# UDM Pro Routing Configuration via API **Last Updated:** 2026-01-13 **Status:** Routing configuration NOT available via API --- ## Summary **Answer: No, routing configuration cannot be handled via the API.** The UniFi Network API provides **read-only** access to routing information but does **not** support configuring static routes or inter-VLAN routing via API endpoints. --- ## API Routing Endpoints ### Available (Read-Only) | Endpoint | Method | Access | Description | |----------|--------|--------|-------------| | `/api/s/{site}/stat/routing` | GET | ✅ Read | Routing statistics | | `/api/s/{site}/rest/routing` | GET | ✅ Read | Routing configuration (varies by version) | **Note:** These endpoints are **read-only**. They allow you to view routing information but cannot be used to create, modify, or delete routes. ### Not Available (Write Access) | Configuration | API Endpoint | Status | |---------------|--------------|--------| | Static Routes | ❌ Not available | Requires web UI | | Inter-VLAN Routing | ❌ Not available | Requires web UI | | Route Configuration | ❌ Not available | Requires web UI | | Network Routing Settings | ❌ Not available | Requires web UI | --- ## Current API Capabilities ### Official API (API Key) **Write Access Available:** - ✅ ACL Rules (`/sites/{siteId}/acl-rules`) - ✅ Firewall Zones (`/sites/{siteId}/firewall/zones`) - ✅ Traffic Matching Lists (`/sites/{siteId}/traffic-matching-lists`) **Write Access NOT Available:** - ❌ Network/VLAN creation/modification - ❌ Static routes configuration - ❌ Inter-VLAN routing configuration - ❌ DHCP reservations - ❌ Port profiles - ❌ System configuration ### Private API (Username/Password) **Write Access:** - ❌ Network creation/modification (403 Forbidden - permission issue) - ❌ Routing configuration (not available) --- ## Why Routing Configuration Requires Manual Setup 1. **Security:** Routing configuration is a critical network function that affects all traffic 2. **Complexity:** Routing involves multiple network interfaces and requires careful configuration 3. **API Limitations:** UniFi Network API focuses on firewall/ACL rules, not routing 4. **UDM Pro Design:** Routing is typically configured during initial setup or via web UI --- ## Solutions for Routing Configuration ### Option 1: Manual Configuration via Web UI (Recommended) 1. **Access UniFi Network Web Interface:** - URL: `https://192.168.0.1` - Navigate to: **Settings** → **Networks** 2. **Verify Inter-VLAN Routing:** - Check each network's settings - Ensure "Enable Inter-VLAN Routing" or similar option is enabled - This is typically enabled by default for VLANs 3. **Configure Static Route (if needed):** - Navigate to: **Settings** → **Routing & Firewall** → **Static Routes** - Add route: `192.168.11.0/24` via `192.168.11.1` - Save configuration **Reference:** [UDM_PRO_ROUTING_TROUBLESHOOTING.md](./UDM_PRO_ROUTING_TROUBLESHOOTING.md) ### Option 2: Verify Network Configuration The routing issue may be resolved by ensuring: - Both networks are properly configured as VLANs - Inter-VLAN routing is enabled (default for VLANs) - Networks are in the same zone (Internal zone allows "Allow All" policy) **Current Status:** - Default network: `192.168.0.0/24` → Internal zone - MGMT-LAN (VLAN 11): `192.168.11.0/24` → Internal zone - Zone Policy: Internal → Internal = "Allow All" Since both networks are in the Internal zone with "Allow All" policy, the firewall/zone should allow traffic. The issue is likely routing configuration. --- ## Workaround: Use Firewall Rules While routing cannot be configured via API, you can use firewall rules to control traffic: 1. **Firewall Rules (ACL Rules) - Available via API:** - ✅ Create rules to allow/block traffic between networks - ✅ Configure source/destination filters - ✅ Set protocol and port filters 2. **Current Firewall Rule:** - Rule: "Allow Default Network to Management VLAN" - Priority: 5 - Allows: `192.168.0.0/24` → VLAN 11 (all protocols) - Status: ✅ Created via API **Note:** Firewall rules control **access** but don't configure **routing**. If routing isn't configured, traffic won't reach the firewall rules. --- ## Testing Routing Configuration ### Check Current Routing (Read-Only via API) You can query routing information to verify configuration: ```bash # Using Private API (if available) curl -k -X GET 'https://192.168.0.1/proxy/network/api/s/default/stat/routing' \ -H 'Cookie: unifises=' # Or via Official API (if routing endpoint exists) curl -k -X GET 'https://192.168.0.1/proxy/network/integration/v1/sites/{siteId}/routing' \ -H 'X-API-KEY: ' ``` **Note:** These endpoints may not exist or may return limited information. ### Manual Verification 1. **SSH to UDM Pro:** ```bash ssh root@192.168.0.1 ``` 2. **Check routing table:** ```bash ip route show # or route -n ``` 3. **Look for route to VLAN 11:** - Should show: `192.168.11.0/24 dev ` or `192.168.11.0/24 via ` --- ## Conclusion **Routing configuration must be done manually via the UDM Pro web interface.** The API cannot be used to: - Create static routes - Enable/disable inter-VLAN routing - Configure routing between networks **What the API CAN do:** - ✅ Read routing statistics (if endpoint exists) - ✅ Create firewall/ACL rules to control traffic - ✅ Configure firewall zones **Next Steps:** 1. Access UDM Pro web UI: `https://192.168.0.1` 2. Verify inter-VLAN routing is enabled 3. Add static route if needed (Settings → Routing & Firewall → Static Routes) 4. Test connectivity: `ping 192.168.11.10` from `192.168.0.23` --- ## Related Documentation - [UDM_PRO_API_LIMITATIONS.md](./UDM_PRO_API_LIMITATIONS.md) - Complete API limitations - [UDM_PRO_ROUTING_TROUBLESHOOTING.md](./UDM_PRO_ROUTING_TROUBLESHOOTING.md) - Routing troubleshooting guide - [VLAN_11_SETTINGS_REFERENCE.md](./VLAN_11_SETTINGS_REFERENCE.md) - VLAN 11 configuration --- **Last Updated:** 2026-01-13