# Network

List of vnets (latest version see Unifi console):

| Name | VLAN ID | Router | Subnet |
| --- | --- | --- | --- |
| Default | 1 | prd-unifi-1 | 192.168.1.0/24 |
| Management | 2 | prd-unifi-1 | 192.168.2.0/24 |
| Clients | 3 | prd-unifi-1 | 192.168.3.0/24 |
| Server | 4 | prd-unifi-1 | 192.168.4.0/24 |
| IoT | 5 | prd-unifi-1 | 192.168.5.0/24 |
| Guests | 6 | prd-unifi-1 | 192.168.6.0/24 |
| Volt - Development | 7 | prd-unifi-1 | 192.168.7.0/24 |
| Var - Testing | 8 | prd-unifi-1 | 192.168.8.0/24 |
| Watt - Production | 9 | prd-unifi-1 | 192.168.9.0/24 |

Tasks:

- Define Networks
  - OK Ranges definieren
  - OK Verteilen, was wohin kommt
  - OK VLAN IDs statisch besser als dynamisch
  - OK DNS definieren (fix vs. dynamisch)
- Gateway Settings
  - Auto Update
  - Block outgoing DNS
  - Plugins wie OPNSense CrowdSec

<!-- markdownlint-disable MD033 -->
::: mermaid
graph LR
    A[Internet] -->|ISP Connection| ND1[Gateway<br>gw-jj-nar-prd-opr-1]

    subgraph "On-Prem Hub (VLAN ID 1)"
        ND1 -->|VPN Tunnel to Azure| C[VPN Gateway]
        ND1 --> D[Firewall & Security Policies]
        ND2[Switch<br>sw-jj-nar-prd-opr-1]
        ND3[Access Point<br>ap-jj-nar-prd-opr-0]
        ND4[Access Point<br>ap-jj-nar-prd-opr-1]
        ND5[Access Point<br>ap-jj-nar-prd-opr-2]
        ND6[Access Point<br>ap-jj-nar-prd-opr-3]
    end

    subgraph "On-Premises Spoke Networks"
        D --> V2[Management VLAN ID 2]
        V2 --> V201[Supermicro]
        V2 --> V202[prd-proxmox-1]
        V2 --> V203[prd-proxmox-2]
        D --> V3[Clients VLAN 3]
        V3 --> V301[Mobiles]
        V3 --> V302[Laptops]
        V3 --> V303[Apple TV]
        V3 --> V304[HomePods]
        D --> V4[Servers VLAN 4]
        V4 --> V401[Legacy unneeded in future<br>will be in VLAN 7/8/9]
        D --> V5[IoT VLAN 5 - Isolated 🔒]
        V5 --> V501[Home infrastructure]
        V5 --> V502[Loxone]
        V5 --> V503[Home Assistant]
        D --> V6[Guests VLAN 6]
        V6 --> V601[Friends visting]
        D --> V10[Guests VLAN 10]
        V10 --> V1001[Customers of rented<br>out flat]

    end

    subgraph "On-Premises Workload Spoke Networks"
        D --> O[*.volt.* VLAN ID 7]
        D --> P[*.war.* VLAN 8]
        D --> Q[*.watt.* VLAN 9]
    end

    C -->|VPN Tunnel| J[Azure VPN Gateway]

    subgraph "Azure Hub"
        J --> K[Azure Firewall]
    end

    subgraph "Azure Workload Spoke Networks"
        K --> L[Spoke 1: *.volt.*]
        K --> M[Spoke 2: *.var.*]
        K --> N[Spoke 3: *.watt.*]
    end
:::

<!-- markdownlint-enable MD033 -->

Legacy diagram for reference:

![Basic network structure](resources/diagrams/network.png)