Update README.md

2026-06-22 06:39:42 +00:00
parent fd5c19d0f4
commit 411f9848ed
1 changed files with 95 additions and 130 deletions
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ This documentation covers the complete home network setup including IP allocatio
 **Network:** 192.168.0.0/24  
 **Router:** OPNsense at 192.168.0.1  
-**Last Updated:** June 1, 2026
+**Last Updated:** June 2026
 ## Network Architecture
@@ -25,7 +25,7 @@ This documentation covers the complete home network setup including IP allocatio
 192.168.0.30-49     - User Computers & Laptops
 192.168.0.50-69     - Mobile Devices & Tablets
 192.168.0.70-79     - TVs & Media Devices
-192.168.0.80-99     - Available (IoT devices migrated to VLAN 20)
+192.168.0.80-99     - Temporary holding (pending IoT VLAN migration)
 192.168.0.100-119   - Network Infrastructure (APs, switches)
 192.168.0.120-139   - Hypervisors & Storage
 192.168.0.140-149   - Reserved for expansion
@@ -39,7 +39,7 @@ This documentation covers the complete home network setup including IP allocatio
 |---------|--------|------|------|---------|
 | **Main LAN** | 192.168.0.0/24 | (none) | TeePee | General devices, VMs, servers |
 | **IoT Devices** | 10.10.3.0/24 | 20 | IoTeePee | Smart home, bulbs, plugs, sensors |
-| **Security Cameras** | 10.10.2.0/24 | 30 | Cameras | IP cameras (wired, pending migration) |
+| **Security Cameras** | 10.10.2.0/24 | 30 | Cameras | IP cameras |
 ### Firewall Rules
@@ -51,70 +51,60 @@ This documentation covers the complete home network setup including IP allocatio
 | Hostname | Service | IP | MAC Address | Type | Status |
 |----------|---------|-----|-------------|------|--------|
-| npm | Nginx Proxy Manager | 192.168.0.10 | bc:24:11:5b:1d:a2 | Docker | ✅ Active |
+| docker | Docker LXC (NPM + services) | 192.168.0.10 | BC:24:11:5b:1d:a2 | LXC | ✅ Active |
 | adguard | AdGuard Home | 192.168.0.11 | BC:24:11:47:27:43 | LXC | ✅ Active |
 | vaultwarden | Vaultwarden | 192.168.0.12 | BC:24:11:A8:44:A1 | LXC | ✅ Active |
-| nextcloud | Nextcloud | 192.168.0.14 | 02:99:5b:4c:b3:e6 | VM | ✅ Active |
+| crafty-controller | Crafty Controller | 192.168.0.13 | BC:24:11:70:10:ff | LXC | ✅ Active |
-| homeassistant | Home Assistant | 192.168.0.15 | 02:46:0b:d8:35:7c | VM | ✅ Active |
+| nextcloud | Nextcloud | 192.168.0.14 | 02:13:c9:35:9e:5d | VM | ✅ Active |
-| foundryvtt-frigate | Frigate (NVR) + FoundryVTT | 192.168.0.16 | bc:24:11:ad:cb:f6 | Pop!_OS VM | ✅ Active |
+| home-assistant | Home Assistant | 192.168.0.15 | 02:46:0b:d8:35:7c | VM | ✅ Active |
-| openmediavault | OpenMediaVault (NAS) | 192.168.0.17 | bc:24:11:2c:68:58 | VM | ✅ Active |
+| foundryvtt-frigate | Frigate NVR + FoundryVTT | 192.168.0.16 | bc:24:11:8a:bf:4d | Pop!_OS VM | ✅ Active |
-| wordpress-irodori | WordPress - Irodori | 192.168.0.18 | bc:24:11:42:70:2a | VM | ✅ Active |
