configs 2024

APs/README.md

@@ -0,0 +1,7 @@
+Templates are not perfektly sunced.
+
+Bridges and interface names have differences.
+
+Same of custom files are not in templates for DAPs
+
+!!! Use as guideline, not as redy to run setup !!!

APs/etc/fw_mod.sh

@@ -0,0 +1,37 @@
+/usr/bin/logger "Start augmenting FW"
+
+if [ -z "$1" ]; then
+	sleep 1;
+else
+	sleep $1;
+fi
+
+INTERFACES="wifi.22"
+
+all_interfaces_up() {
+    for iface in $INTERFACES; do
+        if ! ip link show "$iface" > /dev/null 2>&1; then
+            return 1  # If any interface is missing, return failure
+        fi
+    done
+    return 0  # All interfaces are up
+}
+
+while ! all_interfaces_up; do
+    echo "Waiting for interfaces to appear: $INTERFACES"
+    sleep 1  # Wait 1 second before checking again
+done
+
+/usr/sbin/nft insert rule inet fw4 forward iif wifi.22 ip saddr == 10.22.0.1 drop
+/usr/sbin/nft insert rule inet fw4 forward iif wifi.22 ip saddr == 10.20.0.1 drop
+/usr/sbin/nft insert rule inet fw4 forward iif wifi.22 ip saddr != 10.22.0.0/21 drop
+/usr/sbin/nft insert rule inet fw4 forward iif wifi.22 ether saddr 3c:ec:ef:be:b9:7f drop
+
+/usr/sbin/nft add table bridge filter
+/usr/sbin/nft add chain bridge filter forward '{type filter hook forward priority 0; }'
+/usr/sbin/nft add rule bridge filter forward iif { phy0-ap0, phy1-ap0 } ether saddr 3c:ec:ef:be:b9:7f drop
+/usr/sbin/nft add rule bridge filter forward iif { phy0-ap0, phy1-ap0 } ip saddr == 10.22.0.1 drop
+/usr/sbin/nft add rule bridge filter forward iif { phy0-ap0, phy1-ap0 } ip saddr != 10.22.0.0/22 drop
+/usr/sbin/nft add rule bridge filter forward iif { phy0-ap0, phy1-ap0 } ip daddr == 10.22.0.0/22 drop
+
+/usr/bin/logger "Finish augmenting FW"

APs/etc/hotplug.d/iface/20-firewall

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+has_zone() {
+	fw4 -q network "$INTERFACE" >/dev/null && return 0
+	eval $(ubus call "network.interface.$INTERFACE" status | jsonfilter -e 'ZONE=@.data.zone')
+	fw4 -q zone "$ZONE" >/dev/null
+}
+
+[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0
+[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0
+
+/etc/init.d/firewall enabled || exit 0
+
+has_zone || exit 0
+
+logger -t firewall "Reloading firewall due to $ACTION of $INTERFACE ($DEVICE)"
+fw4 -q reload
+/etc/fw_mod.sh &

APs/etc/provisioning_daemon.sh

@@ -0,0 +1,65 @@
+#!/bin/ash
+
+device='wifi.20'
+url='http://10.20.0.1:34925/p.php'
+
+getProvis(){
+	curl -s $url -o /dev/null 
+	logger -t provis_$mac "first curl exit code $?"
+	errorcode=$?
+	if [ $errorcode -eq 0 ]; then
+
+		status_code=$(curl -H 'Content-Type: application/json' -d '{"mac":"'$mac'"} ' -o /dev/null -v -w '%{http_code}' $url)
+		logger -t provis_$mac "Status code:  $status_code"
+
+		 if [ "$status_code" -eq 200 ]; then
+			curl -s -H 'Content-Type: application/json'  -d '{"mac":"'$mac'"}' $url -o /tmp/tmpProv.sh 
+			return 0
+		else
+			logger -t provis_$mac "Non-OK code returned during provisioning: $status_code"
+			return 1 
+		fi
+	else
+		logger -t provis_$mac "Error connecting site. Curl error $errorcode "
+		return 1
+	fi
+}
+
+newProvis(){
+	logger -t provis_$mac "Check for new Provisioning"
+	if [ ! -e "/tmp/oldProv.sh" ]; then 
+		touch "/tmp/oldProv.sh"
+	fi
+	oldMD5=$(md5sum /tmp/oldProv.sh | cut -d ' ' -f1)
+	newMD5=$(md5sum /tmp/tmpProv.sh | cut -d ' ' -f1)
+	if [ "$oldMD5" != "$newMD5" ]; then
+		logger -t provis_$mac "New Provisioning found"
+		return 0
+	else
+		logger -t provis_$mac "No new Provisioning"
+		return 1
+	fi
+}
+
+
+
+while true
+	do
+		mac=$(cat /sys/class/net/$device/address)	
+		echo $mac
+		logger -t provis_$mac "Start provisioning cicle"
+		if getProvis; then
+			if newProvis; then
+				mv /tmp/tmpProv.sh /tmp/oldProv.sh
+				logger -t provis_$mac "Applying new provisioning data."
+				source /tmp/oldProv.sh
+			else
+				logger -t provis_$mac "No new provisioning data."
+			fi
+		else
+			logger -t provis_$mac "Didn't get provosioning data."
+		fi
+		#sleep 179
+		sleep 10
+		logger -t provis_$mac "End provisioning cicle. Sleeping ..."
+	done

APs/etc/wifi-sentinel.sh

@@ -0,0 +1,47 @@
+#!/bin/ash
+
+# Configuration
+device="eth0.20"
+target_ip="8.8.8.8"
+interfaces="phy0-ap0 phy1-ap0"
+mac=$(cat /sys/class/net/$device/address)	
+ip_address=$(ip -4 addr show "$device" | awk '/inet / {print $2}' | cut -d/ -f1)
+interval=59
+
+check_ping() {
+    logger -t wifi_sentinel_$mac_$ip_address "Pinging $target_ip"
+    ping -c 1 -W 3 "$target_ip" >/dev/null 2>&1
+    return $? 
+}
+
+wifi_down() {
+    logger -t wifi_sentinel_$mac_$ip_address "No response from $target_ip, bringing WiFi interfaces down..."
+    for interface in $interfaces; do
+	ip link set "$interface" down
+    done
+}
+
+wifi_up() {
+    logger -t wifi_sentinel_$mac_$ip_address "Response from $target_ip detected, starting WiFi interfaces..."
+    for interface in $interfaces; do
+	ip link set "$interface" up
+    done
+}
+
+# Main loop
+wifi_is_down=0  
+
+while true; do
+    if check_ping; then
+        if [ "$wifi_is_down" -eq 1 ]; then
+            wifi_up
+            wifi_is_down=0
+        fi
+    else
+        if [ "$wifi_is_down" -eq 0 ]; then
+            wifi_down
+            wifi_is_down=1
+        fi
+    fi
+    sleep "$interval"
+done

asterisk/README.md

@@ -0,0 +1,4 @@
+
+Install fresh asterisk /reuires pjsip, so 18+ (last used version during OpenFest 2024: v22.0.0)
+
+Copy all the .conf files from this folder into /etc/asterisk/

asterisk/extensions.conf

@@ -0,0 +1,85 @@
+[trunk]
+exten => <noc-phone>,1,Progress()
+same = n,Answer()
+same = n,Goto(openfest,<noc-phone>,1)
+
+[openfest]
+
+exten => <noc-phone>,1,Dial(PJSIP/NOC1&PJSIP/NOC2&PJSIP/REC1&PJSIP/REC2&PJSIP/TEAM)
+same => n,HangUp()
+
+exten = _0NX.,1,Dial(PJSIP/359${EXTEN:1}@atlas-out)
+same = n,HangUp()
+
+exten = _00359NX.,1,Dial(PJSIP/${EXTEN:2}@atlas-out)
+same = n,HangUp()
+
+exten = _3188X.,1,Dial(PJSIP/${EXTEN}@atlas-out)
+same = n,HangUp()
+
+exten = _359NX.,1,Dial(PJSIP/${EXTEN}@atlas-out)
+same = n,HangUp()
+
+exten = _+359NX.,1,Dial(PJSIP/${EXTEN:1}@@atlas-out)
+same = n,HangUp()
+
+;echo (test)
+exten = 666,1,Answer()
+same = n,Wait(1)
+same = n,Playback(hello-world)
+same = n,Echo()
+same = n,Hangup()
+
+;MEDIC
+exten => 150,1,Dial(PJSIP/<medic-phone>@atlas-out)
+
+; NOC
+;exten = 303,1,Dial(PJSIP/noc1&PJSIP/noc2,600,m(of))
+exten = 303,1,Dial(PJSIP/NOC1&PJSIP/NOC2)
+exten = 3031,1,Dial(PJSIP/NOC1)
+exten = 3032,1,Dial(PJSIP/NOC2)
+
+;REC
+exten = 301,1,Dial(PJSIP/REC1)
+exten = 302,1,Dial(PJSIP/REC2)
+
+;Team
+exten = 304,1,Dial(PJSIP/TEAM)
+
+;Conf rooms
+exten = 1001,1,Dial(PJSIP/ROOM-A)
+exten = 1002,1,Dial(PJSIP/ROOM-B)
+exten = 1006,1,Dial(PJSIP/ROOM-Z)
+
+;Separated clients
+exten = 401,1,Dial(PJSIP/401)
+exten = 402,1,Dial(PJSIP/402)
+exten = 403,1,Dial(PJSIP/403)
+exten = 404,1,Dial(PJSIP/404)
+exten = 405,1,Dial(PJSIP/405)
+exten = 406,1,Dial(PJSIP/406)
+exten = 407,1,Dial(PJSIP/407)
+exten = 408,1,Dial(PJSIP/408)
+exten = 409,1,Dial(PJSIP/409)
+exten = 410,1,Dial(PJSIP/410)
+exten = 411,1,Dial(PJSIP/411)
+exten = 412,1,Dial(PJSIP/412)
+exten = 413,1,Dial(PJSIP/413)
+exten = 414,1,Dial(PJSIP/414)
+exten = 415,1,Dial(PJSIP/415)
+exten = 416,1,Dial(PJSIP/416)
+exten = 417,1,Dial(PJSIP/417)
+exten = 418,1,Dial(PJSIP/418)
+exten = 419,1,Dial(PJSIP/419)
+exten = 420,1,Dial(PJSIP/420)
+
+[HINTS]
+exten = 301,hint,PJSIP/REC1
+exten = 302,hint,PJSIP/REC2
+exten = 304,hint,PJSIP/TEAM
+exten = 1001,hint,PJSIP/ROOM-A
+exten = 1002,hint,PJSIP/ROOM-B
+exten = 1006,hint,PJSIP/ROOM-Z
+
+
+

