First, plan the port of the line. Be sure to connect according to your own planned port. Don't connect it wrong.
Then see if your switch equipment needs to be configured with link aggregation and link authentication to ensure that the second floor is fully configured.
Look at IP planning again. IP planning should be no problem for you. Consider network scalability and route summarization.
Switch parts:
At the second level, you can selectively configure 802. 1X to control the access security of the PC. If not, you must run MSTP before switching. See how you want to divide the VLAN number of VLAN planning. VRRY can be used between LSW3 LS24 to support MSTP in two directions. At the third layer, you can configure ACLs to restrict network access. I recommend OSPF as the routing protocol. After all, the company is relatively stable.
Configure NAT on the firewall and pay attention to the port mapping. It should be possible to map ports in the firewall NAT policy, and specify the server source IP port number and the port number of the external network interface.