# Infrastructure Changelog

## 2026-01-25 (Update 3)

### VLAN Phase 1 Complete
- [VLAN] Added VLAN 25 (Kids) - interface, IP, DHCP server, pool, bridge entry
- [VLAN] Fixed VLAN 10 (Management) leases - correct IPs per device assignment doc
- [VLAN] Fixed VLAN 30 (IoT) leases - all 14 devices with correct IPs
- [VLAN] Added VLAN 25 (Kids) leases - 6 devices including XTRM-Ally
- [VLAN] Added VLAN 50 (Guest) leases - 7 unknown devices
- [VLAN] Added firewall rules for VLAN 25 (Kids → IoT, Legacy, DNS)
- [VLAN] Total devices configured: 44

### Device Discovery
- [NETWORK] Discovered XTRM-Ally gaming device → assigned to Kids VLAN
- [NETWORK] Discovered Dancho Windows device → assigned to Kids VLAN  
- [NETWORK] Discovered 2x lwip0 IoT devices → assigned to IoT VLAN
- [NETWORK] Discovered 3x unknown devices → assigned to Guest VLAN

### Documentation Updates
- [DOCS] Updated 03-VLAN-DEVICE-ASSIGNMENT.md - complete device inventory (44 devices)
- [DOCS] Updated 11-VLAN-IMPLEMENTATION.md - Phase 1 complete status
- [DOCS] All VLANs now documented: 10, 20, 25, 30, 35, 40, 50

### Next Steps
- CSS326 switch VLAN configuration via SwOS
- Enable VLAN filtering on MikroTik bridge
- Test connectivity

## 2026-01-25

### VLAN Implementation (Prepared)
- [VLAN] Created 6 VLANs on MikroTik bridge (10, 20, 30, 35, 40, 50)
- [VLAN] Configured IP addresses for all VLAN interfaces
- [VLAN] Created DHCP servers and pools for each VLAN
- [VLAN] Added static DHCP leases mapping MACs to VLAN IPs
- [VLAN] Configured bridge VLAN table with tagged/untagged ports
- [VLAN] Set WiFi ports PVID=20 (Trusted VLAN default)
- [VLAN] Added inter-VLAN firewall rules (active)
- [VLAN] VLAN filtering NOT YET ENABLED (pending CSS326 switch config)
- [DOCS] Added docs/11-VLAN-IMPLEMENTATION.md
- [SCRIPTS] Added scripts/mikrotik-vlan-setup.rsc
- [SCRIPTS] Added scripts/mikrotik-vlan-enable.rsc

### MikroTik Containers
- [CONTAINER] AdGuard Home container running on MikroTik
- [CONTAINER] Tailscale container configured (inactive)
- [CONTAINER] Container bridge (containers-br) with NAT

### DNS Configuration
- [DNS] AdGuard Home as primary DNS (172.17.0.2)
- [DNS] DNS redirect rules for all clients
- [DNS] DoT/DoH upstream configured in AdGuard

## Previous Changes

See git history for earlier changes.

## 2026-01-25 (Update 2)

### DNS Configuration
- [DNS] Updated both AdGuard instances to use Quad9 DoH
- [DNS] MikroTik AdGuard: upstream=https://dns.quad9.net/dns-query
- [DNS] Unraid AdGuard: upstream=https://dns.quad9.net/dns-query  
- [DNS] Bootstrap DNS: 9.9.9.9, 149.112.112.112

### Containers
- [CONTAINER] Fixed Tailscale container authentication
- [CONTAINER] Tailscale DNS changed from 8.8.8.8 to 172.17.0.1,1.1.1.1 (fallback)
- [CONTAINER] Tailscale route fixed: 100.64.0.0/10 → 172.17.0.3

### Documentation
- [DOCS] Created 02-PORT-UTILIZATION.md with ASCII port diagrams
- [DOCS] Updated 09-MIKROTIK-ADGUARD-DOT-DOH.md with Quad9 DoH config

### Network
- [NETWORK] Enabled CSS326 SFP1 port - 10G backbone link to ZX1 now active

### Documentation Fix
- [DOCS] Fixed ZX1 switch IP: 192.168.31.22 (was incorrectly documented as .7)