Jamie/Networking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Jamie
2026-06-22 06:39:42 +00:00
parent fd5c19d0f4
commit 411f9848ed
1 changed files with 95 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

225
README.md
View File

@@ -6,7 +6,7 @@ This documentation covers the complete home network setup including IP allocatio
**Network:** 192.168.0.0/24
**Router:** OPNsense at 192.168.0.1
**Last Updated:** June 1, 2026
**Last Updated:** June 2026
## Network Architecture
@@ -25,7 +25,7 @@ This documentation covers the complete home network setup including IP allocatio
192.168.0.30-49 - User Computers & Laptops
192.168.0.50-69 - Mobile Devices & Tablets
192.168.0.70-79 - TVs & Media Devices
192.168.0.80-99 - Available (IoT devices migrated to VLAN 20)
192.168.0.80-99 - Temporary holding (pending IoT VLAN migration)
192.168.0.100-119 - Network Infrastructure (APs, switches)
192.168.0.120-139 - Hypervisors & Storage
192.168.0.140-149 - Reserved for expansion
@@ -39,7 +39,7 @@ This documentation covers the complete home network setup including IP allocatio
|---------|--------|------|------|---------|
| **Main LAN** | 192.168.0.0/24 | (none) | TeePee | General devices, VMs, servers |
| **IoT Devices** | 10.10.3.0/24 | 20 | IoTeePee | Smart home, bulbs, plugs, sensors |
| **Security Cameras** | 10.10.2.0/24 | 30 | Cameras | IP cameras (wired, pending migration) |
| **Security Cameras** | 10.10.2.0/24 | 30 | Cameras | IP cameras |
### Firewall Rules
@@ -51,70 +51,60 @@ This documentation covers the complete home network setup including IP allocatio
| Hostname | Service | IP | MAC Address | Type | Status |
|----------|---------|-----|-------------|------|--------|
| npm | Nginx Proxy Manager | 192.168.0.10 | bc:24:11:5b:1d:a2 | Docker | ✅ Active |
| docker | Docker LXC (NPM + services) | 192.168.0.10 | BC:24:11:5b:1d:a2 | LXC | ✅ Active |
| adguard | AdGuard Home | 192.168.0.11 | BC:24:11:47:27:43 | LXC | ✅ Active |
| vaultwarden | Vaultwarden | 192.168.0.12 | BC:24:11:A8:44:A1 | LXC | ✅ Active |
| nextcloud | Nextcloud | 192.168.0.14 | 02:99:5b:4c:b3:e6 | VM | ✅ Active |
| homeassistant | Home Assistant | 192.168.0.15 | 02:46:0b:d8:35:7c | VM | ✅ Active |
| foundryvtt-frigate | Frigate (NVR) + FoundryVTT | 192.168.0.16 | bc:24:11:ad:cb:f6 | Pop!_OS VM | ✅ Active |
| openmediavault | OpenMediaVault (NAS) | 192.168.0.17 | bc:24:11:2c:68:58 | VM | ✅ Active |
| wordpress-irodori | WordPress - Irodori | 192.168.0.18 | bc:24:11:42:70:2a | VM | ✅ Active |
| wordpress-dustin | WordPress - Dustin | 192.168.0.19 | bc:24:11:7e:fc:ff | VM | ✅ Active |
| crafty-controller | Crafty Controller | 192.168.0.13 | BC:24:11:70:10:ff | LXC | ✅ Active |
| nextcloud | Nextcloud | 192.168.0.14 | 02:13:c9:35:9e:5d | VM | ✅ Active |