+| omv | OpenMediaVault (NAS) | 192.168.0.17 | bc:24:11:51:5a:a0 | VM | ✅ Active |
-| wordpress-dustin | WordPress - Dustin | 192.168.0.19 | bc:24:11:7e:fc:ff | VM | ✅ Active |
+| irodori-wp | WordPress - Irodori | 192.168.0.18 | bc:24:11:42:70:2a | LXC | ✅ Active |
 | dustin-wp | WordPress - Dustin | 192.168.0.19 | bc:24:11:7e:fc:ff | LXC | ✅ Active |
 ## User Devices - Computers (30-49)
 | Hostname | Device | IP | MAC Address | Notes |
 |----------|--------|-----|-------------|-------|
-| jamiepc | Jamie's PC | 192.168.0.30 | 50:eb:f6:5a:71:f2 | Primary workstation |
+| jamie-pc | Jamie's PC | 192.168.0.30 | 50:EB:F6:5A:71:F2 | Primary workstation |
-| 3d-printer | 3D Printer (Bambu A1) | 192.168.0.32 | 10:b4:1d:d7:02:2c | Network printer |
+| pop_os | Linux Gaming VM | 192.168.0.31 | bc:24:11:b2:20:b0 | |
-| haruka-laptop | Haruka's Laptop | 192.168.0.33 | a8:41:f4:8d:b9:5b | Laptop |
+| bambu-a1 | 3D Printer (Bambu A1) | 192.168.0.32 | 10:b4:1d:d7:02:2c | |
-| hp-printer | HP Printer | 192.168.0.34 | a8:b1:3b:01:c2:ce | Network printer |
+| harukas-laptop | Haruka's Laptop | 192.168.0.33 | a8:41:f4:8d:b9:5b | |
 | printer | HP Printer | 192.168.0.34 | a8:b1:3b:01:c2:ce | |
 ## Mobile Devices (50-69)
 | Hostname | Device | IP | MAC Address | Notes |
 |----------|--------|-----|-------------|-------|
-| jamie-phone | Jamie's Mobile (S23) | 192.168.0.50 | 1a:de:e8:f1:a5:d3 | Samsung Galaxy S23 |
+| jamies-s23 | Jamie's Phone (S23) | 192.168.0.50 | 1a:de:e8:f1:a5:d3 | |
-| haruka-phone | Haruka's Mobile (S25) | 192.168.0.51 | 4e:c7:f7:bc:f1:c5 | Samsung Galaxy S25 |
+| harukas-s25 | Haruka's Phone (S25) | 192.168.0.51 | 4e:c7:f7:bc:f1:c5 | |
-| samsung-tablet | Samsung Galaxy Tablet | 192.168.0.52 | ee:a1:23:9f:1e:c5 | Tablet |
+| tablet-a8 | Samsung Galaxy Tablet A8 | 192.168.0.52 | ee:a1:23:9f:1e:c5 | |
 | lacey-ipad | Lacey's iPad | 192.168.0.53 | c6:5a:8c:6c:d6:cf | |
 ## TVs & Media Devices (70-79)
 | Hostname | Device | IP | MAC Address | Notes |
 |----------|--------|-----|-------------|-------|
-| unknown-media | Unknown Media Device | 192.168.0.71 | a0:d0:5b:c7:13:28 | Likely TV or streaming |
+| livingroom-tv | Samsung TV | 192.168.0.70 | a0:d0:5b:c7:13:28 | |
 | samsung-soundbar | Samsung Soundbar | 192.168.0.71 | b0:e4:5c:9e:ad:ca | Unconfirmed MAC |
-## IoT Devices (VLAN 20 — 10.10.3.0/24)
+## Temporary Holding — Pending IoT VLAN Migration (80-99)
-All smart home devices have been migrated from the main LAN (192.168.0.80-94) to the IoT network (10.10.3.0/24, VLAN 20, SSID: IoTeePee). They now receive dynamic IPs via DHCP on the IoT interface. Static IPs are no longer assigned.
+These devices are on the main LAN but should be migrated to VLAN 20 (10.10.3.0/24). Parked in the 80-83 range for easy identification.
