infrastructure/docs/03-VLAN-DEVICE-ASSIGNMENT.md

VLAN Device Assignment Map

Last Updated: 2026-01-25
Purpose: Complete inventory of all network devices with VLAN assignments

---

VLAN Summary

VLAN	Name	Subnet	Gateway	Purpose	Comment
1	Legacy	192.168.31.0/24	192.168.31.1	Current flat network	To be deprecated
10	Mgmt	192.168.10.0/24	192.168.10.1	Infrastructure devices	Admin access only
20	Trusted	192.168.20.0/24	192.168.20.1	Family personal devices	Full network access
30	IoT	192.168.30.0/24	192.168.30.1	Smart home devices	Internet + limited local
35	Cameras	192.168.35.0/24	192.168.35.1	Security cameras	Isolated, NVR access only
40	Servers	192.168.40.0/24	192.168.40.1	Servers & printers	Service hosts
50	Guest	192.168.50.0/24	192.168.50.1	Guest WiFi	Internet only

---

VLAN 10 - Management (Infrastructure)

Current IP	Target IP	MAC Address	Device	Notes	Comment
192.168.31.1	192.168.10.1	78:9A:18:2C:A5:48	HAP1 (hAP ax³)	Router	Gateway for all VLANs
192.168.31.2	192.168.10.2	A8:B8:E0:02:B6:15	XTRM-U (Unraid)	Main server	Docker host, NAS
192.168.31.4	192.168.10.4	02:42:C0:A8:1F:04	AdGuard Home	DNS (Unraid)	Secondary DNS
192.168.31.6	192.168.10.6	18:FD:74:54:3D:BC	CAP XL ac	Access point	CAPsMAN managed
192.168.31.9	192.168.10.9	F4:1E:57:C9:BD:09	CSS326-24G-2S+	24-port switch	Room distribution
192.168.31.22	192.168.10.22	1C:2A:A3:1E:78:67	ZX1 (ZX-SWTGW218AS)	8-port 2.5G switch	Server rack
192.168.31.20	192.168.10.20	48:DA:35:6F:BE:50	NanoKVM	Remote KVM	IPMI alternative
172.17.0.2	-	46:D0:27:F7:1F:CA	AdGuard (MikroTik)	DNS (Router)	Primary DNS, DoH/DoT
172.17.0.3	-	0C:AB:39:8D:8C:FC	Tailscale (MikroTik)	VPN container	Remote access

---

VLAN 20 - Trusted (Family Devices)

Current IP	Target IP	MAC Address	Device	Owner	Comment
192.168.31.79	192.168.20.10	82:6D:FB:D9:E0:47	MacBook Air	Nora	Primary laptop
192.168.31.98	192.168.20.11	AA:ED:8B:2A:40:F1	Samsung S25 Ultra	Kaloyan	Primary phone
192.168.31.114	192.168.20.12	F2:B8:14:61:C8:27	iPhone	Dancho
192.168.31.99	192.168.20.13	82:EC:EF:B5:F2:AF	MacBook Pro (WiFi)	Kaloyan	Work laptop wireless
192.168.31.108	192.168.20.14	90:91:64:70:0D:86	Notebook	Kimi
192.168.31.121	192.168.20.15	2A:2B:BA:86:D4:AF	iPhone	Kimi
192.168.31.95	192.168.20.16	08:92:04:C6:07:C5	MacBook Pro (LAN)	Kaloyan	Via Dell KVM dock
192.168.31.97	192.168.20.17	1C:83:41:32:F3:AF	Gaming PC	Kaloyan	Main bedroom
192.168.31.107	192.168.20.18	A4:D1:D2:7B:52:BE	iPad	Compusbg	Work tablet

---

VLAN 30 - IoT (Smart Home)

Current IP	Target IP	MAC Address	Device	Location	Comment
-	192.168.30.10	B0:37:95:79:AF:9B	LG TV	Living Room	Not seen recently
192.168.31.134	192.168.30.11	D0:E7:82:F7:65:DD	Chromecast	Living Room	Streaming
192.168.31.104	192.168.30.12	B0:4A:39:3F:9A:14	Roborock S7 Vacuum	-	Needs cloud access
192.168.31.105	192.168.30.13	94:27:70:1E:0C:EE	Bosch Smart Oven	Kitchen	Home Connect app
192.168.31.101	192.168.30.14	C8:5C:CC:52:EA:53	Xiaomi Air Purifier	-	Mi Home app
192.168.31.117	192.168.30.15	C8:D7:78:D6:DC:FC	Bosch Washer	-	Home Connect app
192.168.31.116	192.168.30.16	C8:D7:78:40:65:40	Bosch Dishwasher	Kitchen	Home Connect app