asterisk/logger.conf

@@ -0,0 +1,186 @@
+;
+; Logging Configuration
+;
+; In this file, you configure logging to files or to
+; the syslog system.
+;
+; "logger reload" at the CLI will reload configuration
+; of the logging system.
+
+[general]
+;
+; Customize the display of debug message time stamps
+; this example is the ISO 8601 date format (yyyy-mm-dd HH:MM:SS)
+;
+; see strftime(3) Linux manual for format specifiers.  Note that there is also
+; a fractional second parameter which may be used in this field.  Use %1q
+; for tenths, %2q for hundredths, etc.
+;
+;dateformat=%F %T       ; ISO 8601 date format
+;dateformat=%F %T.%3q   ; with milliseconds
+;
+;
+; This makes Asterisk write callids to log messages
+; (defaults to yes)
+;use_callids = no
+;
+; This appends the hostname to the name of the log files.
+;appendhostname = yes
+;
+; This determines whether or not we log queue events to a file
+; (defaults to yes).
+;queue_log = no
+;
+; Determines whether the queue_log always goes to a file, even
+; when a realtime backend is present (defaults to no).
+;queue_log_to_file = yes
+;
+; Set the queue_log filename
+; (defaults to queue_log)
+;queue_log_name = queue_log
+;
+; When using realtime for the queue log, use GMT for the timestamp
+; instead of localtime.  The default of this option is 'no'.
+;queue_log_realtime_use_gmt = yes
+;
+; Log rotation strategy:
+; none:  Do not perform any logrotation at all.  You should make
+;        very sure to set up some external logrotate mechanism
+;        as the asterisk logs can get very large, very quickly.
+; sequential:  Rename archived logs in order, such that the newest
+;              has the highest sequence number [default].  When
+;              exec_after_rotate is set, ${filename} will specify
+;              the new archived logfile.
+; rotate:  Rotate all the old files, such that the oldest has the
+;          highest sequence number [this is the expected behavior
+;          for Unix administrators].  When exec_after_rotate is
+;          set, ${filename} will specify the original root filename.
+; timestamp:  Rename the logfiles using a timestamp instead of a
+;             sequence number when "logger rotate" is executed.
+;             When exec_after_rotate is set, ${filename} will
+;             specify the new archived logfile.
+;rotatestrategy = rotate
+;
+; Run a system command after rotating the files.  This is mainly
+; useful for rotatestrategy=rotate. The example allows the last
+; two archive files to remain uncompressed, but after that point,
+; they are compressed on disk.
+;
+; exec_after_rotate=gzip -9 ${filename}.2
+;
+;
+; For each file, specify what to log.
+;
+; For console logging, you set options at start of
+; Asterisk with -v for verbose and -d for debug
+; See 'asterisk -h' for more information.
+;
+; Directory for log files is configures in asterisk.conf
+; option astlogdir
+;
+; All log messages go to a queue serviced by a single thread
+; which does all the IO.  This setting controls how big that
+; queue can get (and therefore how much memory is allocated)
+; before new messages are discarded.
+; The default is 1000
+;logger_queue_limit = 250
+;
+; Any custom logging levels you may want to use, which can then
+; be sent to logging channels. The maximum number of custom
+; levels is 16, but not all of these may be available if modules
+; in Asterisk define their own.
+;custom_levels = foobar,important,compliance
+;
+[logfiles]
+;
+; Format is:
+;
+; logger_name => [formatter]levels
+;
+; The name of the logger dictates not only the name of the logging
+; channel, but also its type. Valid types are:
+;   - 'console'  - The root console of Asterisk
+;   - 'syslog'   - Linux syslog, with facilities specified afterwards with
+;                  a period delimiter, e.g., 'syslog.local0'
+;   - 'filename' - The name of the log file to create. This is the default
+;                  for log channels.
+;
+; Filenames can either be relative to the standard Asterisk log directory
+; (see 'astlogdir' in asterisk.conf), or absolute paths that begin with
+; '/'.
+;
+; An optional formatter can be specified prior to the log levels sent
+; to the log channel. The formatter is defined immediately preceeding the
+; levels, and is enclosed in square brackets. Valid formatters are:
+;   - [default] - The default formatter, this outputs log messages using a
+;                 human readable format.
+;   - [plain]   - The plain formatter, this outputs log messages using a
+;                 human readable format with the addition of function name
+;                 and line number. No color escape codes are ever printed
+;                 nor are verbose messages treated specially.
+;   - [json]    - Log the output in JSON. Note that JSON formatted log entries,
+;                 if specified for a logger type of 'console', will be formatted
+;                 per the 'default' formatter for log messages of type VERBOSE.
+;                 This is due to the remote consoles interpreting verbosity
+;                 outside of the logging subsystem.
+;
+; Log levels include the following, and are specified in a comma delineated
+; list:
+;    debug
+;    trace
+;    notice
+;    warning
+;    error
+;    verbose(<level>)
+;    dtmf
+;    fax
+;    security
+;    <customlevel>
+;
+; Verbose takes an optional argument, in the form of an integer level. The
+; verbose level can be set per logfile. Verbose messages with higher levels
+; will not be logged to the file.  If the verbose level is not specified, it
+; will log verbose messages following the current level of the root console.
+;
+; Debug has multiple levels like verbose. However, it is a system wide setting
+; and cannot be specified per logfile. You specify the debug level elsewhere
+; such as the CLI 'core set debug 3', starting Asterisk with '-ddd', or in
+; asterisk.conf 'debug=3'.
+;
+; Special level name "*" means all levels, even dynamic levels registered
+; by modules after the logger has been initialized (this means that loading
+; and unloading modules that create/remove dynamic logger levels will result
+; in these levels being included on filenames that have a level name of "*",
+; without any need to perform a 'logger reload' or similar operation).
+; Note that there is no value in specifying both "*" and specific level names
+; for a filename; the "*" level means all levels.  The only exception is if
+; you need to specify a specific verbose level. e.g, "verbose(3),*".
+;
+; We highly recommend that you DO NOT turn on debug mode if you are simply
+; running a production system.  Debug mode turns on a LOT of extra messages,
+; most of which you are unlikely to understand without an understanding of
+; the underlying code.  Do NOT report debug messages as code issues, unless
+; you have a specific issue that you are attempting to debug.  They are
+; messages for just that -- debugging -- and do not rise to the level of
+; something that merit your attention as an Asterisk administrator.  Both
+; debug and trace messages are also very verbose and can and do fill up
+; logfiles quickly.  This is another reason not to have debug or trace
+; modes on a production system unless you are in the process of debugging
+; a specific issue.
+;
+debug.log => error,warning,notice,verbose,debug
+trace.log => trace
+security.log => security
+;console => notice,warning,error
+console => notice,warning,error,verbose,debug
+messages.log => notice,warning,error
+;full.log => notice,warning,error,debug,verbose,dtmf,fax
+;
+full-json.log => [json]debug,verbose,notice,warning,error,dtmf,fax
+;
+;syslog keyword : This special keyword logs to syslog facility
+;
+;syslog.local0 => notice,warning,error
+;
+; A log level defined in 'custom_levels' above
+;important.log = important

asterisk/pjsip.conf

@@ -0,0 +1,387 @@
+ ;===============TRANSPORT
+[simpletrans]
+type=transport
+protocol=udp
+bind=0.0.0.0
+
+;===============ENDPOINT TEMPLATES
+
+[endpoint-basic](!)
+type=endpoint
+context=openfest
+disallow=all
+allow=alaw
+subscribe_context=HINTS
+allow_subscribe=yes
+
+[endpoint-trunk](!)
+type=endpoint
+context=trunk
+disallow=all
+allow=alaw
+
+
+[auth-userpass](!)
+type=auth
+auth_type=userpass
+
+[aor-single-reg](!)
+type=aor
+max_contacts=1
+
+;========== ATLAS OUT ===============
+[atlas-out](endpoint-trunk)
+type=endpoint
+auth=authAtlas-Out
+outbound_auth=authAtlas-Out
+direct_media=no
+aors=atlas-out
+
+[authAtlas-Out]
+type=auth
+auth_type=userpass
+username=<sip-subscriber>
+password=<sip-subscriber-pass>
+
+[atlas-out]
+type=aor
+contact=sip:<sip-server-ip>:5060
+qualify_frequency=30
+qualify_timeout=5
+
+[atlas-out]
+type=registration
+outbound_auth=authAtlas-Out
+server_uri=sip:<sip-domain>
+client_uri=sip:<user>@<sip-domain>
+
+[authAtlas-Out]
+type=identify
+endpoint=atlas-out
+match=<sip-server-ip>
+
+;===============EXTENSION NOC1
+
+[NOC1](endpoint-basic)
+auth=authNOC1
+aors=NOC1
+
+[authNOC1](auth-userpass)
+password=<some-rand-password>
+username=NOC1
+
+[NOC1](aor-single-reg)
+
+;===============EXTENSION NOC2
+
+[NOC2](endpoint-basic)
+auth=authNOC2
+aors=NOC2
+
+[authNOC2](auth-userpass)
+password=<some-rand-password>
+username=NOC2
+
+[NOC2](aor-single-reg)
+
+;===============EXTENSION REC1
+
+[REC1](endpoint-basic)
+auth=authREC1
+aors=REC1
+
+[authREC1](auth-userpass)
+password=<some-rand-password>
+username=REC1
+
+[REC1](aor-single-reg2
+
+;===============EXTENSION REC2
+
+[REC2](endpoint-basic)
+auth=authREC2
+aors=REC2
+
+[authREC2](auth-userpass)
+password=<some-rand-password>
+username=REC2
+
+[REC2](aor-single-reg)
+
+
+;===============EXTENSION ROOM-A
+
+[ROOM-A](endpoint-basic)
+auth=authROOM-A
+aors=ROOM-A
+
+[authROOM-A](auth-userpass)
+password=<some-rand-password>
+username=ROOM-A
+
+[ROOM-A](aor-single-reg)
+
+;===============EXTENSION ROOM-B
+
+[ROOM-B](endpoint-basic)
+auth=authROOM-B
+aors=ROOM-B
+
+[authROOM-B](auth-userpass)
+password=<some-rand-password>
+username=ROOM-B
+
+[ROOM-B](aor-single-reg)
+
+;===============EXTENSION ROOM-Z
+
+[ROOM-Z](endpoint-basic)
+auth=authROOM-Z
+aors=ROOM-Z
+
+[authROOM-Z](auth-userpass)
+password=<some-rand-password>
+username=ROOM-Z
+
+[ROOM-Z](aor-single-reg)
+
+;===============EXTENSION TEAM
+
+[TEAM](endpoint-basic)
+auth=authTEAM
+aors=TEAM
+
+[authTEAM](auth-userpass)
+password=<some-rand-password>
+username=TEAM
+
+[TEAM](aor-single-reg)
+
+;
+
+
+
+
+
+
+;==============EXTENSION 401
+[401](endpoint-basic)
+auth=auth401
+aors=401
+
+[auth401](auth-userpass)
+password=<some-rand-password>
+username=401
+
+[401](aor-single-reg)
+
+;==============EXTENSION 402
+[402](endpoint-basic)
+auth=auth402
+aors=402
+
+[auth402](auth-userpass)
+password=<some-rand-password>
+username=402
+
+[402](aor-single-reg)
+
+;==============EXTENSION 403
+[403](endpoint-basic)
+auth=auth403
+aors=403
+
+[auth403](auth-userpass)
+password=<some-rand-password>
+username=403
+
+[403](aor-single-reg)
+
+;==============EXTENSION 404
+[404](endpoint-basic)
+auth=auth404
+aors=404
+
+[auth404](auth-userpass)
+password=<some-rand-password>
+username=404
+
+[404](aor-single-reg)
+
+;==============EXTENSION 405
+[405](endpoint-basic)
+auth=auth405
+aors=405
+
+[auth405](auth-userpass)
+password=<some-rand-password>
+username=405
+
+[405](aor-single-reg)
+
+;==============EXTENSION 406
+[406](endpoint-basic)
+auth=auth406
+aors=406
+
+[auth406](auth-userpass)
+password=<some-rand-password>
+username=406
+
+[406](aor-single-reg)
+
+;==============EXTENSION 407
+[407](endpoint-basic)
+auth=auth407
+aors=407
+
+[auth407](auth-userpass)
+password=<some-rand-password>
+username=407
+
+[407](aor-single-reg)
+
+;==============EXTENSION 408
+[408](endpoint-basic)
+auth=auth408
+aors=408
+
+[auth408](auth-userpass)
+password=<some-rand-password>
+username=408
+
+[408](aor-single-reg)
+
+;==============EXTENSION 409
+[409](endpoint-basic)
+auth=auth409
+aors=409
+
+[auth409](auth-userpass)
+password=<some-rand-password>
+username=409
+
+[409](aor-single-reg)
+
+;==============EXTENSION 410
+[410](endpoint-basic)
+auth=auth410
+aors=410
+
+[auth410](auth-userpass)
+password=<some-rand-password>
+username=410
+
+[410](aor-single-reg)
+
+;==============EXTENSION 411
+[411](endpoint-basic)
+auth=auth411
+aors=411
+
+[auth411](auth-userpass)
+password=<some-rand-password>
+username=411
+
+[411](aor-single-reg)
+
+;==============EXTENSION 412
+[412](endpoint-basic)
+auth=auth412
+aors=412
+
+[auth412](auth-userpass)
+password=<some-rand-password>
+username=412
+
+[412](aor-single-reg)
+
+;==============EXTENSION 413
+[413](endpoint-basic)
+auth=auth413
+aors=413
+
+[auth413](auth-userpass)
+password=<some-rand-password>
+username=413
+
+[413](aor-single-reg)
+
+;==============EXTENSION 414
+[414](endpoint-basic)
+auth=auth414
+aors=414
+
+[auth414](auth-userpass)
+password=<some-rand-password>
+username=414
+
+[414](aor-single-reg)
+
+;==============EXTENSION 415
+[415](endpoint-basic)
+auth=auth415
+aors=415
+
+[auth415](auth-userpass)
+password=<some-rand-password>
+username=415
+
+[415](aor-single-reg)
+
+;==============EXTENSION 416
+[416](endpoint-basic)
+auth=auth416
+aors=416
+
+[auth416](auth-userpass)
+password=<some-rand-password>
+username=416
+
+[416](aor-single-reg)
+
+;==============EXTENSION 417
+[417](endpoint-basic)
+auth=auth417
+aors=417
+
+[auth417](auth-userpass)
+password=<some-rand-password>
+username=417
+
+[417](aor-single-reg)
+
+;==============EXTENSION 418
+[418](endpoint-basic)
+auth=auth418
+aors=418
+
+[auth418](auth-userpass)
+password=<some-rand-password>
+username=418
+
+[418](aor-single-reg)
+
+;==============EXTENSION 419
+[419](endpoint-basic)
+auth=auth419
+aors=419
+
+[auth419](auth-userpass)
+password=<some-rand-password>
+username=419
+
+[419](aor-single-reg)
+
+;==============EXTENSION 420
+[420](endpoint-basic)
+auth=auth420
+aors=420
+
+[auth420](auth-userpass)
+password=<some-rand-password>
+username=420
+
+[420](aor-single-reg)
+
+