-| Hostname | Device | MAC Address | Notes |
+| Hostname | IP | MAC Address | Notes |
-|----------|--------|-------------|-------|
+|----------|----|-------------|-------|
-| tapo-hub-h100 | Tapo Hub/Chime H100 | a8:29:48:88:84:d6 | Smart home hub |
+| tuya-unknown-a | 192.168.0.80 | c4:82:e1:b4:fd:a3 | Tuya device — identity unknown |
-| tapo-leak-t300 | Tapo Water Leak Sensor T300 | 20:23:51:d0:b1:7d | Battery powered |
+| tuya-unknown-b | 192.168.0.81 | 18:de:50:eb:27:30 | Tuya device — identity unknown |
-| tapo-bedside-l530 | Tapo Smart Bulb L530 - Bedside | 20:23:51:08:19:76 | Smart bulb |
+| tuya-unknown-c | 192.168.0.82 | c4:82:e1:b4:f6:1d | Tuya device — identity unknown |
-| tapo-bedroom-l530 | Tapo Smart Bulb L530 - Bedroom | b0:19:21:17:a7:c3 | Smart bulb |
+| tuya-unknown-d | 192.168.0.83 | b8:06:0d:96:d9:a4 | Tuya device — identity unknown |
 | tapo-hallway-a-l530 | Tapo Smart Bulb L530 - Hallway A | f0:09:0d:b6:4a:8d | Smart bulb |
 | tapo-hallway-b-l530 | Tapo Smart Bulb L530 - Hallway B | 40:ae:30:67:a2:46 | Smart bulb |
 | tapo-porch-l530 | Tapo Smart Bulb L530 - Porch | 3c:64:cf:63:58:da | Smart bulb |
 | tapo-plug-a-p110 | Tapo P110 Smart Plug | 40:ae:30:50:c8:62 | Power monitoring |
 | tapo-plug-b-p110 | Tapo P110 Smart Plug | b0:19:21:17:a5:7e | Power monitoring |
 | yeelight-color4 | Yeelight Smart Bulb | 58:b6:23:41:e1:ff | Smart bulb |
 | reolink-kitchen | Reolink E1 Camera - Kitchen | 54:ef:33:bd:be:e0 | Security camera |
 | reolink-outdoor | Reolink Camera - Outdoor | e8:ca:c8:6d:b0:7f | Security camera |
 | TPC100 | Tuya Backyard Camera | a8:b1:3b:01:c2:ce | Backyard Camera |
 | TPC100 | Tuya Living Room Camera | 58-04-4F-4A-D1-E1 | Living Room Camera |
 | TPC120 | Tuya Garden Camera | B8-FB-B3-7A-68-81 | Garden Camera |
 ### Pending Camera Migration (VLAN 30 — 10.10.2.0/24)
 The three IP cameras (TPC100 backyard, TPC100 living room, TPC120 garden — formerly 192.168.0.92, .93, .94) will be migrated to the Camera network (10.10.2.0/24, VLAN 30) once physically reconnected. Until then, they remain on the IoT network (VLAN 20).
 ## Network Infrastructure (100-119)
 | Hostname | Device | IP | MAC Address | Notes |
 |----------|--------|-----|-------------|-------|
-| u7-lite | UniFi U7 Lite AP | 192.168.0.159 | — | Managed by UniFi OS controller; pending static DHCP reservation |
+| unifi-os | UniFi OS Server | 192.168.0.100 | bc:24:11:8f:4d:4d | |
 | u7-lite | UniFi U7 Lite AP | 192.168.0.159 | — | Pending static reservation |
 ## Hypervisors & Storage (120-139)
@@ -123,12 +113,41 @@ The three IP cameras (TPC100 backyard, TPC100 living room, TPC120 garden — for
 | proxmox-1 | Proxmox Server 1 | 192.168.0.120 | 10:ff:e0:11:46:9f | Primary hypervisor |
 | proxmox-2 | Proxmox Server 2 | 192.168.0.121 | 74:d4:35:97:f4:9d | Secondary hypervisor |
 ## IoT Devices (VLAN 20 — 10.10.3.0/24)
 All smart home devices are on the IoT network (SSID: IoTeePee). IPs are reserved via Kea DHCP on the IoT interface.
