diff --git a/setup-checklist.md b/setup-checklist.md
new file mode 100644
index 0000000..feb6176
--- /dev/null
+++ b/setup-checklist.md
@@ -0,0 +1,324 @@
+# OpenWRT & AdGuard Setup - Quick Checklist
+
+## Pre-Setup Information
+- [ ] Note current network gateway: **10.0.0.254** (TPLink)
+- [ ] Note current DNS: **10.0.0.55** (HomeAssistant/AdGuard)
+- [ ] OpenWRT target IP: **10.0.0.246**
+- [ ] New AdGuard IP: **10.0.0.245**
+- [ ] DHCP range: **10.0.0.1 - 10.0.0.200**
+
+---
+
+## Phase 1: OpenWRT Initial Setup (15 minutes)
+
+### Step 1: First Connection
+- [ ] Connect Ethernet cable to OpenWRT LAN port
+- [ ] Access default IP: http://192.168.1.1
+- [ ] Login as root (no password on first boot)
+
+### Step 2: Set Security
+- [ ] System → Administration → Router Password
+- [ ] Set strong root password: _________________
+- [ ] Save the password in your password manager
+
+### Step 3: Configure LAN Interface
+- [ ] Network → Interfaces → LAN → Edit
+- [ ] IPv4 address: `10.0.0.246`
+- [ ] IPv4 netmask: `255.255.255.0`
+- [ ] IPv4 gateway: `10.0.0.254`
+- [ ] Use custom DNS: `10.0.0.245`
+- [ ] Save & Apply
+- [ ] Reconnect to http://10.0.0.246
+
+---
+
+## Phase 2: DHCP Configuration (10 minutes)
+
+### Step 4: Basic DHCP
+- [ ] Network → DHCP and DNS
+- [ ] DNS forwardings: `10.0.0.245`
+- [ ] Save
+
+### Step 5: DHCP Range
+- [ ] Network → Interfaces → LAN → Edit → DHCP Server
+- [ ] Enable DHCP server: ✓
+- [ ] Start: `1`
+- [ ] Limit: `200`
+- [ ] Lease time: `12h`
+- [ ] Save & Apply
+
+### Step 6: Static Leases
+- [ ] Network → DHCP and DNS → Static Leases
+- [ ] Add lease: HomeAssistant → MAC: ____________ → IP: 10.0.0.55
+- [ ] Add lease: New AdGuard → MAC: ____________ → IP: 10.0.0.245
+- [ ] Add lease: TPLink Router → MAC: ____________ → IP: 10.0.0.254
+- [ ] Add other critical devices as needed
+
+---
+
+## Phase 3: AdGuard Home Setup (20 minutes)
+
+### Step 7: Install AdGuard
+Choose your installation method:
+- [ ] Option A: Docker installation on ___________
+- [ ] Option B: Native Linux installation on ___________
+- [ ] Option C: Windows installation on ___________
+
+### Step 8: Initial Configuration
+- [ ] Access: http://10.0.0.245:3000
+- [ ] Complete setup wizard
+- [ ] Admin interface port: `3000`
+- [ ] DNS server port: `53`
+- [ ] Set admin username: _________________
+- [ ] Set admin password: _________________
+- [ ] Save credentials in password manager
+
+### Step 9: Configure Upstream DNS
+- [ ] Settings → DNS settings
+- [ ] Add upstream servers:
+  - [ ] `https://dns.cloudflare.com/dns-query`
+  - [ ] `https://dns.google/dns-query`
+  - [ ] `1.1.1.1`
+  - [ ] `8.8.8.8`
+- [ ] Enable parallel queries
+- [ ] Save
+
+### Step 10: Add Blocklists
+- [ ] Filters → DNS blocklists
+- [ ] Add OISD Big List: `https://big.oisd.nl/`
+- [ ] Add AdGuard DNS: `https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt`
+- [ ] Add Steven Black: `https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts`
+- [ ] Save and Apply
+
+### Step 11: Local DNS Entries
+- [ ] Filters → DNS rewrites
+- [ ] Add: `openwrt.local` → `10.0.0.246`
+- [ ] Add: `adguard.local` → `10.0.0.245`
+- [ ] Add: `homeassistant.local` → `10.0.0.55`
+- [ ] Add: `router.local` → `10.0.0.254`
+
+---
+
+## Phase 4: Access Control Setup (15 minutes)
+
+### Step 12: Install Required Packages
+SSH to OpenWRT (ssh root@10.0.0.246):
+```bash
+opkg update
+opkg install luci-app-firewall iptables-mod-extra
+```
+- [ ] Packages installed successfully
+
+### Step 13: Copy Device Control Script
+- [ ] Upload device-control.sh to /root/
+- [ ] Run: `chmod +x /root/device-control.sh`
+- [ ] Run: `/root/device-control.sh init`
+
+### Step 14: Configure Persistence
+- [ ] Edit /etc/firewall.user
+- [ ] Add these lines:
+```bash
+ipset create blocked_devices hash:ip timeout 0 comment -exist
+iptables -I FORWARD -m set --match-set blocked_devices src -j REJECT
+```
+- [ ] Save and exit
+- [ ] Run: `/etc/init.d/firewall restart`
+
+---
+
+## Phase 5: Testing (20 minutes)
+
+### Step 15: Test DHCP
+- [ ] Connect test device to network
+- [ ] Verify IP received in range 10.0.0.1-200
+- [ ] Verify DNS server shows as 10.0.0.245
+- [ ] Verify gateway is 10.0.0.254 or 10.0.0.246
+
+### Step 16: Test DNS Resolution
+From test device:
+```bash
+nslookup google.com 10.0.0.245
+```
+- [ ] DNS query successful