docs/ip-assignments.md

@@ -0,0 +1,76 @@
+# IP ranges assignments
+
+## VLANs
+ID | IP/Range | Name | Notes
+---|----------|------|---------
+10 | single ip | NAT-ed | Provided by A1
+20 | 10.20.0.0/24 | mgmt |
+21 | 10.21.0.0/22 | wired | wired clients 
+22 | 10.22.0.0/22 | wireless | ap
+23 | 10.23.0.0/24 | video | video team
+24 | 10.24.0.0/24 | overflow | overflow TV's
+25 | 10.25.0.0/24 | reception | Reception related
+26 | 10.26.0.0/24 | VoIP | Phones
+27 | 10.27.0.0/24 | workshop | random ppl
+207| subnets | provided by IPAct
+
+## Assignments
+
+### MGMT
+IP | Name | Notes
+---|------|------
+.1 | sonata | router/services
+.11 | sw-core| CORE
+.11 | core-backup| backu CORE(NO PoE)
+.15 | sw-floor0| floor0 interconnecting switch
+.16 | sw-barier| switch barier
+.21 | sw-voc-a| video team switch room A
+.22 | sw-voc-b| video team switch room B
+.23 | sw-voc-z| video team switch room Z
+.24 | sw-gkc|  GKC switch 
+.25 | sw-rec-ja| Reception switch
+.26 | sw-team| switch for teamroom
+.27 | sw-workshop| switch workshop Floor 0
+.28 | sw-noc| NOC
+.51 | ap-voc-a |
+.52 | ap-ws-front |
+.53 | ap-voc-b |
+.54 | ap-lector-a |
+.55 | ap-lector-b |
+.56 | ap-ws-back |
+.57 | ap-noc|
+.58 | ap-ws0-left |
+.59 | ap-ws0-right |
+.60 | ap-voc-z|
+
+### Video WORK IN PROGRESS
+IP | Name | Notes
+---|------|------
+.1 | sonata |
+
+### Overflow
+IP | Name | Notes
+---|------|------
+.1 | sonata |
+
+### Wired
+IP | Name | Notes
+---|------|------
+.1 | sonata |
+
+### Reception
+IP | Name | Notes
+---|------|------
+.1 | sonata |
+
+### VoIP
+IP | Name | Notes
+---|------|------
+.1 | sonata |
+.10 |phone-noc|
+.11 |phone-voc-a|
+.12 |phone-voc-b|
+.13 |phone-voc-z|
+.14 |phone-rec-ja|
+.15 |phone-rec-z|
+.16 |phone-team|

docs/notes.md

@@ -0,0 +1,16 @@
+GKC ports
+
+Uplink from barier
+
+3th pair of T11. First or Second rack facing the door.
+
+Downlink to JA
+
+3th pair of "Форум". Rack next to uplink
+
+
+JA port
+
+Uplink to Fl0
+
+3th pair of top ODF

etc/dhcpd.conf

@@ -0,0 +1,123 @@
+# dhcpd.conf
+
+default-lease-time 600;
+max-lease-time 7200;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+authoritative;
+
+subnet 10.20.0.0 netmask 255.255.255.0 {
+	option routers 10.20.0.1;
+	option domain-name-servers 10.20.0.1;
+	option domain-name "openfest.org";
+	range 10.20.0.100 10.20.0.250;
+	default-lease-time 7200;
+}
+
+subnet 10.21.0.0 netmask 255.255.252.0 {
+	option routers 10.21.0.1;
+	option domain-name-servers 10.21.0.1;
+	option domain-name "net.openfest.org";
+	range 10.21.0.100 10.21.3.250;
+	default-lease-time 600;
+}
+
+subnet 10.22.0.0 netmask 255.255.252.0 {
+	option routers 10.22.0.1;
+	option domain-name-servers 10.22.0.1;
+	option domain-name "net.openfest.org";
+	range 10.22.0.2 10.22.3.240;
+	default-lease-time 600;
+}
+
+subnet 10.23.0.0 netmask 255.255.255.0 {
+	option routers 10.23.0.1;
+	option domain-name-servers 10.23.0.1;
+	option domain-name "video.openfest.org";
+	range 10.23.0.100 10.23.0.250;
+	default-lease-time 7200;
+}
+
+subnet 10.24.0.0 netmask 255.255.255.0 {
+	option routers 10.24.0.1;
+	option domain-name-servers 10.24.0.1;
+	option domain-name "overflow.openfest.org";
+	range 10.24.0.100 10.24.0.250;
+	default-lease-time 7200;
+}
+
+subnet 10.25.0.0 netmask 255.255.255.0 {
+	option routers 10.25.0.1;
+	option domain-name-servers 10.25.0.1;
+	option domain-name "reception.openfest.org";
+	range 10.25.0.100 10.25.0.250;
+	default-lease-time 7200;
+}
+
+subnet 10.26.0.0 netmask 255.255.255.0 {
+	option routers 10.26.0.1;
+	option domain-name-servers 10.26.0.1;
+	option domain-name "voice.openfest.org";
+	range 10.26.0.100 10.26.0.250;
+	default-lease-time 7200;
+}
+
+subnet 10.27.0.0 netmask 255.255.255.0 {
+	option routers 10.27.0.1;
+	option domain-name-servers 10.27.0.1;
+	option domain-name "ws.openfest.org";
+	range 10.27.0.100 10.27.0.250;
+	default-lease-time 7200;
+}
+
+subnet 10.22.4.0 netmask 255.255.252.0 {
+	option routers 10.22.4.1;
+	option domain-name-servers 10.22.4.1;
+	option domain-name "net.openfest.org";
+	range 10.22.4.2 10.22.7.240;
+	default-lease-time 600;
+}
+
+
+host phone-noc {
+	hardware ethernet 2c:86:d2:10:ce:2d;
+	fixed-address 10.26.0.10;
+}
+
+host phone-voc-a {
+	hardware ethernet 00:9a:d2:c7:38:ba;
+	fixed-address 10.26.0.11;
+}
+
+host phone-voc-b {
+	hardware ethernet e0:2f:6d:60:81:75;
+	fixed-address 10.26.0.12;
+}
+
+host phone-voc-z {
+	hardware ethernet 00:9a:d2:c7:38:e8;
+	fixed-address 10.26.0.13;
+}
+
+host phone-voc-rec-ja {
+	hardware ethernet 00:9a:d2:c7:38:c8;
+	fixed-address 10.26.0.14;
+}
+
+host phone-voc-rec-z {
+	hardware ethernet 00:9a:d2:c7:3a:57;
+	fixed-address 10.26.0.15;
+}
+
+host phone-voc-team {
+	hardware ethernet 00:0e:08:d2:ac:1b;
+	fixed-address 10.26.0.16;
+}
+

etc/firewall

@@ -0,0 +1,48 @@
+# Generated by iptables-save v1.8.9 (nf_tables) on Sat Nov  2 10:52:22 2024
+*filter
+:INPUT ACCEPT [25298:5332366]
+:FORWARD ACCEPT [13306485:21895236661]
+:OUTPUT ACCEPT [379222:49662999]
+:f2b-sshd - [0:0]
+-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
+-A INPUT -p udp -m udp --dport 53 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 67 -j ACCEPT
+-A INPUT -p udp -m udp --dport 67 -j ACCEPT
+-A INPUT -p udp -m udp --dport 123 -j ACCEPT
+-A INPUT -s 10.26.0.0/16 -d 10.26.0.1/32 -p udp -m udp --dport 5060 -j ACCEPT
+-A INPUT -s 10.26.0.0/16 -d 10.26.0.1/32 -p udp -m udp --dport 10000:20000 -j ACCEPT
+-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
+-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
+-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
+-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
+-A INPUT -s 10.20.0.0/16 -d 10.0.0.0/8 -j ACCEPT
+-A INPUT -s 10.16.0.0/12 -d 10.0.0.0/8 -m comment --comment "Unknown traffic" -j LOG
+-A INPUT -i lo -j ACCEPT
+
+-A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT
+-A FORWARD -s 10.21.0.0/16 -d 10.0.0.0/8 -j DROP
+-A FORWARD -s 10.22.0.0/16 -d 10.0.0.0/8 -j DROP
+-A FORWARD -s 10.26.0.0/16 -d 10.0.0.0/8 -j DROP
+-A FORWARD -s 10.27.0.0/16 -d 10.0.0.0/8 -j DROP
+
+-A INPUT -s 10.21.0.0/16 -d 10.0.0.0/8 -j DROP
+-A INPUT -s 10.22.0.0/16 -d 10.0.0.0/8 -j DROP
+-A INPUT -s 10.23.0.0/16 -d 10.0.0.0/8 -j DROP
+-A INPUT -s 10.24.0.0/16 -d 10.0.0.0/8 -j DROP
+-A INPUT -s 10.25.0.0/16 -d 10.0.0.0/8 -j DROP
+-A INPUT -s 10.26.0.0/16 -d 10.0.0.0/8 -j DROP
+-A INPUT -s 10.27.0.0/16 -d 10.0.0.0/8 -j DROP
+-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
+-A f2b-sshd -j RETURN
+COMMIT
+# Completed on Sat Nov  2 10:52:22 2024
+# Generated by iptables-save v1.8.9 (nf_tables) on Sat Nov  2 10:52:22 2024
+*nat
+:PREROUTING ACCEPT [62968:10626577]
+:INPUT ACCEPT [17162:1392257]
+:OUTPUT ACCEPT [35016:2739063]
+:POSTROUTING ACCEPT [27488:2120027]
+-A POSTROUTING -o eno2.207 -j MASQUERADE
+-A POSTROUTING -o eno2.10 -j MASQUERADE
+COMMIT
+# Completed on Sat Nov  2 10:52:22 2024

etc/hosts

@@ -0,0 +1,43 @@
+127.0.0.1	localhost
+
+#local records
+
+10.20.0.1 sonata
+10.20.0.11 sw-core
+10.20.0.12 core-backup
+10.20.0.15 sw-floor0
+10.20.0.16 sw-barier
+10.20.0.21 sw-voc-a
+10.20.0.22 sw-voc-b
+10.20.0.23 sw-voc-z
+10.20.0.24 sw-gkc
+10.20.0.25 sw-rec-ja
+10.20.0.26 sw-team
+10.20.0.27 sw-workshop
+10.20.0.28 sw-noc
+
+10.20.0.51 ap-voc-a
+10.20.0.52 ap-ws-front
+10.20.0.53 ap-voc-b
+10.20.0.54 ap-lector-a
+10.20.0.55 ap-lector-b
+10.20.0.56 ap-ws-back
+10.20.0.57 ap-noc
+10.20.0.58 ap-ws0-left
+10.20.0.59 ap-ws0-right
+10.20.0.60 ap-voc-z
+
+10.26.0.10 phone-noc
+10.26.0.11 phone-voc-a
+10.26.0.12 phone-voc-b
+10.26.0.13 phone-voc-z
+10.26.0.14 phone-rec-ja
+10.26.0.15 phone-rec-z
+10.26.0.16 phone-team
+
+10.23.0.1 sonata
+10.24.0.1 sonata
+10.25.0.1 sonata
+10.26.0.1 sonata
+10.27.0.1 sonata
+