 | Hostname | Device | IP | MAC Address | Notes |
 |----------|--------|-----|-------------|-------|
 | tapo-plug-a-p110 | Tapo P110 Smart Plug A | 10.10.3.2 | 40:ae:30:50:c8:62 | |
 | tapo-bedside-l530 | Tapo Smart Bulb L530 - Bedside | 10.10.3.3 | 20:23:51:08:19:76 | |
 | tapo-hub-h100 | Tapo Hub/Chime H100 | 10.10.3.4 | a8:29:48:88:84:d6 | Leak sensor connected directly to hub (no IP) |
 | tapo-plug-b-p110 | Tapo P110 Smart Plug B | 10.10.3.6 | 40:ae:30:50:ce:78 | |
 | tapo-porch-l530 | Tapo Smart Bulb L530 - Porch | 10.10.3.8 | 3c:64:cf:63:58:da | |
 | tapo-hallway-b-l530 | Tapo Smart Bulb L530 - Hallway B | 10.10.3.9 | 40:ae:30:67:a2:46 | |
 | yeelight-color4 | Yeelight Smart Bulb | 10.10.3.10 | 58:b6:23:41:e1:ff | |
 | tapo-hallway-a-l530 | Tapo Smart Bulb L530 - Hallway A | 10.10.3.13 | f0:09:0d:b6:4a:8d | |
 | tapo-bedroom-l530 | Tapo Smart Bulb L530 - Bedroom | 10.10.3.36 | b0:19:21:17:a7:c3 | |
 **No IP — hub-connected:**
 - Tapo Water Leak Sensor T300 (MAC: 20:23:51:d0:b1:7d) — wired to hub, no WiFi
 ## Security Cameras (VLAN 30 — 10.10.2.0/24)
 | Hostname | Device | IP | MAC Address | Notes |
 |----------|--------|-----|-------------|-------|
 | camera-garden | Tuya Camera - Garden | 10.10.2.2 | b8:fb:b3:7a:68:81 | |
 | camera-backyard | Tuya Camera - Backyard | 10.10.2.3 | a8:b1:3b:01:c2:ce | |
 | camera-living-room | Tuya Camera - Living Room | 10.10.2.4 | 58:04:4f:4a:d1:e1 | |
 | camera-kitchen | Reolink Camera - Kitchen | 10.10.2.8 | 54:ef:33:bd:be:e0 | |
 | camera-driveway | Reolink Camera - Driveway | 10.10.2.9 | e8:ca:c8:6d:b0:7f | |
 ## DHCP Configuration
 ### Current Settings
- **DHCP Pool:** 192.168.0.150 - 192.168.0.200 (51 addresses)
+- **LAN DHCP Pool:** 192.168.0.150 - 192.168.0.200 (guest/unknown devices)
- **Purpose:** Guest devices and temporary connections
+- **IoT DHCP Pool:** 10.10.3.0/24 (dynamic for non-reserved devices)
- **Static Reservations:** 20 devices with confirmed MACs
+- **Camera DHCP Pool:** 10.10.2.0/24 (dynamic for non-reserved devices)
 ### DNS Settings
 - **Primary DNS:** 192.168.0.11 (AdGuard Home)
@@ -141,111 +160,57 @@ The three IP cameras (TPC100 backyard, TPC100 living room, TPC120 garden — for
 | 100.65.128.1 | e0:cb:19:60:87:70 | Tailscale VLAN device |
 | 100.65.159.134 | bc:24:11:be:cf:af | Tailscale VLAN device (permanent) |
-## Network Statistics
+## Known Issues / Pending
- **Total Active Devices:** 33
+- **u7-lite:** MAC address not yet confirmed — reservation at .159 has no MAC
- **VMs/Containers:** 10
+- **Samsung Soundbar (.71):** MAC unconfirmed
- **User Computers:** 5 (3 PCs + 2 printers)
+- **Tuya devices (.80-.83):** On main LAN, need factory reset and migration to VLAN 20
- **Mobile Devices:** 3 (2 phones + 1 tablet)
+- **Tapo app glitches:** Some devices may show incorrect info after VLAN migration — use OPNsense ARP table as source of truth
 - **TVs & Media:** 3
 - **Smart Home/IoT:** 15 (9 Tapo + 1 Yeelight + 2 Reolink + 3 Tuya) — all on VLAN 20
 - **Network Infrastructure:** 1 (UniFi U7 Lite AP)
 - **Hypervisors:** 2
 - **Static Assignments:** 20 devices
 - **DHCP Pool Size:** 51 addresses
 ## Known Issues
 ### Tapo App Issues
 - Some Tapo devices may show incorrect info in app after VLAN migration
 - **3D printer plug:** App showing wrong MAC, verify after print finishes
 - **Resolution:** Use OPNsense ARP table MACs as source of truth
 ### Devices Needing Attention
 - Factory reset recommended for Tapo devices showing app glitches after VLAN migration
 ## Maintenance Tasks
-### Regular Tasks
+- [ ] Identify and migrate tuya-unknown-a through -d to IoT VLAN 20
