Address: 12010 WI-42, Ellison Bay, WI 54210
Owner: Cory Diltz
Managed by: Resilient Path Consulting
Last Updated: May 20, 2026
| Field |
Value |
| ISP |
Charter Spectrum — coaxial, bridge mode |
| WAN IP |
141.126.167.63/24 (DHCP, dynamic) — gateway 141.126.166.1 |
| Failover WAN |
CradlePoint LTE — ix0, 192.168.200.102/24, gateway 192.168.200.1 — ACTIVE |
| Router Hostname |
rtr.mrb |
| Router Hardware |
Netgate (Intel Atom C3558 @ 2.20 GHz, 4 cores, 16 GB RAM) |
| Router Serial |
GSAA790259 — Netgate Device ID: 4588f42c620513c5ca90 |
| Switch Hostname |
MinkRiverBasin-sw1 |
| SNMP Community |
rpc_snmp_1996 (read-only, v2c/v3) |
| Remote Access |
WireGuard VPN via rpcnate.myftp.org — tunnel IP 192.168.78.6/24 |
| Device |
Model |
IP |
Status |
| Router |
pfSense CE 2.8.1 — Netgate Atom C3558 |
192.168.1.1 (LAN) / 10.0.6.1 (Mgmt VIP) / 192.168.255.6 (loopback) |
Active — uptime 14 days |
| Switch |
HP 1920-48G-PoE+ (370W) |
10.0.6.50 |
Active |
| AP 1 |
TP-Link EAP613 (AX1800) |
10.0.6.60 |
Active |
| AP 2 |
TP-Link EAP653 (AX3000) |
10.0.6.61 |
Pending — cable/mount ready |
| AP 3 |
TP-Link EAP613 (AX1800) |
10.0.6.62 |
Active |
| UPS |
EcoFlow River 2 (256Wh) |
N/A |
Pending installation |
| WAN Modem |
Charter Spectrum |
141.126.167.63 |
Active — bridge mode |
| Failover WAN |
CradlePoint LTE |
192.168.200.102 |
Active — gateway 192.168.200.1 |
All APs configured in standalone mode — no Omada cloud or local controller.
All four gateways confirmed online as of May 20, 2026.
| Gateway |
IP |
RTT |
Loss |
Status |
| WAN_DHCP (Charter) |
141.126.166.1 |
29.8ms |
0.0% |
Online |
| WAN_DHCP6 (IPv6) |
fe80::201:5cff:fe93:d046 |
8.0ms |
0.0% |
Online |
| VPN_WG (WireGuard) |
192.168.78.1 |
16.0ms |
0.0% |
Online |
| SECONDARY_WAN_DHCP (CradlePoint LTE) |
192.168.200.1 |
61.4ms |
0.0% |
Online |
| VLAN |
Name |
Gateway |
Subnet |
DHCP Pool |
Purpose |
| 1 |
LAN / MinkRiverPrivate |
192.168.1.1 |
192.168.1.0/24 |
.100–.199 |
Staff/owner devices + legacy LAN |
| 10 |
Guest |
172.16.0.1 |
172.16.0.0/22 |
172.16.1.50–172.16.3.240 |
Public guest Wi-Fi |
| 20 |
POS_Net |
192.168.213.1 |
192.168.213.0/24 |
.150–.240 |
Point of sale — isolated |
| 30 |
Residence |
192.168.30.1 |
192.168.30.0/24 |
.100–.240 |
Upstairs private network |
| 66 |
IoT |
172.31.1.1 |
172.31.1.0/24 |
.10–.199 |
Smart devices, TVs, Xumo boxes |
The management subnet 10.0.6.0/24 is a VIP alias on LAN, not a separate VLAN. VLAN 1 serves both legacy LAN and MinkRiverPrivate staff network.
| Interface |
In |
Out |
Notes |
| CHARTER_WAN (igb0) |
2.15 TiB |
49.00 GiB |
336K packets blocked inbound |
| LAN (igb1) |
42.82 GiB |
2.00 TiB |
|
| GUEST_NETWORK (igb1.10) |
4.25 GiB |
156.14 GiB |
Busiest VLAN — high outbound |
| IOT_NETWORK (igb1.66) |
22.54 MiB |
343.42 MiB |
Low usage |
| WG (tun_wg1) |
548.21 MiB |
1.40 GiB |
1 in error / 4660 out errors — monitor |
| POS_NET (igb1.20) |
1.68 GiB |
4.41 GiB |
Actively transacting |
| RESIDENCE_NETWORK (igb1.30) |
6.10 MiB |
100.33 MiB |
|
| SECONDARY_WAN (ix0) |
458.65 MiB |
116.18 MiB |
CradlePoint LTE — active |
Verified May 20, 2026 from HP switch web management VLAN summary.