etc/interfaces

@@ -0,0 +1,307 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+allow-hotplug eno1
+
+allow-hotplug eno2
+
+# A1 backup
+auto eno2.10
+iface eno2.10 inet dhcp
+
+auto eno2.20
+iface eno2.20 inet static
+	address 10.20.0.1/24
+
+auto eno2.207
+iface eno2.207 inet static
+	address @_ADDRESS_@/@_PREFIX_@
+	post-up /sbin/ip r add 1.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 2.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 3.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 4.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 5.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 6.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 7.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 8.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 9.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 11.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 12.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 13.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 14.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 15.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 16.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 17.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 18.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 19.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 20.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 21.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 22.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 23.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 24.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 25.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 26.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 27.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 28.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 29.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 30.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 31.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 32.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 33.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 34.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 35.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 36.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 37.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 38.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 39.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 40.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 41.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 42.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 43.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 44.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 45.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 46.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 47.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 48.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 49.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 50.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 51.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 52.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 53.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 54.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 55.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 56.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 57.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 58.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 59.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 60.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 61.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 62.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 63.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 64.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 65.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 66.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 67.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 68.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 69.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 70.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 71.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 72.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 73.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 74.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 75.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 76.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 77.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 78.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 79.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 80.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 81.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 82.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 83.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 84.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 85.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 86.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 87.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 88.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 89.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 90.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 91.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 92.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 93.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 94.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 95.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 96.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 97.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 98.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 99.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 100.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 101.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 102.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 103.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 104.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 105.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 106.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 107.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 108.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 109.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 110.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 111.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 112.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 113.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 114.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 115.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 116.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 117.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 118.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 119.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 120.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 121.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 122.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 123.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 124.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 125.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 126.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 127.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 128.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 129.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 130.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 131.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 132.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 133.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 134.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 135.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 136.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 137.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 138.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 139.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 140.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 141.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 142.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 143.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 144.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 145.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 146.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 147.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 148.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 149.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 150.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 151.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 152.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 153.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 154.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 155.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 156.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 157.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 158.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 159.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 160.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 161.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 162.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 163.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 164.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 165.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 166.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 167.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 168.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 169.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 170.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 171.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 172.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 173.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 174.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 175.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 176.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 177.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 178.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 179.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 180.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 181.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 182.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 183.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 184.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 185.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 186.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 187.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 188.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 189.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 190.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 191.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 192.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 193.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 194.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 195.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 196.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 197.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 198.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 199.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 200.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 201.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 202.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 203.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 204.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 205.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 206.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 207.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 208.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 209.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 210.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 211.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 212.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 213.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 214.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 215.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 216.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 217.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 218.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 219.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 220.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 221.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 222.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 223.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 224.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 225.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 226.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 227.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 228.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 229.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 230.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 231.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 232.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 233.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 234.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 235.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 236.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 237.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 238.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 239.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 240.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 241.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 242.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 243.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 244.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 245.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 246.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 247.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 248.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 249.0.0.0/8 via @_GATEWAY_@
+	post-up /sbin/ip r add 250.0.0.0/8 via @_GATEWAY_@
+
+auto eno2.21
+iface eno2.21 inet static
+	address 10.21.0.1/24
+
+auto eno2.22
+iface eno2.22 inet static
+	address 10.22.0.1/22
+
+auto eno2.23
+iface eno2.23 inet static
+	address 10.23.0.1/24
+
+auto eno2.24
+iface eno2.24 inet static
+	address 10.24.0.1/24
+
+auto eno2.25
+iface eno2.25 inet static
+	address 10.25.0.1/24
+
+auto eno2.26
+iface eno2.26 inet static
+	address 10.26.0.1/24
+
+auto eno2.27
+iface eno2.27 inet static
+	address 10.27.0.1/24
+
+auto eno2.28
+iface eno2.28 inet static
+	address 10.22.4.1/22
+

etc/unbound.conf

@@ -0,0 +1,35 @@
+# Unbound configuration file for Debian.
+#
+# See the unbound.conf(5) man page.
+#
+# See /usr/share/doc/unbound/examples/unbound.conf for a commented
+# reference config file.
+#
+# The following line includes additional configuration files from the
+# /etc/unbound/unbound.conf.d directory.
+
+server:
+    interface: 0.0.0.0                       # Listen on all interfaces
+    access-control: 0.0.0.0/0 allow          # Allow access from all networks
+    verbosity: 1                             # Set verbosity for easier troubleshooting (optional)
+
+    # Enable caching
+    msg-cache-size: 50m                      # Message cache size (adjust as needed)
+    rrset-cache-size: 100m                   # Resource record set cache size (adjust as needed)
+    cache-max-ttl: 86400                     # Max time-to-live for cache (1 day)
+    cache-min-ttl: 3600                      # Min time-to-live for cache (1 hour)
+
+    # Timeout settings for faster fallback if cache/local records fail
+    infra-host-ttl: 60                       # Cache infrastructure hosts for 1 minute
+    infra-lame-ttl: 600                      # Cache lame delegations for 10 minutes
+    do-ip4: yes                              # Only use IPv4 if your ISP DNS does not support IPv6
+    do-ip6: no                               # Disable IPv6 if not needed
+    do-udp: yes                              # Enable UDP for DNS
+    do-tcp: yes                              # Enable TCP for DNS
+
+forward-zone:
+    name: "."                                # Forward all other queries
+    forward-addr: 8.8.8.8                # Primary ISP DNS server
+    forward-addr: 1.1.1.1                # Secondary ISP DNS server
+
+include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"

etc/wifi-provisioning/README.md

@@ -0,0 +1,3 @@
+Configuration files for wifi provosioning
+
+Should be in /etc/wifi-provisioning

etc/wifi-provisioning/config.json

@@ -0,0 +1,82 @@
+{
+  "1": {
+    "name": "ap-voc-a",
+    "ip_addr": "10.20.0.51",
+    "wifi_channel_24": 13,
+    "wifi_channel_5": 128,
+    "power_24": 20,
+    "power_5": 22
+  },
+  "2": {
+    "name": "ap-ws-front",
+    "ip_addr": "10.20.0.52",
+    "wifi_channel_24": 1,
+    "wifi_channel_5": 116,
+    "power_24": 16,
+    "power_5": 19
+  },
+  "3": {
+    "name": "ap-voc-b",
+    "ip_addr": "10.20.0.53",
+    "wifi_channel_24": 1,
+    "wifi_channel_5": 108,
+    "power_24": 20,
+    "power_5": 21
+  },
+  "4": {
+    "name": "ap-lector-a",
+    "ip_addr": "10.20.0.54",
+    "wifi_channel_24": 5,
+    "wifi_channel_5": 64,
+    "power_24": 17,
+    "power_5": 22
+  },
+  "5": {
+    "name": "ap-lector-b",
+    "ip_addr": "10.20.0.55",
+    "wifi_channel_24": 9,
+    "wifi_channel_5": 120,
+    "power_24": 11,
+    "power_5": 14
+  },
+  "6": {
+    "name": "ap-ws-back",
+    "ip_addr": "10.20.0.56",
+    "wifi_channel_24": 9,
+    "wifi_channel_5": 100,
+    "power_24": 16,
+    "power_5": 8
+  },
+  "7": {
+    "name": "ap-noc",
+    "ip_addr": "10.20.0.57",
+    "wifi_channel_24": 6,
+    "wifi_channel_5": 132,
+    "power_24": 14,
+    "power_5": 7
+  },
+  "8": {
+    "name": "ap-ws0-left",
+    "ip_addr": "10.20.0.58",
+    "wifi_channel_24": 1,
+    "wifi_channel_5": 116,
+    "power_24": 15,
+    "power_5": 20
+  },
+  "9": {
+    "name": "ap-ws0-right",
+    "ip_addr": "10.20.0.59",
+    "wifi_channel_24": 11,
+    "wifi_channel_5": 100,
+    "power_24": 14,
+    "power_5": 13
+  },
+  "11": {
+    "name": "ap-voc-z",
+    "ip_addr": "10.20.0.60",
+    "wifi_channel_24": 8,
+    "wifi_channel_5": 132,
+    "power_24": 20,
+    "power_5": 22
+  }
+}

etc/wifi-provisioning/devices.json

@@ -0,0 +1 @@
+{"40:18:b1:24:72:c0":"AP121","40:18:b1:23:7a:c0":"AP121","40:18:b1:23:7b:40":"AP121","f0:9c:e9:aa:39:c0":"AP121","40:18:b1:f5:96:c0":"AP121","40:18:b1:05:8e:40":"AP121","40:18:b1:23:6d:00":"AP121","c4:12:f5:a7:d2:00":"DAP","c4:12:f5:a6:63:70":"DAP","9c:d6:43:2d:b8:e0":"DAP","9c:d6:43:27:5f:70":"DAP","9c:d6:43:2d:b9:30":"DAP","f0:9c:e9:aa:90:00":"AP121"}

etc/wifi-provisioning/mapping.json

@@ -0,0 +1,12 @@
+{
+  "40:18:b1:24:72:c0": 1,
+  "40:18:b1:23:7a:c0": 2,
+  "40:18:b1:23:7b:40": 3,
+  "f0:9c:e9:aa:39:c0": 8,
+  "40:18:b1:23:6d:00": 9,
+  "40:18:b1:05:8e:40": 11,
+  "c4:12:f5:a7:d2:00": 4,
+  "c4:12:f5:a6:63:70": 5,
+  "9c:d6:43:2d:b8:e0": 6,
+  "9c:d6:43:27:5f:70": 7
+}

etc/wifi-provisioning/templates/AP121_TEMPLATE

@@ -0,0 +1,21 @@
+#!/bin/ash
+
+uci set network.mngmnt.proto='static'                                                                         
+uci set network.mngmnt.ipaddr='{{ip_addr}}'                                                                  
+uci set network.mngmnt.netmask='255.255.255.0'                                                                
+uci set network.mngmnt.gateway='10.20.0.1'
+uci set system.@system[0].hostname='{{name}}' #validate A..Z a..z 0..9 _
+uci set wireless.radio0.disabled='0'
+uci set wireless.radio1.disabled='0'
+uci set wireless.radio0.channel='{{wifi_channel_24}}' #validate {1..13}
+uci set wireless.radio1.channel='{{wifi_channel_5}}'  #validate {36..64}{100..140}{149..165} през 4
+uci set wireless.radio0.txpower='{{power_24}}'
+uci set wireless.radio1.txpower='{{power_5}}'
+
+uci commit
+
+/etc/init.d/system restart
+/etc/init.d/network restart
+/etc/init.d/wpad restart
+/sbin/wifi reload
+/sbin/wifi up

etc/wifi-provisioning/templates/DAP_TEMPLATE

@@ -0,0 +1,22 @@
+#!/bin/ash
+
+uci set network.lan.proto='static'                                                                         
+uci set network.lan.ipaddr='{{ip_addr}}'                                                                  
+uci set network.lan.netmask='255.255.255.0'                                                                
+uci set network.lan.gateway='10.20.0.1'
+uci set system.@system[0].hostname='{{name}}' #validate A..Z a..z 0..9 _
+uci set wireless.radio0.disabled='0'
+uci set wireless.radio1.disabled='0'
+uci set wireless.radio0.channel='{{wifi_channel_5}}'  #validate {36..64}{100..140}{149..165} през 4
+uci set wireless.radio1.channel='{{wifi_channel_24}}' #validate {1..13}
+uci set wireless.radio0.txpower='{{power_5}}'
+uci set wireless.radio1.txpower='{{power_24}}'
+
+uci commit
+
+/etc/init.d/system restart
+/etc/init.d/network restart
+/etc/init.d/wpad restart
+/sbin/wifi reload
+/sbin/wifi up
+

switch-configs/barrier.md

@@ -0,0 +1,143 @@
+!TL-SG3210
+#
+vlan 20,207,666,999
+#
+vlan 20
+name "of-mgmt"
+#
+vlan 207
+name "ipact"
+#
+vlan 666
+name "uplink/ipacct"
+#
+#
+#
+#
+hostname "barrier"
+#
+mac address-table aging-time 300
+#
+logging buffer 6
+no logging file flash
+#
+enable secret @_pass_@
+#
+system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4
+#
+spanning-tree mode rstp
+#
+#
+user name admin privilege admin secret 0 @_pass_@
+user name root privilege admin secret 0 @_pass_@
+#
+#
+#
+#
+#
+#
+snmp-server
+snmp-server community "@_community_@" read-only "viewDefault"
+#
+interface gigabitEthernet 1/0/1
+  switchport access vlan 20
+#
+interface gigabitEthernet 1/0/2
+  switchport access vlan 207
+#
+interface gigabitEthernet 1/0/3
+#
+interface gigabitEthernet 1/0/4
+#
+interface gigabitEthernet 1/0/5
+#
+interface gigabitEthernet 1/0/6
+#
+interface gigabitEthernet 1/0/7
+#
+interface gigabitEthernet 1/0/8
+#
+interface gigabitEthernet 1/0/9
+  switchport mode trunk
+  switchport trunk allowed vlan 20,207,666,999
+  description "downlink/gkc"
+  speed 1000
+  duplex full
+#
+interface gigabitEthernet 1/0/10
+  switchport mode trunk
+  switchport trunk allowed vlan 20,207,666,999
+  description "uplink/ipacct"
+  speed 1000
+  duplex full
+#
+ip management-vlan 20
+interface vlan 20
+ip address 10.20.0.16 255.255.255.0 10.20.0.1
+#
+#
+line vty 0 0
+password @_pass_@
+login
+#
+line vty 1 1
+password @_pass_@
+login
+#
+line vty 2 2
+password @_pass_@
+login
+#
+line vty 3 3
+password @_pass_@
+login
+#
+line vty 4 4
+password @_pass_@
+login
+#
+line vty 5 5
+password @_pass_@
+login
+#
+line vty 6 6
+password @_pass_@
+login
+#
+line vty 7 7
+password @_pass_@
+login
+#
+line vty 8 8
+password @_pass_@
+login
+#
+line vty 9 9
+password @_pass_@
+login
+#
+line vty 10 10
+password @_pass_@
+login
+#
+line vty 11 11
+password @_pass_@
+login
+#
+line vty 12 12
+password @_pass_@
+login
+#
+line vty 13 13
+password @_pass_@
+login
+#
+line vty 14 14
+password @_pass_@
+login
+#
+line vty 15 15
+password @_pass_@
+login
+#
+end