- [ ] Monthly: Review DHCP leases for new unknown devices
+- [ ] Confirm UniFi U7 Lite MAC and update reservation
- [ ] Quarterly: Audit static IP assignments
+- [ ] Confirm Samsung Soundbar MAC
- [ ] Quarterly: Update device firmware (routers, APs, cameras)
+- [ ] Monthly: Review DHCP leases for unknown devices
- [ ] Yearly: Review and optimize IP allocation scheme
+- [ ] Quarterly: Audit static IP assignments and firmware
 ### Pending Tasks
 - [ ] Factory reset Tapo devices with app issues
 ## Security Considerations
-1. **Network Segmentation:** VLAN 20 (IoT) and VLAN 30 (Cameras) isolate untrusted devices from the main LAN
+1. **Network Segmentation:** VLAN 20 (IoT) and VLAN 30 (Cameras) isolate untrusted devices
 2. **Guest Network:** DHCP pool isolated from static devices
-3. **Firewall Rules:** OPNsense enforces strict inter-VLAN rules — IoT can only reach HA; Cameras can only reach HA and Frigate/FoundryVTT
+3. **Firewall Rules:** OPNsense enforces strict inter-VLAN rules
-4. **DNS Filtering:** AdGuard Home provides ad/tracker blocking
+4. **DNS Filtering:** AdGuard Home with ad/tracker blocking
-5. **Remote Access:** Tailscale VPN for secure remote access
+5. **Remote Access:** Tailscale VPN + Cloudflare Tunnel
 ## Backup Strategy
 ### What to Backup
 1. **OPNsense Configuration:** XML backup from web interface
-2. **DHCP Reservations:** CSV export (included in this repo)
+2. **DHCP Reservations:** CSV exports (reservations_lan.csv, reservations_iot.csv, reservations_cameras.csv)
-3. **Network Documentation:** This README and related files
+3. **Network Documentation:** This README
 4. **AdGuard Home Config:** Settings and filter lists
 ## Migration Notes
 ## Troubleshooting
 ### Device Not Getting Reserved IP
 1. Check MAC address in router's ARP table
 2. Verify DHCP reservation exists
 3. Release/renew DHCP lease on device
 4. Check for MAC address conflicts
 ### Cannot Access Device
 1. Verify device is online (ping IP)
 2. Check if device changed MAC (WiFi vs Ethernet)
 3. Review firewall rules in OPNsense
 4. Check DNS resolution in AdGuard Home
 ### IoT Device Issues
 1. Tapo devices: Check app vs ARP table for correct MAC
 2. Battery devices (water sensor): Won't always appear in ARP
 3. For offline devices: Power cycle or factory reset
 ## Tools & Commands
 ### Identify Device by MAC
 ```bash
-# Online MAC lookup
+# Verify subnet IDs before running import script
-curl -s "https://api.macvendors.com/5c:62:8b:8d:cb:d6"
+curl -s -u "apikey:apisecret" -k https://192.168.0.1/api/kea/dhcpv4/searchSubnet
-# Or use OUI lookup
+# Scan network
 # First 6 characters (3 octets) identify manufacturer
 ```
 ### Scan Network
 ```bash
 # Using nmap
 nmap -sn 192.168.0.0/24
 nmap -sn 10.10.3.0/24
 nmap -sn 10.10.2.0/24
-# Using arp-scan (more reliable)
+# Check ARP table
 sudo arp-scan --interface=eth0 192.168.0.0/24
 ```
 ### Check Current IP/MAC
 ```bash
 # View ARP table
 arp -a
 # Or on OPNsense
 arp -an | grep 192.168.0
 ```
 ## Configuration Files
 - `reservations_lan.csv` — Main LAN (192.168.0.0/24) DHCP reservations
 - `reservations_iot.csv` — IoT VLAN (10.10.3.0/24) DHCP reservations
 - `reservations_cameras.csv` — Camera VLAN (10.10.2.0/24) DHCP reservations
 - `import_reservations.sh` — Bulk import script for OPNsense Kea DHCP API
 - `opnsense-config.xml` — OPNsense configuration backup (not in repo)
 ---
-
+**Last Updated:** June 2026
 **Configuration Files:**
 - `dhcp-reservations.csv` - DHCP static assignments export
 - `Network Inventory.docx` - Human-readable network map
 - `opnsense-config.xml` - OPNsense configuration backup (not in repo)
 **Last Updated:** June 1, 2026