## ToDo - [=] ap integrieren - [=] ap ip anpassen - [x] server auf maintenance in ninja einstellen - [x] mount kid befestingen - [=] switch ip anpassen - [x] vlans erstellen - [=] switch vlans konfigurieren - [x] dns einstellungen anpassen - [x] client rechner an switch (welche ports brauchen untagged client net) - [x] fw regeln fuer vpn - [x] second admin vpn - [ ] star money, datev for ssl inspection exclude - [ ] services.starfinanzen.de - [ ] frontgate-eu.factsetdigitalsolutions.com - [ ] starmoney.aboalarm.de - [ ] web.starmoney.de - [ ] starfinanz.de - [ ] starmoney.de - [ ] naechste Woche mehr kure gruene kabel mitnehmen (.25m) ## Einsatz - WLAN-Intern: d5C9nhBBDGhd - fP33-y4be-M8Qk ### Switch Ports | Port | Device(s) | VLANs | Note | | ---- | -------------------- | -------------------------------- | --------------- | | 1 | Firewall | tagged: default, untagged: all | | | 2 | HP | | ws | | 4 | Mitel (phone) | untagged: 11, tagged: none | | | 13 | Mitel (phone) | untagged: 11, tagged: none | | | 19 | Mitel (phone) | untagged: 11, tagged: none | Printer | | 25 | ? | | | | 27 | Mitel (phone) | untagged: 11, tagged: none | WS-Boschmann | | 28 | Mitel (phone) and HP | untagged: 11, tagged: none | WS | | 34 | Mitel (phone) and HP | untagged: 11, tagged: none | WS-07 | | 35 | Mitel (phone) | untagged: 11, tagged: none | | | 37 | Mitel (phone) | untagged: 11, tagged: none | | | 38 | HP | | ws | | 39 | Mitel (phone) and HP | untagged: 11, tagged: none | WS | | 40 | Mitel (phone) | untagged: 11, tagged: none | | | 41 | Mitel (phone) and HP | untagged: 11, tagged: none | WS-14 | | 43 | Sophos AP | untagged: default, tagged: 30,40 | several devices | | 44 | HP | | ws | | 46 | Mitel (phone) | untagged: 11, tagged: none | | | 47 | ? | | | | 48 | Server in UG | untagged: 11, tagged: none | | ## Basis ### Network #### Interfaces - LAN (Port1): Network 192.168.11.254/24 - [x] define V11_LAN_SERVER for this network - [x] Call physical LAN interface V50_LAN_MGMT - WAN (Port2 and Port8): Two Configured - [x] Port2: PPPoE (versatel) 104.151.27.221/32 - [x] Port8: Static 192.168.178.254/24 (Fritzbox. For phone?) - WiFi (BuF_Gast): Network: 192.168.111.100 #### VLANs Currently no VLANs (except this weird wifi thing). VLANs for new Firewall: - V11_LAN_SERVER - V20_LAN_CLIENT - V30_WLAN_INTERNAL - V40_WLAN_GUEST - V50_LAN_MGMT - (V70_LAN_PHONE ??) #### DHCP - DHCP only for WLAN_Gast: 192.168.111.101 - 192.168.111.120 - DC is doing DHCP for 192.168.11.0/24 network: 192.168.11.80 - .159 #### Services - Star Money (banking) - Teamviewer - Cosoba - DATEV - Zoom - DropBox - Google Drive - OneDrive - M365 - Sharepoint #### DNS - [x] Configure DNS request route to DC for new Firewall - DC is doing DNS when acting as DHCP Server ### Authentication #### Server - Server Type: AD - Server Name: BUF-SRV-DC-01 - Server IP/Domain: 192.168.11.13 - Connection Sec: SSL/TLS - Port: 636 - NetBIOS domain: BUF - ADS user name: sophos_ldap - Password: IT-Glue - Emal address attribute: mail - Domain name: buf.local - Search Queries: dc=buf,dc=local ### Phone - not separate configuration needed. Only Set WAN to fritz correctly. Check the connectivity to phones after migration ### VPN