switch-configs/core-sw.md

@@ -0,0 +1,435 @@
+!
+version 12.2
+no service pad
+service timestamps debug uptime
+service timestamps log datetime msec
+no service password-encryption
+service sequence-numbers
+service unsupported-transceiver
+!
+hostname core-sw
+!
+boot-start-marker
+boot-end-marker
+!
+enable password @_pass_@
+!
+!
+!
+no aaa new-model
+switch 1 provision ws-c3750e-48pd
+system mtu routing 1500
+ip routing
+!
+!
+ip name-server 10.20.0.2
+ip name-server 10.20.0.1
+vtp mode off
+!
+!
+spanning-tree mode rapid-pvst
+spanning-tree extend system-id
+no spanning-tree vlan 999
+spanning-tree vlan 1,10,20-27 priority 0
+!
+!
+vlan internal allocation policy ascending
+!
+vlan 10
+ name of-ext
+!
+vlan 20
+ name of-mgmt
+!
+vlan 21
+ name of-wired
+!
+vlan 22
+ name of-wifi
+!
+vlan 23
+ name of-video
+!
+vlan 24
+ name of-overflow
+!
+vlan 25
+ name of-reception
+!
+vlan 26
+ name of-phone
+!
+vlan 27
+ name of-workshop
+!
+vlan 207
+ name ipacct207
+!
+vlan 999
+ name ipacct
+!
+lldp run
+!
+!
+!
+interface FastEthernet0
+ no ip address
+ no ip route-cache cef
+ no ip route-cache
+ no ip mroute-cache
+!
+interface GigabitEthernet1/0/1
+ description Debug
+ switchport access vlan 20
+ switchport mode access
+ switchport nonegotiate
+ spanning-tree portfast
+ spanning-tree bpdufilter enable
+ spanning-tree bpduguard enable
+!
+interface GigabitEthernet1/0/2
+ description Debug
+ switchport access vlan 20
+ switchport mode access
+ switchport nonegotiate
+ spanning-tree portfast
+ spanning-tree bpdufilter enable
+ spanning-tree bpduguard enable
+!
+interface GigabitEthernet1/0/3
+!
+interface GigabitEthernet1/0/4
+ switchport access vlan 21
+ switchport mode access
+ switchport nonegotiate
+ spanning-tree bpdufilter enable
+ spanning-tree bpduguard enable
+!
+interface GigabitEthernet1/0/5
+ switchport access vlan 21
+ switchport mode access
+ switchport nonegotiate
+ spanning-tree bpdufilter enable
+ spanning-tree bpduguard enable
+!
+interface GigabitEthernet1/0/6
+!
+interface GigabitEthernet1/0/7
+ switchport access vlan 24
+ switchport mode access
+!
+interface GigabitEthernet1/0/8
+!
+interface GigabitEthernet1/0/9
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/10
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/11
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/12
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/13
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/14
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/15
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/16
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/17
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/18
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/19
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/20
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/21
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/22
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/23
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/24
+ description switch
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/25
+ description AP
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/26
+ description AP
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/27
+ description AP
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/28
+ description AP
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/29
+ description AP
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/30
+ description AP
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/31
+ description AP
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/32
+ description AP
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/33
+ description AP
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/34
+ description AP
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/35
+ description AP
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/36
+ description AP
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/37
+!
+interface GigabitEthernet1/0/38
+!
+interface GigabitEthernet1/0/39
+!
+interface GigabitEthernet1/0/40
+!
+interface GigabitEthernet1/0/41
+!
+interface GigabitEthernet1/0/42
+!
+interface GigabitEthernet1/0/43
+ switchport access vlan 10
+ switchport mode access
+ switchport nonegotiate
+ spanning-tree portfast
+ spanning-tree bpdufilter enable
+ spanning-tree bpduguard enable
+!
+interface GigabitEthernet1/0/44
+ switchport access vlan 10
+ switchport mode access
+ switchport nonegotiate
+ spanning-tree portfast
+ spanning-tree bpdufilter enable
+ spanning-tree bpduguard enable
+!
+interface GigabitEthernet1/0/45
+ description server mirror
+ switchport access vlan 22
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-27,999
+ switchport mode access
+ switchport nonegotiate
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/46
+ description server
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-27,999
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/47
+ description server-IPMI
+ switchport access vlan 10
+ switchport mode access
+ switchport nonegotiate
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/48
+ description server
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 10,20-28,207,999
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface GigabitEthernet1/0/49
+!
+interface GigabitEthernet1/0/50
+!
+interface GigabitEthernet1/0/51
+ description floor0-sw
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 20-28,207,999
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet1/0/52
+ description uplink-gkc
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 20-28,207,999
+ switchport mode trunk
+ no cdp enable
+ no lldp transmit
+ spanning-tree portfast trunk
+ spanning-tree bpdufilter enable
+ spanning-tree bpduguard enable
+!
+interface TenGigabitEthernet1/0/1
+ description server
+ switchport trunk encapsulation dot1q
+ switchport mode trunk
+ spanning-tree portfast trunk
+!
+interface TenGigabitEthernet1/0/2
+!
+interface Vlan1
+ no ip address
+!
+interface Vlan20
+ ip address 10.20.0.11 255.255.255.0
+!
+ip default-gateway 10.20.0.1
+ip classless
+!
+no ip http server
+no ip http secure-server
+!
+logging history informational
+logging 10.20.0.1
+!
+snmp-server community @_community_@ RO
+snmp-server enable traps license
+!
+!
+line con 0
+line vty 0 4
+ password @_pass_@
+ login
+line vty 5 15
+ password @_pass_@
+ login
+!
+end
+

switch-configs/floor0.md

@@ -0,0 +1,145 @@
+!TL-SG2210MP
+#
+vlan 20
+        name "managment"
+#
+vlan 21
+        name "wired"
+#
+vlan 22
+        name "wireless"
+#
+vlan 23
+        name "video"
+#
+vlan 24
+        name "overflow"
+#
+vlan 25
+        name "reception"
+#
+vlan 26
+        name "voice"
+#
+vlan 27
+        name "other"
+#
+vlan 28
+        name "wired2"
+#
+#
+#
+#
+#
+#
+#
+#
+#
+#
+#
+#
+#
+#
+#
+#
+#
+#
+#
+#
+#
+hostname "sw-floor0"
+#
+#
+system-time ntp UTC+08:00 133.100.9.2 139.78.100.163 12 199.165.76.11 140.142.16.34 128.138.140.44
+no system-time dst
+#
+#
+#
+user name admin privilege admin password 0 @_pass_@
+enable password 0 @_pass_@
+no service reset-disable
+#
+#
+#
+#
+#
+#
+#
+#
+#
+snmp-server
+snmp-server community "@_community_@" read-only "viewDefault"
+#
+#
+#
+#
+power inline consumption 150.0
+#
+#
+
+#
+#
+loopback-detection
+#
+#
+#
+#
+#
+#
+#
+no controller cloud-based
+no controller cloud-based privacy-policy
+interface vlan 1
+  ip address-alloc dhcp
+  no ipv6 enable
+#
+interface vlan 20
+  ip address 10.20.0.15 255.255.255.0
+  no ipv6 enable
+#
+interface gigabitEthernet 1/0/1
+  switchport general allowed vlan 20,22,28 tagged
+
+#
+interface gigabitEthernet 1/0/2
+  switchport general allowed vlan 20,22,28 tagged
+
+#
+interface gigabitEthernet 1/0/3
+  switchport general allowed vlan 26 untagged
+  no switchport general allowed vlan 1
+
+#
+interface gigabitEthernet 1/0/4
+  switchport general allowed vlan 1,20,27 tagged
+  switchport pvid 20
+
+#
+interface gigabitEthernet 1/0/5
+  switchport general allowed vlan 1,24 tagged
+
+#
+interface gigabitEthernet 1/0/6
+  switchport general allowed vlan 1,20,22,28 tagged
+
+#
+interface gigabitEthernet 1/0/7
+  switchport general allowed vlan 1,20,22,28 tagged
+
+#
+interface gigabitEthernet 1/0/8
+  switchport general allowed vlan 20-28 tagged
+  switchport pvid 20
+
+  power inline supply disable
+#
+interface gigabitEthernet 1/0/9
+  switchport general allowed vlan 20-28 tagged
+
+#
+interface gigabitEthernet 1/0/10
+  switchport general allowed vlan 20-28 tagged
+
+#
+end
+

switch-configs/gkc.md

@@ -0,0 +1,172 @@
+!TL-SG3210
+#
+vlan 20-28,207,666
+#
+vlan 20
+name "of-mgmt"
+#
+vlan 21
+name "of-wired"
+#
+vlan 22
+name "of-wifi"
+#
+vlan 23
+name "of-video"
+#
+vlan 24
+name "of-overflow"
+#
+vlan 25
+name "of-reception"
+#
+vlan 26
+name "of-phone"
+#
+vlan 27
+name "of-workshop"
+#
+vlan 28
+name "wireless2"
+#
+vlan 207
+name "ipact"
+#
+vlan 666
+name "uplink/ipacct"
+#
+#
+#
+#
+hostname "gkc"
+contact-info ""
+#
+mac address-table aging-time 300
+#
+logging buffer 6
+no logging file flash
+logging host index 1 10.20.0.1 6
+#
+enable secret @_pass_@
+#
+system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4
+#
+spanning-tree mode rstp
+#
+#
+user name admin privilege admin secret 0 @_pass_@
+user name root privilege admin secret 0 @_pass_@
+#
+#
+#
+#
+#
+#
+snmp-server
+snmp-server community "@_community_@" read-only "viewDefault"
+#
+interface gigabitEthernet 1/0/1
+  switchport access vlan 20
+#
+interface gigabitEthernet 1/0/2
+#
+interface gigabitEthernet 1/0/3
+#
+interface gigabitEthernet 1/0/4
+#
+interface gigabitEthernet 1/0/5
+#
+interface gigabitEthernet 1/0/6
+#
+interface gigabitEthernet 1/0/7
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/8
+  switchport mode trunk
+  switchport trunk allowed vlan 20-28
+  description "downlink/voc-z"
+#
+interface gigabitEthernet 1/0/9
+  switchport mode trunk
+  switchport trunk allowed vlan 20-28,207,666
+  description "downlink/coresw"
+  speed 1000
+  duplex full
+#
+interface gigabitEthernet 1/0/10
+  switchport mode trunk
+  switchport trunk allowed vlan 20-28,207,666
+  description "uplink/barrier"
+  speed 1000
+  duplex full
+#
+ip management-vlan 20
+interface vlan 20
+ip address 10.20.0.24 255.255.255.0 10.20.0.1
+#
+#
+line vty 0 0
+password @_pass_@
+login
+#
+line vty 1 1
+password @_pass_@
+login
+#
+line vty 2 2
+password @_pass_@
+login
+#
+line vty 3 3
+password @_pass_@
+login
+#
+line vty 4 4
+password @_pass_@
+login
+#
+line vty 5 5
+password @_pass_@
+login
+#
+line vty 6 6
+password @_pass_@
+login
+#
+line vty 7 7
+password @_pass_@
+login
+#
+line vty 8 8
+password @_pass_@
+login
+#
+line vty 9 9
+password @_pass_@
+login
+#
+line vty 10 10
+password @_pass_@
+login
+#
+line vty 11 11
+password @_pass_@
+login
+#
+line vty 12 12
+password @_pass_@
+login
+#
+line vty 13 13
+password @_pass_@
+login
+#
+line vty 14 14
+password @_pass_@
+login
+#
+line vty 15 15
+password @_pass_@
+login
+#
+end