| home-assistant | Home Assistant | 192.168.0.15 | 02:46:0b:d8:35:7c | VM | ✅ Active |
| foundryvtt-frigate | Frigate NVR + FoundryVTT | 192.168.0.16 | bc:24:11:8a:bf:4d | Pop!_OS VM | ✅ Active |
| omv | OpenMediaVault (NAS) | 192.168.0.17 | bc:24:11:51:5a:a0 | VM | ✅ Active |
| irodori-wp | WordPress - Irodori | 192.168.0.18 | bc:24:11:42:70:2a | LXC | ✅ Active |
| dustin-wp | WordPress - Dustin | 192.168.0.19 | bc:24:11:7e:fc:ff | LXC | ✅ Active |
## User Devices - Computers (30-49)
| Hostname | Device | IP | MAC Address | Notes |
|----------|--------|-----|-------------|-------|
| jamiepc | Jamie's PC | 192.168.0.30 | 50:eb:f6:5a:71:f2 | Primary workstation |
| 3d-printer | 3D Printer (Bambu A1) | 192.168.0.32 | 10:b4:1d:d7:02:2c | Network printer |
| haruka-laptop | Haruka's Laptop | 192.168.0.33 | a8:41:f4:8d:b9:5b | Laptop |
| hp-printer | HP Printer | 192.168.0.34 | a8:b1:3b:01:c2:ce | Network printer |
| jamie-pc | Jamie's PC | 192.168.0.30 | 50:EB:F6:5A:71:F2 | Primary workstation |
| pop_os | Linux Gaming VM | 192.168.0.31 | bc:24:11:b2:20:b0 | |
| bambu-a1 | 3D Printer (Bambu A1) | 192.168.0.32 | 10:b4:1d:d7:02:2c | |
| harukas-laptop | Haruka's Laptop | 192.168.0.33 | a8:41:f4:8d:b9:5b | |
| printer | HP Printer | 192.168.0.34 | a8:b1:3b:01:c2:ce | |
## Mobile Devices (50-69)
| Hostname | Device | IP | MAC Address | Notes |
|----------|--------|-----|-------------|-------|
| jamie-phone | Jamie's Mobile (S23) | 192.168.0.50 | 1a:de:e8:f1:a5:d3 | Samsung Galaxy S23 |
| haruka-phone | Haruka's Mobile (S25) | 192.168.0.51 | 4e:c7:f7:bc:f1:c5 | Samsung Galaxy S25 |
| samsung-tablet | Samsung Galaxy Tablet | 192.168.0.52 | ee:a1:23:9f:1e:c5 | Tablet |
| jamies-s23 | Jamie's Phone (S23) | 192.168.0.50 | 1a:de:e8:f1:a5:d3 | |
| harukas-s25 | Haruka's Phone (S25) | 192.168.0.51 | 4e:c7:f7:bc:f1:c5 | |
| tablet-a8 | Samsung Galaxy Tablet A8 | 192.168.0.52 | ee:a1:23:9f:1e:c5 | |
| lacey-ipad | Lacey's iPad | 192.168.0.53 | c6:5a:8c:6c:d6:cf | |
## TVs & Media Devices (70-79)
| Hostname | Device | IP | MAC Address | Notes |
|----------|--------|-----|-------------|-------|
| unknown-media | Unknown Media Device | 192.168.0.71 | a0:d0:5b:c7:13:28 | Likely TV or streaming |
| livingroom-tv | Samsung TV | 192.168.0.70 | a0:d0:5b:c7:13:28 | |
| samsung-soundbar | Samsung Soundbar | 192.168.0.71 | b0:e4:5c:9e:ad:ca | Unconfirmed MAC |
## IoT Devices (VLAN 20 — 10.10.3.0/24)
## Temporary Holding — Pending IoT VLAN Migration (80-99)
All smart home devices have been migrated from the main LAN (192.168.0.80-94) to the IoT network (10.10.3.0/24, VLAN 20, SSID: IoTeePee). They now receive dynamic IPs via DHCP on the IoT interface. Static IPs are no longer assigned.
These devices are on the main LAN but should be migrated to VLAN 20 (10.10.3.0/24). Parked in the 80-83 range for easy identification.
