diff --git a/docs/03-VLAN-DEVICE-ASSIGNMENT.md b/docs/03-VLAN-DEVICE-ASSIGNMENT.md new file mode 100644 index 0000000..3423090 --- /dev/null +++ b/docs/03-VLAN-DEVICE-ASSIGNMENT.md @@ -0,0 +1,182 @@ +# VLAN Device Assignment Map + +**Last Updated:** 2026-01-25 +**Purpose:** Complete inventory of all network devices with VLAN assignments + +--- + +## VLAN Summary + +| VLAN | Name | Subnet | Gateway | Purpose | +|------|------|--------|---------|---------| +| 1 | Legacy | 192.168.31.0/24 | 192.168.31.1 | Current flat network | +| 10 | Mgmt | 192.168.10.0/24 | 192.168.10.1 | Infrastructure devices | +| 20 | Trusted | 192.168.20.0/24 | 192.168.20.1 | Family personal devices | +| 30 | IoT | 192.168.30.0/24 | 192.168.30.1 | Smart home devices | +| 35 | Cameras | 192.168.35.0/24 | 192.168.35.1 | Security cameras | +| 40 | Servers | 192.168.40.0/24 | 192.168.40.1 | Servers & printers | +| 50 | Guest | 192.168.50.0/24 | 192.168.50.1 | Guest WiFi | + +--- + +## VLAN 10 - Management (Infrastructure) + +| Current IP | Target IP | MAC Address | Device | Notes | +|------------|-----------|-------------|--------|-------| +| 192.168.31.1 | 192.168.10.1 | 78:9A:18:2C:A5:48 | HAP1 (hAP ax³) | Router - gateway for all VLANs | +| 192.168.31.2 | 192.168.10.2 | A8:B8:E0:02:B6:15 | XTRM-U (Unraid) | Main server | +| 192.168.31.4 | 192.168.10.4 | 02:42:C0:A8:1F:04 | AdGuard Home | DNS container on Unraid | +| 192.168.31.6 | 192.168.10.6 | 18:FD:74:54:3D:BC | CAP XL ac | Access point | +| 192.168.31.9 | 192.168.10.9 | F4:1E:57:C9:BD:09 | CSS326-24G-2S+ | 24-port switch | +| 192.168.31.22 | 192.168.10.22 | 1C:2A:A3:1E:78:67 | ZX1 (ZX-SWTGW218AS) | 8-port 2.5G switch | +| 192.168.31.20 | 192.168.10.20 | 48:DA:35:6F:BE:50 | NanoKVM | Remote KVM | +| 172.17.0.2 | - | 46:D0:27:F7:1F:CA | AdGuard (MikroTik) | Container on router | +| 172.17.0.3 | - | 0C:AB:39:8D:8C:FC | Tailscale (MikroTik) | VPN container | + +--- + +## VLAN 20 - Trusted (Family Devices) + +| Current IP | Target IP | MAC Address | Device | Owner | +|------------|-----------|-------------|--------|-------| +| 192.168.31.79 | 192.168.20.10 | 82:6D:FB:D9:E0:47 | MacBook Air | Nora | +| 192.168.31.98 | 192.168.20.11 | AA:ED:8B:2A:40:F1 | Samsung S25 Ultra | Kaloyan | +| 192.168.31.114 | 192.168.20.12 | F2:B8:14:61:C8:27 | iPhone | Dancho | +| 192.168.31.99 | 192.168.20.13 | 82:EC:EF:B5:F2:AF | MacBook Pro (WiFi) | Kaloyan | +| 192.168.31.108 | 192.168.20.14 | 90:91:64:70:0D:86 | Notebook | Kimi | +| 192.168.31.121 | 192.168.20.15 | 2A:2B:BA:86:D4:AF | iPhone | Kimi | +| 192.168.31.95 | 192.168.20.16 | 08:92:04:C6:07:C5 | MacBook Pro (LAN) | Kaloyan | +| 192.168.31.97 | 192.168.20.17 | 1C:83:41:32:F3:AF | Gaming PC | Kaloyan | +| 192.168.31.107 | 192.168.20.18 | A4:D1:D2:7B:52:BE | iPad | Compusbg | + +--- + +## VLAN 30 - IoT (Smart Home) + +| Current IP | Target IP | MAC Address | Device | Location | +|------------|-----------|-------------|--------|----------| +| - | 192.168.30.10 | B0:37:95:79:AF:9B | LG TV | Living Room | +| 192.168.31.134 | 192.168.30.11 | D0:E7:82:F7:65:DD | Chromecast | Living Room | +| 192.168.31.104 | 192.168.30.12 | B0:4A:39:3F:9A:14 | Roborock S7 Vacuum | - | +| 192.168.31.105 | 192.168.30.13 | 94:27:70:1E:0C:EE | Bosch Smart Oven | Kitchen | +| 192.168.31.101 | 192.168.30.14 | C8:5C:CC:52:EA:53 | Xiaomi Air Purifier | - | +| 192.168.31.117 | 192.168.30.15 | C8:D7:78:D6:DC:FC | Bosch Washer | - | +| 192.168.31.116 | 192.168.30.16 | C8:D7:78:40:65:40 | Bosch Dishwasher | Kitchen | + +--- + +## VLAN 35 - Cameras (Security) + +| Current IP | Target IP | MAC Address | Device | Location | +|------------|-----------|-------------|--------|----------| +| 192.168.31.68 | 192.168.35.10 | 48:9E:9D:0E:16:F7 | Reolink Doorbell | Front door | + +--- + +## VLAN 40 - Servers (Services) + +| Current IP | Target IP | MAC Address | Device | Purpose | +|------------|-----------|-------------|--------|---------| +| 192.168.31.19 | 192.168.40.19 | 64:4E:D7:D8:43:3E | HP LaserJet | Network printer | + +--- + +## VLAN 50 - Guest (Isolated) + +| Target IP | Notes | +|-----------|-------| +| DHCP Pool: 192.168.50.100-200 | Dynamic assignment | +| Internet only, no local access | | + +--- + +## Unknown / Unidentified Devices + +**⚠️ These devices need identification before VLAN assignment:** + +| Current IP | MAC Address | Hostname | Vendor (OUI) | Notes | +|------------|-------------|----------|--------------|-------| +| 192.168.31.109 | D0:C9:07:92:1A:8E | - | Unknown | Active | +| 192.168.31.110 | D0:C9:07:8C:C9:46 | - | Unknown | Active | +| 192.168.31.139 | 50:2C:C6:7A:55:39 | - | EMLAB | Active | +| 192.168.31.149 | D4:AD:FC:BE:13:B0 | - | Unknown | Active | +| 192.168.31.106 | 18:DE:50:5B:C8:A6 | wlan0 | Unknown | Active | +| 192.168.31.113 | 38:1F:8D:04:6F:E4 | - | Unknown | Active | +| 192.168.31.15 | AC:87:A3:77:8F:BD | - | Unknown | Static ARP | +| 192.168.31.142 | 22:4C:7F:1D:85:8E | xtrm-pc | Unknown | Dynamic | + +--- + +## MAC Address Quick Reference + +### By VLAN (for switch port assignment) + +**VLAN 10 - Mgmt:** +``` +78:9A:18:2C:A5:48 HAP1 +A8:B8:E0:02:B6:15 XTRM-U +18:FD:74:54:3D:BC CAP XL ac +F4:1E:57:C9:BD:09 CSS326 +1C:2A:A3:1E:78:67 ZX1 +48:DA:35:6F:BE:50 NanoKVM +``` + +**VLAN 20 - Trusted:** +``` +82:6D:FB:D9:E0:47 Nora MacBook +AA:ED:8B:2A:40:F1 Kaloyan S25 +F2:B8:14:61:C8:27 Dancho iPhone +82:EC:EF:B5:F2:AF Kaloyan MacBook WiFi +90:91:64:70:0D:86 Kimi Notebook +2A:2B:BA:86:D4:AF Kimi iPhone +08:92:04:C6:07:C5 Kaloyan MacBook LAN +1C:83:41:32:F3:AF Kaloyan Game PC +A4:D1:D2:7B:52:BE Compusbg iPad +``` + +**VLAN 30 - IoT:** +``` +B0:37:95:79:AF:9B LG TV +D0:E7:82:F7:65:DD Chromecast +B0:4A:39:3F:9A:14 Roborock Vacuum +94:27:70:1E:0C:EE Bosch Oven +C8:5C:CC:52:EA:53 Xiaomi Air Purifier +C8:D7:78:D6:DC:FC Bosch Washer +C8:D7:78:40:65:40 Bosch Dishwasher +``` + +**VLAN 35 - Cameras:** +``` +48:9E:9D:0E:16:F7 Reolink Doorbell +``` + +**VLAN 40 - Servers:** +``` +64:4E:D7:D8:43:3E HP LaserJet +``` + +--- + +## Device Count Summary + +| VLAN | Device Count | +|------|--------------| +| 10 - Mgmt | 9 | +| 20 - Trusted | 9 | +| 30 - IoT | 7 | +| 35 - Cameras | 1 | +| 40 - Servers | 1 | +| Unknown | 8 | +| **Total** | **35** | + +--- + +## Next Steps + +1. **Identify unknown devices** (MAC lookup, physical trace) +2. **Decide WiFi strategy:** + - Option A: Single SSID, MAC-based VLAN (complex) + - Option B: Multiple SSIDs (XTRM-Trusted, XTRM-IoT, XTRM-Guest) +3. **Configure switch port VLANs** for wired devices +4. **Test VLAN routing** before full activation +5. **Update firewall rules** for inter-VLAN traffic