| VLAN |
Description |
Untagged Ports |
Tagged Ports |
| 1 |
Native LAN |
GE1/0/1–40, GE1/0/49–52 |
GE1/0/41–46 |
| 10 |
Guest |
— |
GE1/0/1–52 |
| 20 |
POS |
GE1/0/41–48 |
GE1/0/1–40, GE1/0/49–52 |
| 30 |
Upstairs/Residence |
— |
GE1/0/1–52 |
| 66 |
IoT |
— |
GE1/0/1–52 |
| Port(s) |
PVID |
VLANs Permitted |
PoE |
Notes |
| GE1/0/1 |
1 |
1, 10, 20, 30, 66 |
Yes |
pfSense igb1 uplink — confirmed via LLDP |
| GE1/0/2–40 |
1 |
1, 10, 20, 30, 66 |
Yes |
General purpose — APs and devices |
| GE1/0/41–46 |
20 |
1, 10, 20, 30, 66 |
Yes |
POS devices — VLAN 1 tagged, VLAN 20 native |
| GE1/0/47–48 |
20 |
10, 20, 30, 66 |
Yes |
POS printers — no LAN access |
| GE1/0/49–52 |
1 |
1, 10, 20, 30, 66 |
No |
SFP uplink ports |
Radio: 802.11b/g/n/ax mixed, channel width auto, channel auto, Tx power 25 dBm.
| SSID |
VLAN |
Password |
Rate Limit |
Notes |
| myspectrumwifieo2G |
1 |
happysquirrel773 |
None (pending) |
Legacy — throttle to 300–500 Kbps |
| MinkRiverPrivate |
1 |
Walleye-Sunset-Dock |
None |
Staff/owner private network |
| 0022879765 |
20 |
Wifiub14 |
None |
POS — Shift4 payment system |
| MinkRiverGuest_Classic |
10 |
Giver@theRiver! |
2 Mbps / 500 Kbps up |
Guest |
| MRB_IoT |
66 |
fuckingtechnology |
None (pending) |
IoT — cap at 12 Mbps |
| 12010_Residence |
30 |
Egret-Tuna-Sail |
50 Mbps / 2 Mbps up |
Residence/upstairs |
Radio: 802.11a/n/ac/ax mixed, channel width 40 MHz, channel auto, Tx power 25 dBm. Bands 1 (ch 36/40) and 4 (ch 149/153) active.
| SSID |
VLAN |
Password |
Rate Limit |
Notes |
| myspectrumwifieo2G |
1 |
happysquirrel773 |
None (pending) |
Legacy — throttle to 300–500 Kbps |
| MinkRiverPrivate |
1 |
Walleye-Sunset-Dock |
None |
Staff/owner private network |
| 0022879765 |
20 |
Wifiub14 |
None |
POS — Shift4 payment system |
| MinkRiverGuest |
10 |
Giver@theRiver! |
8 Mbps / 1 Mbps up |
Guest |
| MRB_IoT |
66 |
fuckingtechnology |
None (pending) |
IoT — cap at 12 Mbps |
| 12010_Residence |
30 |
Egret-Tuna-Sail |
50 Mbps / 2 Mbps up |
Residence/upstairs |
| Rule |
Action |
Notes |
| All VLANs → POS_Net (192.168.213.0/24) |
BLOCK |
Floating rule, quick — cross-VLAN POS isolation |
| POS_Net → Internet |
ALLOW |
Internet only |
| Guest → Internet |
ALLOW |
Internet only — no LAN |
| IoT → Internet |
ALLOW |
Internet only |
| LAN → Any |
ALLOW |
Default LAN rule |
| WireGuard → LAN |
ALLOW |
Remote management via RPC tunnel |
| pfBlockerNG DNSBL |
BLOCK |
665,416 packets blocked — active on LAN, Guest, IoT |
¶ Outstanding Items
| Date |
Author |
Change |
| 2026-05-05 |
N. Bell / RPC |
Initial deployment — router, switch, AP 1 & 3, VLANs 1/10/20/30/66 |
| 2026-05-13 |
N. Bell / RPC |
On-site relocation — moved cable modem and 4G router behind bar; replaced Shift4 APs; configured POS VLAN; added floating firewall rule |
| 2026-05-15 |
N. Bell / RPC |
Wiki page created; DNS fix applied |
| 2026-05-20 |
N. Bell / RPC |
Full wireless audit; switch VLAN table corrected; MinkRiverPrivate SSID planned; hardware confirmed (Netgate Atom C3558); Secondary WAN confirmed active (192.168.200.102); all four gateways online; interface traffic snapshot recorded |
