# Step 3: Identify & Move Switch Ports (~1-2 hours, UniFi web UI + on-site) --- ## 3a — Identify which switch port each hardwired machine is on **Need to determine for each machine:** | Machine | Current IP | Target IP | Known Port? | |---------|-----------|-----------|-------------| | CRYSTAL-PC | 10.0.20.205 | 10.0.20.205 | Unknown — find in UniFi | | ACCT2-PC | 10.0.20.209 | 10.0.20.209 | Unknown — find in UniFi | | DESKTOP-H6QHRR7 | 10.0.20.235 | 10.0.20.235 | Unknown — find in UniFi | | DESKTOP-1ISF081 | Unknown | TBD | Unknown — find in UniFi | | SALES4-PC | 10.0.20.203 | 10.0.20.203 | Unknown — find in UniFi | | CHEF-PC | 10.0.20.232 | 10.0.20.232 | USW Lite 8, Port 7 (already INTERNAL) | | MDIRECTOR-PC | 192.168.3.20 | 10.0.20.x (TBD) | Unknown — find in UniFi | | DESKTOP-KQSL232 | 10.0.20.227 | 10.0.20.227 | Unknown — find in UniFi | **How to find ports:** UniFi → Clients → find each machine by hostname or MAC → check which switch/port it's connected to. Or: check each switch's port list for connected clients. --- ## 3b — Create DHCP reservations ### INTERNAL scope (pfSense → Services → DHCP Server → INTERNAL) | Machine | MAC | IP | |---------|-----|-----| | SALES4-PC | (get from UniFi/ARP) | 10.0.20.203 | | CRYSTAL-PC | (get from UniFi/ARP) | 10.0.20.205 | | ACCT2-PC | (get from UniFi/ARP) | 10.0.20.209 | | DESKTOP-KQSL232 | (get from UniFi/ARP) | 10.0.20.227 | | CHEF-PC | (get from UniFi/ARP) | 10.0.20.232 | | DESKTOP-H6QHRR7 | (get from UniFi/ARP) | 10.0.20.235 | | MDIRECTOR-PC | (get from UniFi/ARP) | 10.0.20.240 | | DESKTOP-1ISF081 | (get from UniFi/ARP) | 10.0.20.241 | ### LAN scope (pfSense → Services → DHCP Server → LAN) Create reservations for all printers (get MACs from pfSense ARP table): | Device | IP | MAC | |--------|-----|-----| | Front Desk Epson ET-5800 | 192.168.2.147 | _get from ARP_ | | Business Office Canon MF455DW | 192.168.3.227 | _get from ARP_ | | Marketing Brother MFC-L8900CDW | 192.168.2.21 | _get from ARP_ | | 206 Health Services Bizhub C368 | 192.168.1.138 | 00:20:6b:b3:4a:55 | | 206 Nurse Station Brother MFC-L8900CDW | 10.0.20.69 | Already on INTERNAL | | MemCare MedTech Brother | 192.168.2.53 | _get from ARP_ | | MemCare Director Canon MF451CDW | 192.168.3.52 | _get from ARP_ | | Kitchen printer | 192.168.0.121 | _get from ARP_ | | Epson (USW Port 8) | 192.168.2.207 | _get from ARP_ | | Canon (USW Port 45) | 192.168.2.230 | _get from ARP_ | | Printer-80A423 (Lite 8 Port 2) | 192.168.2.202 | _get from ARP_ | --- ## 3c — Change switch port VLAN assignments For each hardwired workstation port identified in 3a: 1. UniFi → Devices → select switch → Ports → select port 2. Change Native VLAN to "INTERNAL" (VLAN 20) 3. Machine will get new DHCP lease on 10.0.20.0/24 **Do one machine at a time.** Verify it can reach the server and printers after each change. If it can't, revert the port to native VLAN. --- ## 3d — Test each moved machine After each port change: - [ ] Machine gets 10.0.20.x IP - [ ] `nslookup cs-server.cascades.local` → 192.168.2.254 - [ ] `\\192.168.2.254\Shares` accessible - [ ] Can print to LAN printers - [ ] Internet works --- ## Rollback Revert the switch port to native VLAN (Default) in UniFi. Machine will get a LAN IP via DHCP and return to previous state.