3.9 KiB
3.9 KiB
ToDo
-
[=] ap integrieren
-
[=] ap ip anpassen
-
server auf maintenance in ninja einstellen
-
mount kid befestingen
-
[=] switch ip anpassen
- vlans erstellen
- [=] switch vlans konfigurieren
-
dns einstellungen anpassen
-
client rechner an switch (welche ports brauchen untagged client net)
-
fw regeln fuer vpn
-
second admin vpn
-
star money, datev for ssl inspection exclude
- services.starfinanzen.de
- frontgate-eu.factsetdigitalsolutions.com
- starmoney.aboalarm.de
- web.starmoney.de
- starfinanz.de
- starmoney.de
-
naechste Woche mehr kure gruene kabel mitnehmen (.25m)
Einsatz
- WLAN-Intern: d5C9nhBBDGhd
- fP33-y4be-M8Qk
Switch Ports
| Port | Device(s) | VLANs | Note |
|---|---|---|---|
| 1 | Firewall | tagged: default, untagged: all | |
| 2 | HP | ws | |
| 4 | Mitel (phone) | untagged: 11, tagged: none | |
| 13 | Mitel (phone) | untagged: 11, tagged: none | |
| 19 | Mitel (phone) | untagged: 11, tagged: none | Printer |
| 25 | ? | ||
| 27 | Mitel (phone) | untagged: 11, tagged: none | WS-Boschmann |
| 28 | Mitel (phone) and HP | untagged: 11, tagged: none | WS |
| 34 | Mitel (phone) and HP | untagged: 11, tagged: none | WS-07 |
| 35 | Mitel (phone) | untagged: 11, tagged: none | |
| 37 | Mitel (phone) | untagged: 11, tagged: none | |
| 38 | HP | ws | |
| 39 | Mitel (phone) and HP | untagged: 11, tagged: none | WS |
| 40 | Mitel (phone) | untagged: 11, tagged: none | |
| 41 | Mitel (phone) and HP | untagged: 11, tagged: none | WS-14 |
| 43 | Sophos AP | untagged: default, tagged: 30,40 | several devices |
| 44 | HP | ws | |
| 46 | Mitel (phone) | untagged: 11, tagged: none | |
| 47 | ? | ||
| 48 | Server in UG | untagged: 11, tagged: none |
Basis
Network
Interfaces
- LAN (Port1): Network 192.168.11.254/24
- define V11_LAN_SERVER for this network
- Call physical LAN interface V50_LAN_MGMT
- WAN (Port2 and Port8): Two Configured
- Port2: PPPoE (versatel) 104.151.27.221/32
- Port8: Static 192.168.178.254/24 (Fritzbox. For phone?)
- WiFi (BuF_Gast): Network: 192.168.111.100
VLANs
Currently no VLANs (except this weird wifi thing).
VLANs for new Firewall:
- V11_LAN_SERVER
- V20_LAN_CLIENT
- V30_WLAN_INTERNAL
- V40_WLAN_GUEST
- V50_LAN_MGMT
- (V70_LAN_PHONE ??)
DHCP
- DHCP only for WLAN_Gast: 192.168.111.101 - 192.168.111.120
- DC is doing DHCP for 192.168.11.0/24 network: 192.168.11.80 - .159
Services
- Star Money (banking)
- Teamviewer
- Cosoba
- DATEV
- Zoom
- DropBox
- Google Drive
- OneDrive
- M365
- Sharepoint
DNS
- Configure DNS request route to DC for new Firewall
- DC is doing DNS when acting as DHCP Server
Authentication
Server
- Server Type: AD
- Server Name: BUF-SRV-DC-01
- Server IP/Domain: 192.168.11.13
- Connection Sec: SSL/TLS
- Port: 636
- NetBIOS domain: BUF
- ADS user name: sophos_ldap
- Password: IT-Glue
- Emal address attribute: mail
- Domain name: buf.local
- Search Queries: dc=buf,dc=local
Phone
- not separate configuration needed. Only Set WAN to fritz correctly. Check the connectivity to phones after migration