.43 to 7.18.1.
Set a Password for admin user
Detailed work :
    - System -> Reset Configuration
        - Keep users : X
        - CAPS Mode : X
Work done on MT RouterOS on hEX S board.
Summary :
Connection to the board was established.
Config was reset to defconf.
Updates were installed from RouterOS 6.43 to 7.18.1.
Config from RB2011 was imported.
Detailed work :

Enabling CAPsMAN (something like a CloudKey but for Mikrotik APs built into MT Routers) and forbidding it broadcasting onto the WAN link.

Wireless -> CAPsMAN -> Manager

Enabled : X


Interfaces
new

Interface : ether1
Forbid : X




Making a default config

Wireless -> CAPsMAN
New

Name : default-config
Mode : ap
SSID : teleco-admin
Country : Switzerland
Auth. Type : WPA2 PSK
Passprhase : PasswordYouWontGet123




Making profisioning profile for APs

Wireless -> CAPsMAN
New

Action : create dynamic enabled
Master Configuration : default-config




Add new dynamic cap1 interface to bridge
(Same as above shown in first wifi configs on 2025-03-07)
Make the other VLANs show up through their respective wifi

Wireless -> CAPsMAN -> Datapaths
New

Bridge : bridge
VLAN mode : no tag for admin, use tag for others
VLAN ID : none for admin, respective ID for others
Interface List : LAN for all


Wireless -> CAPsMAN -> Configurations
default-config
clone

Change SSID and Password


rinse and repeat for guest
Provisioning Tab
default-config

slave configurations : user-config, guest-config





unformatted gabble gooble that will be properly formated later i am too tiered :
sign into the ap and reboot it
enabled save channel selection to save time when ap reboots
aksi ebavke bridge management of vlans setting thingy 
if the ssids dont show immediatly thats okay btw, the mAP lite is a tiny device and it does frequency scanning for all ssids which takes quiete a while. had to wait like 5-10 minutes until all were there consistently
test if it works and stuff