switch-configs/noc.md

@@ -0,0 +1,166 @@
+!
+version 12.2
+no service pad
+service timestamps debug uptime
+service timestamps log uptime
+no service password-encryption
+!
+hostname noc-sw
+!
+enable secret @_pass_@
+!
+no aaa new-model
+ip subnet-zero
+!
+!
+!
+!
+!
+!
+spanning-tree mode pvst
+spanning-tree extend system-id
+!
+vlan internal allocation policy ascending
+!
+!
+!
+!
+!
+!
+interface FastEthernet0/1
+ switchport access vlan 22
+ switchport mode access
+!
+interface FastEthernet0/2
+ switchport access vlan 22
+ switchport mode access
+!
+interface FastEthernet0/3
+ switchport access vlan 23
+ switchport mode access
+!
+interface FastEthernet0/4
+ switchport access vlan 23
+ switchport mode access
+!
+interface FastEthernet0/5
+ switchport access vlan 24
+ switchport mode access
+!
+interface FastEthernet0/6
+ switchport access vlan 24
+ switchport mode access
+!
+interface FastEthernet0/7
+ switchport access vlan 25
+ switchport mode access
+!
+interface FastEthernet0/8
+ switchport access vlan 25
+ switchport mode access
+!
+interface FastEthernet0/9
+ switchport access vlan 26
+ switchport mode access
+!
+interface FastEthernet0/10
+ switchport access vlan 26
+ switchport mode access
+!
+interface FastEthernet0/11
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/12
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/13
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/14
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/15
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/16
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/17
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/18
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/19
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/20
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/21
+ switchport access vlan 20
+ switchport mode access
+!
+interface FastEthernet0/22
+ switchport access vlan 20
+ switchport mode access
+!
+interface FastEthernet0/23
+ description "noc ap"
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 20,22
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface FastEthernet0/24
+ description "uplink fl0"
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 20-27
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet0/1
+ switchport mode dynamic desirable
+!
+interface GigabitEthernet0/2
+ switchport mode dynamic desirable
+!
+interface Vlan1
+ no ip address
+ shutdown
+!
+interface Vlan20
+ ip address 10.20.0.28 255.255.255.0
+!
+ip default-gateway 10.20.0.1
+ip classless
+no ip http server
+no ip http secure-server
+!
+!
+logging 10.20.0.1
+snmp-server community @_community_@ RO
+!
+control-plane
+!
+!
+line con 0
+line vty 0 4
+ password @_pass_@
+ login
+line vty 5 15
+ password @_pass_@
+ login
+!
+end
+

switch-configs/rec-ja.md

@@ -0,0 +1,176 @@
+!TL-SG3210
+#
+vlan 20-27
+#
+vlan 20
+name "of-mgmt"
+#
+vlan 21
+name "of-wired"
+#
+vlan 22
+name "of-wifi"
+#
+vlan 23
+name "of-video"
+#
+vlan 24
+name "of-overflow"
+#
+vlan 25
+name "of-reception"
+#
+vlan 26
+name "of-phone"
+#
+vlan 27
+name "of-workshop"
+#
+#
+#
+#
+hostname "reception-JA"
+#
+mac address-table aging-time 300
+#
+logging buffer 6
+no logging file flash
+logging host index 1 10.20.0.1 6
+#
+enable password @_pass_@
+#
+system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4
+#
+spanning-tree mode rstp
+#
+#
+#
+#
+#
+#
+#
+#
+snmp-server
+snmp-server community @_community_@ read-only viewDefault
+#
+#
+interface gigabitEthernet 1/0/1
+  switchport access vlan 26
+
+
+#
+interface gigabitEthernet 1/0/2
+  switchport access vlan 25
+
+
+#
+interface gigabitEthernet 1/0/3
+  switchport access vlan 25
+
+
+#
+interface gigabitEthernet 1/0/4
+  switchport access vlan 25
+
+
+#
+interface gigabitEthernet 1/0/5
+  switchport access vlan 25
+
+
+#
+interface gigabitEthernet 1/0/6
+  switchport access vlan 25
+
+
+#
+interface gigabitEthernet 1/0/7
+  switchport access vlan 25
+
+
+#
+interface gigabitEthernet 1/0/8
+  switchport mode trunk
+  switchport trunk allowed vlan 20-27
+  description "uplink/coresw"
+
+
+#
+interface gigabitEthernet 1/0/9
+  speed 1000
+
+#
+interface gigabitEthernet 1/0/10
+  speed 1000
+
+#
+ip management-vlan 20
+interface vlan 20
+ip address 10.20.0.25 255.255.255.0 10.20.0.1
+#
+line vty 0 0
+password @_pass_@
+login
+#
+line vty 1 1
+password @_pass_@
+login
+#
+line vty 2 2
+password @_pass_@
+login
+#
+line vty 3 3
+password @_pass_@
+login
+#
+line vty 4 4
+password @_pass_@
+login
+#
+line vty 5 5
+password @_pass_@
+login
+#
+line vty 6 6
+password @_pass_@
+login
+#
+line vty 7 7
+password @_pass_@
+login
+#
+line vty 8 8
+password @_pass_@
+login
+#
+line vty 9 9
+password @_pass_@
+login
+#
+line vty 10 10
+password @_pass_@
+login
+#
+line vty 11 11
+password @_pass_@
+login
+#
+line vty 12 12
+password @_pass_@
+login
+#
+line vty 13 13
+password @_pass_@
+login
+#
+line vty 14 14
+password @_pass_@
+login
+#
+line vty 15 15
+password @_pass_@
+login
+#
+end
+

switch-configs/team.md

@@ -0,0 +1,167 @@
+!
+version 15.0
+no service pad
+service timestamps debug datetime msec
+service timestamps log datetime msec
+no service password-encryption
+service unsupported-transceiver
+!
+hostname team-sw
+!
+boot-start-marker
+boot-end-marker
+!
+enable password @_pass_@
+!
+no aaa new-model
+system mtu routing 1500
+!
+!
+ip name-server 10.20.0.1
+cluster enable of 0
+!
+!
+!
+!
+spanning-tree mode pvst
+spanning-tree extend system-id
+!
+vlan internal allocation policy ascending
+!
+!
+!
+!
+!
+interface FastEthernet0/1
+ switchport access vlan 26
+ switchport mode access
+!
+interface FastEthernet0/2
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/3
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/4
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/5
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/6
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/7
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/8
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/9
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/10
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/11
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/12
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/13
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/14
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/15
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/16
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/17
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/18
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/19
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/20
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/21
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/22
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/23
+ switchport access vlan 21
+ switchport mode access
+!
+interface FastEthernet0/24
+ switchport access vlan 21
+ switchport mode access
+!
+interface GigabitEthernet0/1
+ switchport trunk allowed vlan 20-27
+ switchport mode trunk
+ switchport nonegotiate
+ shutdown
+!
+interface GigabitEthernet0/2
+ switchport trunk allowed vlan 20-27
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface Vlan1
+ no ip address
+ no ip route-cache
+ shutdown
+!
+interface Vlan20
+ ip address 10.20.0.26 255.255.255.0
+ no ip route-cache
+!
+ip default-gateway 10.20.0.1
+no ip http server
+no ip http secure-server
+logging host 10.20.0.1 session-id hostname
+snmp-server community @_community_@ RO
+!
+!
+line con 0
+line vty 0 4
+ password @_pass_@
+ login
+line vty 5 15
+ password @_pass_@
+ login
+!
+end
+

switch-configs/voc-a.md

@@ -0,0 +1,161 @@
+!TL-SG3210
+#
+vlan 20-27
+#
+vlan 20
+name "of-mgmt"
+#
+vlan 21
+name "of-wired"
+#
+vlan 22
+name "of-wifi"
+#
+vlan 23
+name "of-video"
+#
+vlan 24
+name "of-overflow"
+#
+vlan 25
+name "of-reception"
+#
+vlan 26
+name "of-phone"
+#
+vlan 27
+name "of-workshop"
+#
+#
+#
+#
+hostname "vocsw-A"
+#
+mac address-table aging-time 300
+#
+logging buffer 6
+no logging file flash
+logging host index 1 10.20.0.1 6
+#
+enable secret @_pass_@
+#
+system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4
+#
+spanning-tree mode rstp
+#
+#
+user name admin privilege admin secret @_pass_@
+user name root privilege admin secret @_pass_@
+#
+#
+#
+#
+#
+#
+snmp-server
+snmp-server community "@_community_@" read-only "viewDefault"
+#
+interface gigabitEthernet 1/0/1
+  switchport access vlan 26
+#
+interface gigabitEthernet 1/0/2
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/3
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/4
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/5
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/6
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/7
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/8
+  switchport mode trunk
+  switchport trunk allowed vlan 20-27
+  description "uplink/coresw"
+#
+interface gigabitEthernet 1/0/9
+  speed 1000
+  duplex full
+#
+interface gigabitEthernet 1/0/10
+  speed 1000
+  duplex full
+#
+ip management-vlan 20
+interface vlan 20
+ip address 10.20.0.21 255.255.255.0 10.20.0.1
+#
+#
+line vty 0 0
+password @_pass_@
+login
+#
+line vty 1 1
+password @_pass_@
+login
+#
+line vty 2 2
+password @_pass_@
+login
+#
+line vty 3 3
+password @_pass_@
+login
+#
+line vty 4 4
+password @_pass_@
+login
+#
+line vty 5 5
+password @_pass_@
+login
+#
+line vty 6 6
+password @_pass_@
+login
+#
+line vty 7 7
+password @_pass_@
+login
+#
+line vty 8 8
+password @_pass_@
+login
+#
+line vty 9 9
+password @_pass_@
+login
+#
+line vty 10 10
+password @_pass_@
+login
+#
+line vty 11 11
+password @_pass_@
+login
+#
+line vty 12 12
+password @_pass_@
+login
+#
+line vty 13 13
+password @_pass_@
+login
+#
+line vty 14 14
+password @_pass_@
+login
+#
+line vty 15 15
+password @_pass_@
+login
+#
+end

switch-configs/voc-b.md

@@ -0,0 +1,163 @@
+!TL-SG3210
+#
+vlan 20-27
+#
+vlan 20
+name "of-mgmt"
+#
+vlan 21
+name "of-wired"
+#
+vlan 22
+name "of-wifi"
+#
+vlan 23
+name "of-video"
+#
+vlan 24
+name "of-overflow"
+#
+vlan 25
+name "of-reception"
+#
+vlan 26
+name "of-phone"
+#
+vlan 27
+name "of-workshop"
+#
+#
+#
+#
+hostname "vocsw-B"
+#
+mac address-table aging-time 300
+#
+logging buffer 6
+no logging file flash
+logging host index 1 10.20.0.1 6
+#
+enable secret @_pass_@
+#
+system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4
+#
+spanning-tree mode rstp
+#
+#
+user name admin privilege admin secret 0 @_pass_@
+user name root privilege admin secret 0 @_pass_@
+#
+#
+#
+#
+#
+#
+snmp-server
+snmp-server community "@_community_@" read-only "viewDefault"
+#
+interface gigabitEthernet 1/0/1
+  switchport access vlan 26
+#
+interface gigabitEthernet 1/0/2
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/3
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/4
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/5
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/6
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/7
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/8
+  switchport mode trunk
+  switchport trunk allowed vlan 20-27
+  description "uplink/coresw"
+#
+interface gigabitEthernet 1/0/9
+  speed 1000
+  duplex full
+#
+interface gigabitEthernet 1/0/10
+  speed 1000
+  duplex full
+#
+ip management-vlan 20
+interface vlan 20
+ip address 10.20.0.22 255.255.255.0 10.20.0.1
+#
+#
+line vty 0 0
+password @_pass_@
+login
+#
+line vty 1 1
+password @_pass_@
+login
+#
+line vty 2 2
+password @_pass_@
+login
+#
+line vty 3 3
+password @_pass_@
+login
+#
+line vty 4 4
+password @_pass_@
+login
+#
+line vty 5 5
+password @_pass_@
+login
+#
+line vty 6 6
+password @_pass_@
+login
+#
+line vty 7 7
+password @_pass_@
+login
+#
+line vty 8 8
+password @_pass_@
+login
+#
+line vty 9 9
+password @_pass_@
+login
+#
+line vty 10 10
+password @_pass_@
+login
+#
+line vty 11 11
+password @_pass_@
+login
+#
+line vty 12 12
+password @_pass_@
+login
+#
+line vty 13 13
+password @_pass_@
+login
+#
+line vty 14 14
+password @_pass_@
+login
+#
+line vty 15 15
+password @_pass_@
+login
+#
+end
+
+