| Hostname | Device | MAC Address | Notes |
|----------|--------|-------------|-------|
| tapo-hub-h100 | Tapo Hub/Chime H100 | a8:29:48:88:84:d6 | Smart home hub |
| tapo-leak-t300 | Tapo Water Leak Sensor T300 | 20:23:51:d0:b1:7d | Battery powered |
| tapo-bedside-l530 | Tapo Smart Bulb L530 - Bedside | 20:23:51:08:19:76 | Smart bulb |
| tapo-bedroom-l530 | Tapo Smart Bulb L530 - Bedroom | b0:19:21:17:a7:c3 | Smart bulb |
| tapo-hallway-a-l530 | Tapo Smart Bulb L530 - Hallway A | f0:09:0d:b6:4a:8d | Smart bulb |
| tapo-hallway-b-l530 | Tapo Smart Bulb L530 - Hallway B | 40:ae:30:67:a2:46 | Smart bulb |
| tapo-porch-l530 | Tapo Smart Bulb L530 - Porch | 3c:64:cf:63:58:da | Smart bulb |
| tapo-plug-a-p110 | Tapo P110 Smart Plug | 40:ae:30:50:c8:62 | Power monitoring |
| tapo-plug-b-p110 | Tapo P110 Smart Plug | b0:19:21:17:a5:7e | Power monitoring |
| yeelight-color4 | Yeelight Smart Bulb | 58:b6:23:41:e1:ff | Smart bulb |
| reolink-kitchen | Reolink E1 Camera - Kitchen | 54:ef:33:bd:be:e0 | Security camera |
| reolink-outdoor | Reolink Camera - Outdoor | e8:ca:c8:6d:b0:7f | Security camera |
| TPC100 | Tuya Backyard Camera | a8:b1:3b:01:c2:ce | Backyard Camera |
| TPC100 | Tuya Living Room Camera | 58-04-4F-4A-D1-E1 | Living Room Camera |
| TPC120 | Tuya Garden Camera | B8-FB-B3-7A-68-81 | Garden Camera |
### Pending Camera Migration (VLAN 30 — 10.10.2.0/24)
The three IP cameras (TPC100 backyard, TPC100 living room, TPC120 garden — formerly 192.168.0.92, .93, .94) will be migrated to the Camera network (10.10.2.0/24, VLAN 30) once physically reconnected. Until then, they remain on the IoT network (VLAN 20).
| Hostname | IP | MAC Address | Notes |
|----------|----|-------------|-------|
| tuya-unknown-a | 192.168.0.80 | c4:82:e1:b4:fd:a3 | Tuya device — identity unknown |
| tuya-unknown-b | 192.168.0.81 | 18:de:50:eb:27:30 | Tuya device — identity unknown |
| tuya-unknown-c | 192.168.0.82 | c4:82:e1:b4:f6:1d | Tuya device — identity unknown |
| tuya-unknown-d | 192.168.0.83 | b8:06:0d:96:d9:a4 | Tuya device — identity unknown |
## Network Infrastructure (100-119)
| Hostname | Device | IP | MAC Address | Notes |
|----------|--------|-----|-------------|-------|
| u7-lite | UniFi U7 Lite AP | 192.168.0.159 | — | Managed by UniFi OS controller; pending static DHCP reservation |
| unifi-os | UniFi OS Server | 192.168.0.100 | bc:24:11:8f:4d:4d | |
| u7-lite | UniFi U7 Lite AP | 192.168.0.159 | — | Pending static reservation |
## Hypervisors & Storage (120-139)
@@ -123,12 +113,41 @@ The three IP cameras (TPC100 backyard, TPC100 living room, TPC120 garden — for
| proxmox-1 | Proxmox Server 1 | 192.168.0.120 | 10:ff:e0:11:46:9f | Primary hypervisor |
| proxmox-2 | Proxmox Server 2 | 192.168.0.121 | 74:d4:35:97:f4:9d | Secondary hypervisor |
## IoT Devices (VLAN 20 — 10.10.3.0/24)
All smart home devices are on the IoT network (SSID: IoTeePee). IPs are reserved via Kea DHCP on the IoT interface.
