azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2c5f10faaa14799a49ee7be4cb128d757bdf7913
claudetools/clients/cascades-tucson/docs/network/vlans.md
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

82 lines
3.1 KiB
Markdown
Raw Blame History

# VLANs
## VLAN Summary
| VLAN ID | Name | Subnet | Gateway | Interface | Purpose |
|---------|----------------|------------------|---------------|-----------|----------------------------|
| Native | LAN | 192.168.0.0/22 | 192.168.0.1 | igc1 | Management / main LAN |
| 20 | INTERNAL | 10.0.20.0/24 | 10.0.20.1 | igc1.20 | Infrastructure devices |
| 999 | 999GuruTestNet | 10.0.99.0/28 | 10.0.99.1 | igc1.999 | Test/lab network |
## Room VLANs
Each room gets its own VLAN with a /28 subnet (14 usable IPs). All on igc1 trunk.
**Addressing Pattern:** `10.[floor].[room_number].0/28` with gateway at `.1`
### Floor 1 (44 rooms)
Rooms: 101-112, 115-138, 140, 142-149
Missing rooms (no VLAN): 113, 114, 139, 141
Example: Room 101 = VLAN 101, subnet 10.1.1.0/28, gateway 10.1.1.1
### Floor 2 (46 rooms)
Rooms: 201-212, 215-238, 240-249
Missing: 213, 214, 239
Example: Room 201 = VLAN 201, subnet 10.2.1.0/28, gateway 10.2.1.1
### Floor 3 (48 rooms)
Rooms: 301-312, 315-350
Missing: 313, 314
Note: Room339 may not be enabled
Example: Room 301 = VLAN 301, subnet 10.3.1.0/28, gateway 10.3.1.1
### Floor 4 (47 rooms)
Rooms: 401-412, 415-449
Missing: 413, 414
Example: Room 401 = VLAN 401, subnet 10.4.1.0/28, gateway 10.4.1.1
### Floor 5 (21 rooms)
Rooms: 501-512, 514-522
Missing: 513
Example: Room 501 = VLAN 501, subnet 10.5.1.0/28, gateway 10.5.1.1
### Floor 6 (29 rooms)
Rooms: 603-631
Missing: 601, 602
Example: Room 603 = VLAN 603, subnet 10.6.3.0/28, gateway 10.6.3.1
**Total room VLANs: ~236**
## Inter-VLAN Routing
- Performed by: pfSense (pfsense.cascades.local)
- All inter-VLAN routing handled by the firewall
## Interface Groups
| Group Name | Members | Purpose |
|-------------------|--------------------------------------|----------------------------|
| ResidentsGroup | All room interfaces (opt2-opt237) | All resident room VLANs |
| All_Networks | LAN + opt1-opt238 | Every internal interface |
| Wan_Group_Inter | wan + opt240 (WANCOAX) | Both WAN interfaces |
## Migration Plan — VLAN Changes (Phase 1.1)
### New: VLAN 50 — Guest WiFi
| VLAN ID | Name | Subnet | Gateway | Interface | Purpose |
|---------|------|--------|---------|-----------|---------|
| 50 | GUEST | 10.0.50.0/24 | 10.0.50.1 | igc1.50 | Isolated guest WiFi (internet only) |
- DHCP: 10.0.50.50 - 10.0.50.239, DNS 10.0.50.1
- Firewall: block all RFC1918, pass to internet only
- Guest SSID reassigned from Default LAN to this VLAN
- See `migration/phase1-network.md` for full setup
### Remove: VLAN 10 — CSC Internal Network
VLAN 10 "CSC Internal Network" in UniFi appears orphaned (pfSense uses VLAN 20 for INTERNAL). Verify unused and delete from UniFi.
## Notes
- Guest isolation: Each room is on its own /28, rooms cannot communicate with each other
- Floating firewall rule passes all IPv4 - rooms CAN reach the internet (to be replaced with scoped rules)
- DHCP range per room: x.x.x.2 through x.x.x.14 (13 addresses)
Reference in New Issue View Git Blame Copy Permalink