Commit for Todays Lesson

JOURNAL.md

@@ -10,7 +10,7 @@ Only changed values from default are listed to save on documentation work having
 
 - Router was Reset to default config
 - Set password for Default SSID broadcast on built in AP
-    - Wireless -> Wireless -> Security Profiles -> Default :
+    - Wireless -> Wireless -> Security Profiles Tab -> Default :
         - Mode : Dynamic Keys
         - Auth. Types : WPA2 PSK + WPA2 EAP
         - WPA2 Pre-Shared Key : PasswordIWontGiveYou123
@@ -26,5 +26,87 @@ Only changed values from default are listed to save on documentation work having
         - Domain : 1.m145.teleco.ch
     - IP -> Pool -> default-dhcp 
         - Addresses : 10.201.0.50-10.201.0.150
+- Added the three new VLANs
+    - Interfaces -> VLAN Tab
+    - New
+        - Comment : Virtual Hosts
+        - Name : vlan101
+        - VLAN ID : 101
+    - New
+        - Comment : Users
+        - Name : vlan102
+        - VLAN ID : 102
+    - New
+        - Comment : Guests
+        - Name : vlan103
+        - VLAN ID : 103
+    - Future repetitive tasks that use the same similar values will not be listed repeatedly
+- Assigned an address to the VLAN interfaces
+    - IP -> Addresses
+    - New
+        - Address : 10.201.1.1/24
+        - Interface : vlan101
+    - Rinse and repeat for other VLANs
+- Added IP Pools for DHCP on the VLANs
+    - IP -> Pool
+    - New
+        - Name : pool101
+        - 10.201.1.50-10.201.1.150
+    - Rinse and Repeat for all VLANs
+- Added DHCP Networks for VLANs
+    - IP -> DHCP Server -> Networks Tab
+    - New 
+        - Comment : dhcp101
+        - Address : 10.201.1.0/24
+        - Gateway : 10.201.1.1
+        - DNS Servers : 10.201.1.1
+        - Domain : 101.m145.teleco.ch
+    - Rinse and repeat
+- Added DHCP Servers to Interfaces
+    -  IP -> DHCP Server
+    - New 
+        - Name : server101
+        - Interface : vlan101
+        - Address Pool : pool101
+    - Rinse and repeat
+- Add VLANs to LAN Interface list for testing (for defconf firewall rules to work)
+    - Interfaces -> Interface List Tab
+    - New
+        - List : LAN
+        - Interface : vlan101
+    - Rinse and repeat for all VLANs
+- Set wifi name of default VLAN to teleco-admin
+    - Wireless -> Wireless -> wlan1
+        - SSID : teleco-admin
+- Create wifi networks for teleco-user and teleco-guest
+    - Wireless -> Wireless
+    - New -> Virtual
+        - SSID : teleco-user
+        - Master Interface : wlan1
+    - Repeat for guest
+- Add wifi interfaces to bridge interface
+    - Bridge
+        - wlan1
+            - Clone
+            - Interface : wlan2
+            - PVID : 102
+        - Repeat for wlan3
+- Test by connecting and seing if IP is assigned and router can be reached
+- Change Passwords for each wifi (set one for guest temporarily too as no firewall rules exist for it yet)
+    - Wireless -> Wireless -> Security Profiles Tab
+        - default
+            - Clone
+            - Name : profile102
+            - WPA2 Pre-Shared Key : PasswordIWontGiveYou124
+        - Repeat for 103
+- Assign Security Profile to Actual wifis
+    - Wireless -> Wireless
+        - wlan2
+            - Security Profile : profile102
+        - Repeat for wlan3
 
-    
+- End of Lesson
+    - Goals next lesson :
+        - Wireguard Site to Site VPN working
+        - Firewall rules to block Guest to other Nets
+        - (Optional, maybe later) Captive Portal for Guest wifi

README.md

@@ -3,10 +3,10 @@
 
 ## Übersicht
 Auf dieser README Seite ist eine Grobe Übersicht des Projektes zu Modul 145 zu finden.
-Alle weiteren relevanten Dateien, Beschreibungen, Journale werden im laufe des Modules noch beigefügt. (Journal und verwendete Ressourcen)
+Alle weiteren relevanten Dateien, Beschreibungen usw. werden im laufe des Modules noch beigefügt. (zB. Ressourcen)
 
 ## Links
-- Todo
+[Journal](JOURNAL.md)
 
 ## Projekt Beschreib
 Dieses Projekt zeigt die Planung sowie die Implementierung eines segregierten, einigermassen sicherem und überwachten Netzwerks mit MikroTik Hardware. Die Netzwerkinfrastruktur beinhaltet VLANs um Netzwerke zu trennen, mehrere WLANs für verschiedene Beispielsbenutzer, eine Wireguard VPN Verbindung zu meiner Colocation sowie einem SNMP Monitoring System zur Überwachung der des Netzwerkes.
@@ -61,7 +61,4 @@ Die Firewall Regeln werden Grob etwa wie folgt aussehen :
 | **VPN**                  | ALLOW          | ALLOW         | DENY             | DENY             | ALLOW    | ALLOW         |
 
 ## Topologie
-- Todo
-
-## Implementation
 - Todo