switch-configs/voc-z.md

@@ -0,0 +1,162 @@
+!TL-SG3210
+#
+vlan 20-27
+#
+vlan 20
+name "of-mgmt"
+#
+vlan 21
+name "of-wired"
+#
+vlan 22
+name "of-wifi"
+#
+vlan 23
+name "of-video"
+#
+vlan 24
+name "of-overflow"
+#
+vlan 25
+name "of-reception"
+#
+vlan 26
+name "of-phone"
+#
+vlan 27
+name "of-workshop"
+#
+#
+#
+#
+hostname "vocsw-Z"
+#
+mac address-table aging-time 300
+#
+logging buffer 6
+no logging file flash
+logging host index 1 10.20.0.1 6
+#
+enable password @_pass_@
+#
+system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4
+#
+spanning-tree mode rstp
+#
+#
+user name root privilege admin secret @_pass_@
+#
+#
+#
+#
+#
+#
+snmp-server
+snmp-server community "@_community_@" read-only "viewDefault"
+#
+interface gigabitEthernet 1/0/1
+  switchport access vlan 26
+#
+interface gigabitEthernet 1/0/2
+  switchport access vlan 26
+#
+interface gigabitEthernet 1/0/3
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/4
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/5
+  switchport access vlan 23
+#
+interface gigabitEthernet 1/0/6
+  switchport mode trunk
+  switchport trunk allowed vlan 20,22
+  description "mgmt/radio"
+#
+interface gigabitEthernet 1/0/7
+  switchport access vlan 21
+#
+interface gigabitEthernet 1/0/8
+  switchport mode trunk
+  switchport trunk allowed vlan 20-27
+  description "uplink/gkc"
+#
+interface gigabitEthernet 1/0/9
+  speed 1000
+  duplex full
+#
+interface gigabitEthernet 1/0/10
+  speed 1000
+  duplex full
+#
+ip management-vlan 20
+interface vlan 20
+ip address 10.20.0.23 255.255.255.0 10.20.0.1
+#
+#
+line vty 0 0
+password @_pass_@
+login
+#
+line vty 1 1
+password @_pass_@
+login
+#
+line vty 2 2
+password @_pass_@
+login
+#
+line vty 3 3
+password @_pass_@
+login
+#
+line vty 4 4
+password @_pass_@
+login
+#
+line vty 5 5
+password @_pass_@
+login
+#
+line vty 6 6
+password @_pass_@
+login
+#
+line vty 7 7
+password @_pass_@
+login
+#
+line vty 8 8
+password @_pass_@
+login
+#
+line vty 9 9
+password @_pass_@
+login
+#
+line vty 10 10
+password @_pass_@
+login
+#
+line vty 11 11
+password @_pass_@
+login
+#
+line vty 12 12
+password @_pass_@
+login
+#
+line vty 13 13
+password @_pass_@
+login
+#
+line vty 14 14
+password @_pass_@
+login
+#
+line vty 15 15
+password @_pass_@
+login
+#
+end

switch-configs/workshop.md

@@ -0,0 +1,170 @@
+!
+version 12.2
+no service pad
+service timestamps debug uptime
+service timestamps log uptime
+no service password-encryption
+!
+hostname workshop-sw
+!
+enable secret @_pass_@
+enable password @_pass_@
+!
+no aaa new-model
+ip subnet-zero
+!
+!
+!
+!
+!
+!
+spanning-tree mode pvst
+spanning-tree extend system-id
+!
+vlan internal allocation policy ascending
+!
+!
+!
+!
+!
+!
+interface FastEthernet0/1
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/2
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/3
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/4
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/5
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/6
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/7
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/8
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/9
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/10
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/11
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/12
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/13
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/14
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/15
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/16
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/17
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/18
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/19
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/20
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/21
+ switchport access vlan 27
+ switchport mode access
+!
+interface FastEthernet0/22
+ switchport access vlan 24
+ switchport mode access
+!
+interface FastEthernet0/23
+ description "uplink"
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 20-27
+ switchport mode trunk
+ switchport nonegotiate
+ shutdown
+!
+interface FastEthernet0/24
+ description "uplink fl0"
+ switchport trunk encapsulation dot1q
+ switchport trunk allowed vlan 20-27
+ switchport mode trunk
+ switchport nonegotiate
+!
+interface GigabitEthernet0/1
+ switchport mode dynamic desirable
+!
+interface GigabitEthernet0/2
+ switchport mode dynamic desirable
+!
+interface Vlan1
+ no ip address
+ shutdown
+!
+interface Vlan20
+ ip address 10.20.0.27 255.255.255.0
+!
+ip default-gateway 10.20.0.1
+ip classless
+no ip http server
+no ip http secure-server
+!
+!
+logging 10.20.0.1
+snmp-server community @_community_@ RO
+!
+control-plane
+!
+!
+line con 0
+ password @_pass_@
+ login
+line vty 0 4
+ password @_pass_@
+ login
+line vty 5 15
+ password @_pass_@
+ login
+!
+end
+

wifi-provisioning-serverside/Config.php

@@ -0,0 +1,182 @@
+<?php
+namespace Provision;
+use Provision;
+
+class Config
+{
+	
+	protected ?int $id;
+	protected ?string $name;
+	protected ?string $ip_addr;
+	protected ?int $wifi_channel_24;
+	protected ?int $wifi_channel_5;
+	protected ?int $power_24;
+	protected ?int $power_5;
+	
+	public function __construct($id, $name = null, $ip_addr = null, $wifi_channel_24 = null, $wifi_channel_5 = null, $power_24 = null, $power_5 = null)
+	{
+		$this->id = $id;
+		$this->setName($name);
+		$this->setIpAddr($ip_addr);
+		$this->setWifiChannel24($wifi_channel_24);
+		$this->setWifiChannel5($wifi_channel_5);
+		$this->setPower24($power_24);
+		$this->setPower5($power_5);
+		
+	}
+	
+	public function build($type): false|string
+	{
+		$template = $this->detectTemplate($type);
+		$template = str_replace('{{name}}', $this->name, $template);
+		$template = str_replace('{{ip_addr}}', $this->ip_addr, $template);
+		$template = str_replace('{{wifi_channel_24}}', $this->wifi_channel_24, $template);
+		$template = str_replace('{{wifi_channel_5}}', $this->wifi_channel_5, $template);
+		$template = str_replace('{{power_24}}', $this->power_24, $template);
+		$template = str_replace('{{power_5}}', $this->power_5, $template);
+		
+		
+		return $template;
+		
+	}
+	
+	/**
+	 * Set the configuration name
+	 * @param string $name
+	 */
+	public function detectTemplate($type): false|string
+	{
+		//detect the template based on the device type
+		if ($type == 'DAP') {
+			return file_get_contents('/etc/wifi-provisioning/templates/DAP_TEMPLATE');
+		}
+		if ($type == 'AP121') {
+			return file_get_contents('/etc/wifi-provisioning/templates/AP121_TEMPLATE');
+		}
+		
+		return false;
+		
+	}
+	
+	public function setName(string $name)
+	{
+		//null or regex [a-zA-Z0-9_-]
+		if (!is_null($name) && !preg_match('/^[a-zA-Z0-9_-]+$/', $name)) {
+			throw new \Exception('Invalid name');
+		}
+		$this->name = $name;
+	}
+	
+	public function setIpAddr(string $ip_addr)
+	{
+		//null or single ip address
+		if (!is_null($ip_addr) && !filter_var($ip_addr, FILTER_VALIDATE_IP)) {
+			throw new \Exception('Invalid IP address');
+		}
+		$this->ip_addr = $ip_addr;
+	}
+	
+
+	
+	public function setWifiChannel24(int $wifi_channel_24)
+	{
+		$this->wifi_channel_24 = $wifi_channel_24;
+	}
+	
+	public function setWifiChannel5(int $wifi_channel_5)
+	{
+		//validate wifi channel ranges {52..64}{100..140} step 4
+		if ($wifi_channel_5 < 52 || $wifi_channel_5 > 140 || ($wifi_channel_5 > 64 && $wifi_channel_5 < 100) || $wifi_channel_5 % 4 != 0) {
+			throw new \Exception('Invalid 5GHz wifi channel');
+		}
+		$this->wifi_channel_5 = $wifi_channel_5;
+	}
+	
+	public function setPower24(int $power_24)
+	{
+		//validate power ranges {1..20}
+		if ($power_24 < 1 || $power_24 > 20) {
+			throw new \Exception('Invalid 2.4GHz power');
+		}
+		$this->power_24 = $power_24;
+	}
+	
+	public function setPower5(int $power_5)
+	{
+		//validate power ranges {1..22}
+		if ($power_5 < 1 || $power_5 > 22) {
+			throw new \Exception('Invalid 5GHz power');
+		}
+		$this->power_5 = $power_5;
+	}
+	
+	public function getId(): ?int
+	{
+		return $this->id;
+	}
+	
+	public function getName(): ?string
+	{
+		return $this->name;
+	}
+	
+	public function getIpAddr(): ?string
+	{
+		return $this->ip_addr;
+	}
+	
+
+	public function getWifiChannel24(): ?int
+	{
+		return $this->wifi_channel_24;
+	}
+	
+	public function getWifiChannel5(): ?int
+	{
+		return $this->wifi_channel_5;
+	}
+	
+	public function getPower24(): ?int
+	{
+		return $this->power_24;
+	}
+	
+	public function getPower5(): ?int
+	{
+		return $this->power_5;
+	}
+	
+	public function load()
+	{
+		//load the configuration from the provision configurations file
+		$configs = file_get_contents(Provision::$CONFIG_FILE);
+		$configs = json_decode($configs, true);
+		if (isset($configs[$this->id])) {
+			$this->name = $configs[$this->id]['name'];
+			$this->ip_addr = $configs[$this->id]['ip_addr'];
+			$this->wifi_channel_24 = $configs[$this->id]['wifi_channel_24'];
+			$this->wifi_channel_5 = $configs[$this->id]['wifi_channel_5'];
+		}
+	}
+	
+	public function save(): bool
+	{
+		//save the configuration to the provision configurations file
+		if (!file_exists(Provision::$CONFIG_FILE)) {
+			file_put_contents(Provision::$CONFIG_FILE, json_encode([]));
+		}
+		
+		$configs = file_get_contents(Provision::$CONFIG_FILE);
+		$configs = json_decode($configs, true);
+		$configs[$this->id] = [
+			'name' => $this->name,
+			'ip_addr' => $this->ip_addr,
+			'wifi_channel_24' => $this->wifi_channel_24,
+			'wifi_channel_5' => $this->wifi_channel_5
+		];
+		if (!file_put_contents(Provision::$CONFIG_FILE, json_encode($configs))) {
+			return false;
+		}
+		return true;
+	}
+}

wifi-provisioning-serverside/Device.php

@@ -0,0 +1,91 @@
+<?php
+namespace Provision;
+
+use Provision;
+class Device
+{
+
+	public static $DEVICE_TYPES = ['DAP', 'AP121'];
+	
+	protected ?string $mac;
+	protected ?string $type;
+	public function __construct($mac, $type = null)
+	{
+		//validate mac
+		if (!filter_var($mac, FILTER_VALIDATE_MAC)) {
+			throw new \Exception('Invalid MAC address');
+		}
+		$this->mac = $mac;
+		
+		if ($type && !in_array($type, self::$DEVICE_TYPES)) {
+			throw new \Exception('Invalid device type. Possible values are: ' . implode(', ', self::$DEVICE_TYPES));
+		}
+		$this->type = $type ?? $this->getDeviceType();
+		syslog(LOG_INFO, "New device created with MAC: $mac and type: $type");
+	}
+	
+	/**
+	 * Save the device to the provision devices file
+	 * @return bool
+	 */
+	public function save(): bool
+	{
+		//save the device to the provision devices file
+		if (!file_exists(Provision::$DEVICES_FILE)) {
+			file_put_contents(Provision::$DEVICES_FILE, json_encode([]));
+		}
+		
+		$devices = file_get_contents(Provision::$DEVICES_FILE);
+		$devices = json_decode($devices, true);
+		$devices[$this->mac] = $this->type;
+		if (!file_put_contents(Provision::$DEVICES_FILE, json_encode($devices))) {
+			return false;
+		}
+		return true;
+		
+	}
+	
+	/**
+	 * Check if the device exists in the provision devices file
+	 * @return bool
+	 */
+	public function check(): bool
+	{
+		//check if the device exists in the provision devices file
+		$devices = file_get_contents(Provision::$DEVICES_FILE);
+		$devices = json_decode($devices, true);
+		
+		return isset($devices[$this->mac]);
+	}
+	
+	public function getDeviceType()
+	{
+		//get the device type from the provision devices file
+		$devices = file_get_contents(Provision::$DEVICES_FILE);
+		$devices = json_decode($devices, true);
+		if (isset($devices[$this->mac])) {
+			return $devices[$this->mac];
+		}
+		return null;
+	}
+	
+	public function getMac(): ?string
+	{
+		return $this->mac;
+	}
+	
+	public function getType(): ?string
+	{
+		return $this->type;
+	}
+	
+	public function setMac($mac): void
+	{
+		$this->mac = $mac;
+	}
+	
+	public function setType($type): void
+	{
+		$this->type = $type;
+	}
+}