| Hostname | Device | IP | MAC Address | Notes |
|----------|--------|-----|-------------|-------|
| tapo-plug-a-p110 | Tapo P110 Smart Plug A | 10.10.3.2 | 40:ae:30:50:c8:62 | |
| tapo-bedside-l530 | Tapo Smart Bulb L530 - Bedside | 10.10.3.3 | 20:23:51:08:19:76 | |
| tapo-hub-h100 | Tapo Hub/Chime H100 | 10.10.3.4 | a8:29:48:88:84:d6 | Leak sensor connected directly to hub (no IP) |
| tapo-plug-b-p110 | Tapo P110 Smart Plug B | 10.10.3.6 | 40:ae:30:50:ce:78 | |
| tapo-porch-l530 | Tapo Smart Bulb L530 - Porch | 10.10.3.8 | 3c:64:cf:63:58:da | |
| tapo-hallway-b-l530 | Tapo Smart Bulb L530 - Hallway B | 10.10.3.9 | 40:ae:30:67:a2:46 | |
| yeelight-color4 | Yeelight Smart Bulb | 10.10.3.10 | 58:b6:23:41:e1:ff | |
| tapo-hallway-a-l530 | Tapo Smart Bulb L530 - Hallway A | 10.10.3.13 | f0:09:0d:b6:4a:8d | |
| tapo-bedroom-l530 | Tapo Smart Bulb L530 - Bedroom | 10.10.3.36 | b0:19:21:17:a7:c3 | |
**No IP — hub-connected:**
- Tapo Water Leak Sensor T300 (MAC: 20:23:51:d0:b1:7d) — wired to hub, no WiFi
## Security Cameras (VLAN 30 — 10.10.2.0/24)
| Hostname | Device | IP | MAC Address | Notes |
|----------|--------|-----|-------------|-------|
| camera-garden | Tuya Camera - Garden | 10.10.2.2 | b8:fb:b3:7a:68:81 | |
| camera-backyard | Tuya Camera - Backyard | 10.10.2.3 | a8:b1:3b:01:c2:ce | |
| camera-living-room | Tuya Camera - Living Room | 10.10.2.4 | 58:04:4f:4a:d1:e1 | |
| camera-kitchen | Reolink Camera - Kitchen | 10.10.2.8 | 54:ef:33:bd:be:e0 | |
| camera-driveway | Reolink Camera - Driveway | 10.10.2.9 | e8:ca:c8:6d:b0:7f | |
## DHCP Configuration
### Current Settings
- **DHCP Pool:** 192.168.0.150 - 192.168.0.200 (51 addresses)
- **Purpose:** Guest devices and temporary connections
- **Static Reservations:** 20 devices with confirmed MACs
- **LAN DHCP Pool:** 192.168.0.150 - 192.168.0.200 (guest/unknown devices)
- **IoT DHCP Pool:** 10.10.3.0/24 (dynamic for non-reserved devices)
- **Camera DHCP Pool:** 10.10.2.0/24 (dynamic for non-reserved devices)
### DNS Settings
- **Primary DNS:** 192.168.0.11 (AdGuard Home)
@@ -141,111 +160,57 @@ The three IP cameras (TPC100 backyard, TPC100 living room, TPC120 garden — for
| 100.65.128.1 | e0:cb:19:60:87:70 | Tailscale VLAN device |
| 100.65.159.134 | bc:24:11:be:cf:af | Tailscale VLAN device (permanent) |
## Network Statistics
## Known Issues / Pending
- **Total Active Devices:** 33
- **VMs/Containers:** 10
- **User Computers:** 5 (3 PCs + 2 printers)
- **Mobile Devices:** 3 (2 phones + 1 tablet)
- **TVs & Media:** 3
- **Smart Home/IoT:** 15 (9 Tapo + 1 Yeelight + 2 Reolink + 3 Tuya) — all on VLAN 20
- **Network Infrastructure:** 1 (UniFi U7 Lite AP)
- **Hypervisors:** 2
- **Static Assignments:** 20 devices
- **DHCP Pool Size:** 51 addresses
## Known Issues
### Tapo App Issues
- Some Tapo devices may show incorrect info in app after VLAN migration
- **3D printer plug:** App showing wrong MAC, verify after print finishes
- **Resolution:** Use OPNsense ARP table MACs as source of truth
### Devices Needing Attention
- Factory reset recommended for Tapo devices showing app glitches after VLAN migration
- **u7-lite:** MAC address not yet confirmed — reservation at .159 has no MAC
- **Samsung Soundbar (.71):** MAC unconfirmed
- **Tuya devices (.80-.83):** On main LAN, need factory reset and migration to VLAN 20
- **Tapo app glitches:** Some devices may show incorrect info after VLAN migration — use OPNsense ARP table as source of truth
## Maintenance Tasks
### Regular Tasks
- [ ] Monthly: Review DHCP leases for new unknown devices