---

VLAN 35 - Cameras (Security)

Current IP	Target IP	MAC Address	Device	Location	Comment
192.168.31.68	192.168.35.10	48:9E:9D:0E:16:F7	Reolink Doorbell	Front door	PoE powered

---

VLAN 40 - Servers (Services)

Current IP	Target IP	MAC Address	Device	Purpose	Comment
192.168.31.19	192.168.40.19	64:4E:D7:D8:43:3E	HP LaserJet	Network printer	Wired connection

---

VLAN 50 - Guest (Isolated)

Target IP	Purpose	Comment
DHCP Pool: 192.168.50.100-200	Dynamic assignment	No static leases
-	Internet only	No local network access

---

Unknown / Unidentified Devices

⚠️ These devices need identification before VLAN assignment:

Current IP	MAC Address	Hostname	Vendor (OUI)	Status	Comment
192.168.31.109	D0:C9:07:92:1A:8E	-	Unknown	Active	Investigate
192.168.31.110	D0:C9:07:8C:C9:46	-	Unknown	Active	Same vendor as .109
192.168.31.139	50:2C:C6:7A:55:39	-	EMLAB	Active	Lab equipment?
192.168.31.149	D4:AD:FC:BE:13:B0	-	Unknown	Active
192.168.31.106	18:DE:50:5B:C8:A6	wlan0	Unknown	Active	Generic hostname
192.168.31.113	38:1F:8D:04:6F:E4	-	Unknown	Active
192.168.31.15	AC:87:A3:77:8F:BD	-	Unknown	Static ARP	Persistent entry
192.168.31.142	22:4C:7F:1D:85:8E	xtrm-pc	Unknown	Dynamic	Randomized MAC?

---

MAC Address Quick Reference

By VLAN (for switch port assignment)

VLAN 10 - Mgmt:

78:9A:18:2C:A5:48  HAP1
A8:B8:E0:02:B6:15  XTRM-U
18:FD:74:54:3D:BC  CAP XL ac
F4:1E:57:C9:BD:09  CSS326
1C:2A:A3:1E:78:67  ZX1
48:DA:35:6F:BE:50  NanoKVM

VLAN 20 - Trusted:

82:6D:FB:D9:E0:47  Nora MacBook
AA:ED:8B:2A:40:F1  Kaloyan S25
F2:B8:14:61:C8:27  Dancho iPhone
82:EC:EF:B5:F2:AF  Kaloyan MacBook WiFi
90:91:64:70:0D:86  Kimi Notebook
2A:2B:BA:86:D4:AF  Kimi iPhone
08:92:04:C6:07:C5  Kaloyan MacBook LAN
1C:83:41:32:F3:AF  Kaloyan Game PC
A4:D1:D2:7B:52:BE  Compusbg iPad

VLAN 30 - IoT:

B0:37:95:79:AF:9B  LG TV
D0:E7:82:F7:65:DD  Chromecast
B0:4A:39:3F:9A:14  Roborock Vacuum
94:27:70:1E:0C:EE  Bosch Oven
C8:5C:CC:52:EA:53  Xiaomi Air Purifier
C8:D7:78:D6:DC:FC  Bosch Washer
C8:D7:78:40:65:40  Bosch Dishwasher

VLAN 35 - Cameras:

48:9E:9D:0E:16:F7  Reolink Doorbell

VLAN 40 - Servers:

64:4E:D7:D8:43:3E  HP LaserJet

---

Device Count Summary

VLAN	Device Count	Comment
10 - Mgmt	9	Infrastructure only
20 - Trusted	9	Family members
30 - IoT	7	Smart home
35 - Cameras	1	Security
40 - Servers	1	Services
Unknown	8	Need identification
Total	35

---

Next Steps

Step	Action	Comment
1	Identify unknown devices	MAC lookup, physical trace
2	Decide WiFi strategy	Single SSID vs Multiple SSIDs
3	Configure switch ports	VLAN tagging on CSS326
4	Test VLAN routing	Before full activation
5	Update firewall rules	Inter-VLAN traffic control