wifi-provisioning-serverside/Location.php

@@ -0,0 +1,6 @@
+<?php
+namespace Provision;
+class Location
+{
+	
+}

wifi-provisioning-serverside/Provision.php

@@ -0,0 +1,199 @@
+<?php
+use Provision\Config;
+use Provision\Device;
+
+require_once 'Config.php';
+require_once 'Device.php';
+
+
+/**
+ * Provision
+ *
+ * This class is responsible for provisioning WIFI devices.
+ * We can use this class to provision a device, based on MAC address and location ID.
+ *
+ * Once the parameters are passed, the class will provision the device and return the configuration.
+ *
+ * @package Provision
+ */
+class Provision
+{
+	
+	public static string $CONFIG_FILE = '/etc/wifi-provisioning/config.json';
+	public static string $DEVICES_FILE = '/etc/wifi-provisioning/devices.json';
+	protected static string $MAPPING_FILE = '/etc/wifi-provisioning/mapping.json';
+	protected static string $LOG_FILE = '/var/log/wifi-provisioning.log';
+	
+	protected ?Config $config;
+	protected ?Device $device;
+	
+	/**
+	 * @throws Exception
+	 */
+	public function __construct(string $mac = NULL)
+	{
+		$this->device = $mac ? new Device($mac) : null;
+		$this->config = null;
+	}
+	
+	public function provision(string $mac=NULL, int $location=null)
+	{
+		if ($mac) {
+			$this->device = new Device($mac);
+		}
+		if (!$this->device->check()) {
+			$this->log('Device with MAC: ' . $this->device->getMac() . ' does not exist');
+			return FALSE;
+		}
+		if ($location) {
+			$this->config = new Config($location);
+		}
+		
+		try {
+			/** @var Config $configuration */
+			$configuration = $this->getConfiguration();
+		} catch (\Exception $e) {
+			$this->log('Failed to provision device with MAC: ' . $this->device->getMac() . ' - ' . $e->getMessage());
+			return false;
+		}
+		if (!$configuration) {
+			$this->log('Failed to provision device with MAC: ' . $this->device->getMac());
+			return false;
+		}
+		$this->log('Provisioned device with MAC: ' . $this->device->getMac());
+		return $configuration->build($this->device->getType());
+	}
+	
+	/**
+	 * @throws Exception
+	 */
+	public function updateMapping(string $mac, int $locationID): bool
+	{
+		try{
+			$device = new Device($mac);
+		} catch (\Exception $e) {
+			$this->log('Failed to update mapping for MAC: ' . $mac . ' - ' . $e->getMessage());
+			return FALSE;
+		}
+		if (!$device->check()) {
+			$this->log('Device with MAC: ' . $mac . ' does not exist');
+			return false;
+		}
+		$mappings = $this->getMappings();
+		$mappings[$mac] = $locationID;
+		if (!file_put_contents(self::$MAPPING_FILE, json_encode($mappings))) {
+			$this->log('Failed to update mapping for MAC: ' . $mac . ' and Config ID: ' . $locationID);
+			return false;
+		}
+		$this->log('Updated mapping for MAC: ' . $mac . ' and Config ID: ' . $locationID);
+		return true;
+	}
+	
+	public function getMappings()
+	{
+		if (!file_exists(self::$MAPPING_FILE)) {
+			file_put_contents(self::$MAPPING_FILE, json_encode([]));
+		}
+		
+		$mappings = file_get_contents(self::$MAPPING_FILE);
+		return json_decode($mappings, true);
+	}
+	
+	public function getDevices()
+	{
+		if (!file_exists(self::$DEVICES_FILE)) {
+			file_put_contents(self::$DEVICES_FILE, json_encode([]));
+		}
+		
+		$devices = file_get_contents(self::$DEVICES_FILE);
+		return json_decode($devices, true);
+	}
+	
+	
+	/**
+	 * Get the configuration for the device
+	 * @return array
+	 */
+	public function getConfig(): array
+	{
+		if (!file_exists(self::$CONFIG_FILE)) {
+			file_put_contents(self::$CONFIG_FILE, json_encode([]));
+		}
+		
+		$config = file_get_contents(self::$CONFIG_FILE);
+		return json_decode($config, true);
+	}
+	
+	/**
+	 * Add a device to the provision devices file
+	 * @return bool
+	 */
+	public function addDevice(string $mac, string $type): bool
+	{
+		try{
+			$device = new Device($mac, $type);
+		} catch (\Exception $e) {
+			$this->log('Failed to add device with MAC: ' . $mac . ' - ' . $e->getMessage());
+			return FALSE;
+		}
+		if ($device->check()) {
+			$this->log('Device with MAC: ' . $device->getMac() . ' already exists');
+			return FALSE;
+		}
+		if (!$device->save()) {
+			$this->log('Failed to add device with MAC: ' . $device->getMac());
+			return FALSE;
+		}
+		$this->log('Device with MAC: ' . $device->getMac() . ' added successfully');
+		return TRUE;
+	}
+	
+	public function addConfig(int $id, string $name, string $ip_addr,  int $wifi_channel_24, int $wifi_channel_5, int $power_24, int $power_5):
+	bool
+	{
+		try{
+			$config = new Config($id, $name, $ip_addr, $wifi_channel_24, $wifi_channel_5, $power_24, $power_5);
+		} catch (\Exception $e) {
+			$this->log('Failed to add configuration with ID: ' . $id . ' - ' . $e->getMessage());
+			return FALSE;
+		}
+
+		if (!$config->save()) {
+			$this->log('Failed to add configuration with ID: ' . $config->getId());
+			return FALSE;
+		}
+		$this->log('Configuration with ID: ' . $config->getId() . ' added successfully');
+		return TRUE;
+	}
+	
+	private function log(string $message)
+	{
+		file_put_contents(self::$LOG_FILE, $message . PHP_EOL, FILE_APPEND);
+		syslog(LOG_DEBUG, $message);
+		if (php_sapi_name() === 'cli') {
+			echo $message . PHP_EOL;
+		}
+	}
+	
+	private function getConfiguration(): ?Config
+	{
+		
+		//detect configuration based on mac and location
+		$mappings = $this->getMappings();
+		$location = $mappings[$this->device->getMac()] ?? null;
+		if (!$location) {
+			$this->log('No mapping found for MAC: ' . $this->device->getMac());
+			return null;
+		}
+		
+		$config = $this->getConfig();
+		$configuration = $config[$location] ?? null;
+		if (!$configuration) {
+			$this->log('No configuration found for location ID: ' . $location);
+			return null;
+		}
+		
+		$this->log('Configuration found for MAC: ' . $this->device->getMac() . ' and location ID: ' . $location);
+		return new Config($location, $configuration['name'], $configuration['ip_addr'], $configuration['wifi_channel_24'], $configuration['wifi_channel_5'], $configuration['power_24'], $configuration['power_5']);
+	}
+}

wifi-provisioning-serverside/README.md

@@ -0,0 +1,5 @@
+PHP component of wifi provisionig.
+
+Written by Atanas(DevHex)
+
+Needs PHP capable web server. 

wifi-provisioning-serverside/c.php

@@ -0,0 +1,22 @@
+<?php
+
+require_once 'Provision.php';
+
+if (!isset($_POST['mac'])) {
+	echo json_encode(['error' => 'MAC address is required']);
+	exit;
+}
+if (!isset($_POST['location'])) {
+	echo json_encode(['error' => 'Config ID is required']);
+	exit;
+}
+
+try {
+	$provision = new Provision($_POST['mac']);
+	$provision->updateMapping($_POST['mac']??'', $_POST['location']??0);
+	echo json_encode(['success' => 'Device mapped successfully']);
+} catch (Exception $e) {
+	echo json_encode(['error' => $e->getMessage()]);
+	exit;
+}
+

wifi-provisioning-serverside/cli.php

@@ -0,0 +1,105 @@
+#!/usr/bin/php
+<?php
+
+require_once 'Provision.php';
+
+$provision = new Provision();
+$res = readline_completion_function(function($input, $index) {
+	$commands = ['conf', 'dev', 'add-dev', 'add-conf', 'set', 'map', 'provision', 'exit', 'help', '?'];
+	return array_filter($commands, function($command) use ($input) {
+		return strpos($command, $input) === 0;
+	});
+});
+
+//make command line interface, that can list all locations, provision a device, update a device location, and delete a device
+while (true) {
+
+	$choice = trim(readline("provision> "));
+	switch ($choice) {
+        case '':
+            break;
+		case 'conf':
+			$configs = $provision->getConfig();
+			echo '===== Configurations ====='.PHP_EOL;
+			foreach ($configs as $location => $conf) {
+				echo sprintf("Config ID: %2d, IP: %10s, CH2.4: %2d (PWR: %2d), CH5: %3d (PWR: %2d), Name: %s",
+					$location,
+					$conf['ip_addr'],
+					$conf['wifi_channel_24'],
+					$conf['power_24'],
+					$conf['wifi_channel_5'],
+					$conf['power_5'],
+					$conf['name']).PHP_EOL;
+			}
+			break;
+		case 'dev':
+			$devices = $provision->getDevices();
+			echo '===== Devices ====='.PHP_EOL;
+			foreach ($devices as $mac => $type) {
+				echo "MAC: $mac, Type: $type\n";
+			}
+			break;
+		case 'add-dev':
+			$mac = readline("Enter the MAC address: ");
+			$type = readline("Enter the device type: ");
+			$provision->addDevice($mac, $type);
+			break;
+			
+        case 'add-conf':
+            $id = readline("Enter the configuration location (ID): ");
+            $name = readline("Enter the configuration name: ");
+            $ip_addr = readline("Enter the IP address: ");
+            $wifi_channel_24 = readline("Enter the 2.4GHz wifi channel: ");
+            $wifi_channel_5 = readline("Enter the 5GHz wifi channel: ");
+            $power_24 = readline("Enter the 2.4GHz power: ");
+            $power_5 = readline("Enter the 5GHz power: ");
+            
+            $provision->addConfig((int) $id, $name, $ip_addr,  (int) $wifi_channel_24, (int) $wifi_channel_5, (int) $power_24, (int) $power_5);
+            break;
+		case 'set':
+			$mac = readline("Enter the MAC address: ");
+			$location = readline("Enter the location ID: ");
+			$provision->updateMapping($mac, (int) $location);
+			break;
+		case 'map':
+			$mappings = $provision->getMappings();
+			echo '===== Mappings ====='.PHP_EOL;
+			foreach ($mappings as $mac => $location) {
+				echo "MAC: $mac, Location ID: $location\n";
+			}
+			break;
+		case 'provision':
+			$mac = readline("Enter the MAC address: ");
+			$location = readline("Enter the location ID (empty for autodetect): ");
+			if (empty($location)) {
+                $location = null;
+            }
+			$conf = $provision->provision($mac, $location);
+			if (empty($conf)) {
+                echo 'Failed to provision the device'.PHP_EOL;
+                break;
+            }
+			echo 'Paste the following configuration to the device:'.PHP_EOL;
+			echo '>>>>>>>>>'. PHP_EOL.PHP_EOL;
+			echo $conf;
+			echo PHP_EOL.'<<<<<<<<'.PHP_EOL;
+			break;
+		case '?':
+		case 'help':
+			echo '===== Commands ====='.PHP_EOL;
+			echo 'conf - List all locations'.PHP_EOL;
+			echo 'dev - List all devices'.PHP_EOL;
+			echo 'map - List all device locations'.PHP_EOL;
+			echo 'add-dev - Add a device'.PHP_EOL;
+			echo 'add-conf - Add a configuration'.PHP_EOL;
+			echo 'provision - Provision a device'.PHP_EOL;
+			echo 'set - Update a device location'.PHP_EOL;
+			echo 'exit - Exit the program'.PHP_EOL;
+			echo 'help / ? - Show this help'.PHP_EOL;
+			break;
+		case 'exit':
+			exit;
+		default:
+			echo 'Invalid command'.PHP_EOL;
+	}
+}

wifi-provisioning-serverside/index.php

@@ -0,0 +1,2 @@
+<?php
+echo 'Hi!';

wifi-provisioning-serverside/p.php

@@ -0,0 +1,36 @@
+<?php
+
+require_once 'Provision.php';
+
+syslog(LOG_INFO, file_get_contents('php://input'));
+$data = json_decode(file_get_contents('php://input'));
+syslog(LOG_INFO, 'request_from = ' . $_SERVER['REMOTE_ADDR']);
+syslog(LOG_INFO, 'data = ' . print_r($data, true));
+
+syslog(LOG_INFO, 'Provisioning request for MAC: ' . ($data->mac ?? 'n/a'));
+if (empty($data->mac)) {
+
+	//return 404
+	http_response_code(404);
+	echo json_encode(['error' => 'MAC address is required']);
+	exit;
+}
+try {
+	$provision = new Provision($data->mac);
+} catch (Exception $e) {
+	http_response_code(500);
+	echo json_encode(['error' => $e->getMessage()]);
+	exit;
+}
+$configuration = $provision->provision();
+
+if (empty($configuration)) {
+	http_response_code(404);
+	echo json_encode(['error' => 'No configuration found']);
+	exit;
+}
+
+header('Content-Type: text/html');
+syslog(LOG_INFO, 'Provisioned device with MAC: ' . $data->mac);
+syslog(LOG_INFO, 'Configuration: ' . $configuration);
+echo $configuration;