- [ ] Quarterly: Audit static IP assignments
- [ ] Quarterly: Update device firmware (routers, APs, cameras)
- [ ] Yearly: Review and optimize IP allocation scheme
### Pending Tasks
- [ ] Factory reset Tapo devices with app issues
- [ ] Identify and migrate tuya-unknown-a through -d to IoT VLAN 20
- [ ] Confirm UniFi U7 Lite MAC and update reservation
- [ ] Confirm Samsung Soundbar MAC
- [ ] Monthly: Review DHCP leases for unknown devices
- [ ] Quarterly: Audit static IP assignments and firmware
## Security Considerations
1. **Network Segmentation:** VLAN 20 (IoT) and VLAN 30 (Cameras) isolate untrusted devices from the main LAN
1. **Network Segmentation:** VLAN 20 (IoT) and VLAN 30 (Cameras) isolate untrusted devices
2. **Guest Network:** DHCP pool isolated from static devices
3. **Firewall Rules:** OPNsense enforces strict inter-VLAN rules — IoT can only reach HA; Cameras can only reach HA and Frigate/FoundryVTT
4. **DNS Filtering:** AdGuard Home provides ad/tracker blocking
5. **Remote Access:** Tailscale VPN for secure remote access
3. **Firewall Rules:** OPNsense enforces strict inter-VLAN rules
4. **DNS Filtering:** AdGuard Home with ad/tracker blocking
5. **Remote Access:** Tailscale VPN + Cloudflare Tunnel
## Backup Strategy
### What to Backup
1. **OPNsense Configuration:** XML backup from web interface
2. **DHCP Reservations:** CSV export (included in this repo)
3. **Network Documentation:** This README and related files
4. **AdGuard Home Config:** Settings and filter lists
## Migration Notes
## Troubleshooting
### Device Not Getting Reserved IP
1. Check MAC address in router's ARP table
2. Verify DHCP reservation exists
3. Release/renew DHCP lease on device
4. Check for MAC address conflicts
### Cannot Access Device
1. Verify device is online (ping IP)
2. Check if device changed MAC (WiFi vs Ethernet)
3. Review firewall rules in OPNsense
4. Check DNS resolution in AdGuard Home
### IoT Device Issues
1. Tapo devices: Check app vs ARP table for correct MAC
2. Battery devices (water sensor): Won't always appear in ARP
3. For offline devices: Power cycle or factory reset
2. **DHCP Reservations:** CSV exports (reservations_lan.csv, reservations_iot.csv, reservations_cameras.csv)
3. **Network Documentation:** This README
## Tools & Commands
### Identify Device by MAC
```bash
# Online MAC lookup
curl -s "https://api.macvendors.com/5c:62:8b:8d:cb:d6"
# Verify subnet IDs before running import script
curl -s -u "apikey:apisecret" -k https://192.168.0.1/api/kea/dhcpv4/searchSubnet
# Or use OUI lookup
# First 6 characters (3 octets) identify manufacturer
```
### Scan Network
```bash
# Using nmap
# Scan network
nmap -sn 192.168.0.0/24
nmap -sn 10.10.3.0/24
nmap -sn 10.10.2.0/24
# Using arp-scan (more reliable)
sudo arp-scan --interface=eth0 192.168.0.0/24
```
### Check Current IP/MAC
```bash
# View ARP table
# Check ARP table
arp -a
# Or on OPNsense
arp -an | grep 192.168.0
```
## Configuration Files
- `reservations_lan.csv` — Main LAN (192.168.0.0/24) DHCP reservations
- `reservations_iot.csv` — IoT VLAN (10.10.3.0/24) DHCP reservations
- `reservations_cameras.csv` — Camera VLAN (10.10.2.0/24) DHCP reservations
- `import_reservations.sh` — Bulk import script for OPNsense Kea DHCP API
- `opnsense-config.xml` — OPNsense configuration backup (not in repo)
---
**Configuration Files:**
- `dhcp-reservations.csv` - DHCP static assignments export
- `Network Inventory.docx` - Human-readable network map
- `opnsense-config.xml` - OPNsense configuration backup (not in repo)
**Last Updated:** June 1, 2026
**Last Updated:** June 2026