+- [ ] Response received
+
+### Step 17: Test AdGuard Filtering
+- [ ] Access http://10.0.0.245:3000
+- [ ] Dashboard → Query Log
+- [ ] Browse to a website from test device
+- [ ] Verify queries appear in log
+- [ ] Try accessing known ad domain
+- [ ] Verify ads are blocked
+
+### Step 18: Test Access Control
+- [ ] Get test device IP: _________________
+- [ ] Run: `/root/device-control.sh block [IP] "Test Device"`
+- [ ] Verify internet access is blocked
+- [ ] Run: `/root/device-control.sh unblock [IP]`
+- [ ] Verify internet access restored
+
+### Step 19: Verify Static Leases
+- [ ] Check each static device is getting correct IP
+- [ ] HomeAssistant: 10.0.0.55 ✓
+- [ ] New AdGuard: 10.0.0.245 ✓
+- [ ] TPLink Router: 10.0.0.254 ✓
+
+---
+
+## Phase 6: Backup & Documentation (10 minutes)
+
+### Step 20: Create Backups
+- [ ] OpenWRT: System → Backup/Flash → Generate Archive
+- [ ] Save backup file: openwrt-backup-[DATE].tar.gz
+- [ ] AdGuard: Settings → General → Export Settings
+- [ ] Save backup file: adguard-backup-[DATE].yaml
+
+### Step 21: Document Your Setup
+Create a file with:
+- [ ] OpenWRT admin password
+- [ ] AdGuard admin credentials
+- [ ] List of static IP assignments
+- [ ] List of blocked devices (if any)
+- [ ] Any custom firewall rules
+- [ ] Backup file locations
+
+---
+
+## Post-Setup Verification
+
+### Final Checks
+- [ ] All devices can get DHCP leases
+- [ ] DNS resolution working through AdGuard
+- [ ] Internet access working for allowed devices
+- [ ] AdGuard dashboard accessible
+- [ ] OpenWRT web interface accessible
+- [ ] Device blocking working correctly
+- [ ] Static leases all functioning
+- [ ] Local DNS names resolving (openwrt.local, etc.)
+
+### Performance Checks
+- [ ] Run speed test from multiple devices
+- [ ] Verify DNS response times in AdGuard
+- [ ] Check for any connection issues
+- [ ] Monitor AdGuard query log for problems
+
+---
+
+## Common Device Management Commands
+
+### Block/Unblock Devices
+```bash
+# Block a device
+/root/device-control.sh block 10.0.0.100 "Kids Tablet"
+
+# Unblock a device
+/root/device-control.sh unblock 10.0.0.100
+
+# List all blocked devices
+/root/device-control.sh list
+
+# Check device status
+/root/device-control.sh status 10.0.0.100
+```
+
+### Monitor System
+```bash
+# View DHCP leases
+cat /tmp/dhcp.leases
+
+# View system log
+logread
+
+# Check DNS traffic
+tcpdump -i br-lan port 53
+
+# Restart services
+/etc/init.d/dnsmasq restart
+/etc/init.d/firewall restart
+```
+
+---
+
+## Troubleshooting Reference
+
+### Issue: Can't access OpenWRT web interface
+```bash
+/etc/init.d/uhttpd restart
+netstat -tulpn | grep :80
+```
+
+### Issue: DHCP not giving out addresses
+```bash
+/etc/init.d/dnsmasq restart
+logread | grep -i dhcp
+```
+
+### Issue: DNS not resolving
+```bash
+nslookup google.com 10.0.0.245
+ping 10.0.0.245
+```
+
+### Issue: Device blocking not working
+```bash
+ipset list blocked_devices
+iptables -L FORWARD -v -n
+/etc/init.d/firewall restart
+```
+
+---
+
+## Maintenance Schedule
+
+### Weekly
+- [ ] Check AdGuard query logs for anomalies
+- [ ] Review blocked devices list
+- [ ] Check OpenWRT system log for errors
+
+### Monthly
+- [ ] Update AdGuard blocklists
+- [ ] Review and update static leases
+- [ ] Check for OpenWRT updates: System → Software
+- [ ] Create fresh backups
+
+### Quarterly
+- [ ] Review all firewall rules
+- [ ] Audit device access permissions
+- [ ] Update OpenWRT firmware if available
+- [ ] Test backup restoration procedure
+
+---
+
+## Emergency Contacts & Resources
+
+### Reset Instructions
+**OpenWRT Hard Reset:**
+- Press and hold reset button for 10 seconds
+- Default IP will be 192.168.1.1
+
+**AdGuard Reset:**
+- Stop AdGuard service
+- Delete config files
+- Restart and run setup wizard
+
+### Support Resources
+- OpenWRT Forum: https://forum.openwrt.org/
+- AdGuard Forum: https://forum.adguard.com/
+- This documentation folder: ________________
+
+---
+
+## Completion Sign-off
+
+Setup completed by: _________________
+Date: _________________
+Time taken: _______ minutes
+
+All phases completed successfully: ☐ YES ☐ NO
+
+Notes/Issues encountered:
+_________________________________________________
+_________________________________________________
+_________________________________________________
+
+Next review date: _________________