# UDM Pro VLAN Plan - Utilization Status **Last Updated:** 2026-01-14 **Status:** ✅ **READY TO UTILIZE VLAN PLAN** --- ## Executive Summary **VLAN Plan Status:** ✅ **Foundation Complete - Ready for Utilization** All prerequisites are met to utilize the complete VLAN plan. The infrastructure is ready for VLAN assignment and inter-VLAN communication. --- ## Current Status ### ✅ Completed Prerequisites 1. **VLAN 11 (MGMT-LAN)** - ✅ Fully Operational - Subnet: 192.168.11.0/24 - Gateway: 192.168.11.1 - Proxmox hosts accessible - Firewall configured 2. **Network Isolation** - ✅ Disabled - Allows inter-VLAN routing - Verified on MGMT-LAN 3. **Zone Matrix** - ✅ Configured - Internal → Internal: Allow All - Enables inter-VLAN communication 4. **Proxmox VLAN Support** - ✅ Verified - VLAN-aware bridges configured on all hosts - Bridge VLAN support confirmed - Ready for VLAN assignment 5. **Firewall Rules** - ✅ Configured - Default network (192.168.0.0/24) → Proxmox hosts - VLAN 11 (192.168.11.0/24) → Proxmox hosts - Ready for inter-VLAN rules 6. **Proxmox Hosts** - ✅ All Accessible - ml110: 192.168.11.10 - r630-01: 192.168.11.11 - r630-02: 192.168.11.12 --- ## VLAN Plan (18 VLANs) ### Core Management | VLAN ID | Name | Subnet | Gateway | Status | |--------:|------|--------|---------|--------| | **11** | MGMT-LAN | 192.168.11.0/24 | 192.168.11.1 | ✅ Operational | ### Besu Networks | VLAN ID | Name | Subnet | Gateway | Status | |--------:|------|--------|---------|--------| | 110 | BESU-VAL | 10.110.0.0/24 | 10.110.0.1 | ⏳ To Create | | 111 | BESU-SEN | 10.111.0.0/24 | 10.111.0.1 | ⏳ To Create | | 112 | BESU-RPC | 10.112.0.0/24 | 10.112.0.1 | ⏳ To Create | ### Service VLANs | VLAN ID | Name | Subnet | Gateway | Status | |--------:|------|--------|---------|--------| | 120 | BLOCKSCOUT | 10.120.0.0/24 | 10.120.0.1 | ⏳ To Create | | 121 | CACTI | 10.121.0.0/24 | 10.121.0.1 | ⏳ To Create | | 130 | CCIP-OPS | 10.130.0.0/24 | 10.130.0.1 | ⏳ To Create | | 132 | CCIP-COMMIT | 10.132.0.0/24 | 10.132.0.1 | ⏳ To Create | | 133 | CCIP-EXEC | 10.133.0.0/24 | 10.133.0.1 | ⏳ To Create | | 134 | CCIP-RMN | 10.134.0.0/24 | 10.134.0.1 | ⏳ To Create | | 140 | FABRIC | 10.140.0.0/24 | 10.140.0.1 | ⏳ To Create | | 141 | FIREFLY | 10.141.0.0/24 | 10.141.0.1 | ⏳ To Create | | 150 | INDY | 10.150.0.0/24 | 10.150.0.1 | ⏳ To Create | | 160 | SANKOFA-SVC | 10.160.0.0/22 | 10.160.0.1 | ⏳ To Create | ### Sovereign Tenants | VLAN ID | Name | Subnet | Gateway | Status | |--------:|------|--------|---------|--------| | 200 | PHX-SOV-SMOM | 10.200.0.0/20 | 10.200.0.1 | ⏳ To Create | | 201 | PHX-SOV-ICCC | 10.201.0.0/20 | 10.201.0.1 | ⏳ To Create | | 202 | PHX-SOV-DBIS | 10.202.0.0/20 | 10.202.0.1 | ⏳ To Create | | 203 | PHX-SOV-AR | 10.203.0.0/20 | 10.203.0.1 | ⏳ To Create | **Total:** 1 configured, 17 to create --- ## Proxmox VLAN Support Verification ### ml110 (192.168.11.10) - ✅ Bridge: vmbr0 configured - ✅ VLAN support: Available - ✅ Containers: Can be assigned VLAN tags ### r630-01 (192.168.11.11) - ✅ Bridge: vmbr0 configured - ✅ VLAN support: Available - ✅ VLAN 200 interface: Detected (vmbr0v200, nic0.200) - ✅ Containers: Can be assigned VLAN tags ### r630-02 (192.168.11.12) - ✅ Bridge: vmbr0 configured - ✅ VLAN support: Available - ✅ Containers: Can be assigned VLAN tags **Status:** ✅ All Proxmox hosts support VLAN assignment --- ## How to Utilize VLAN Plan ### Step 1: Create Additional VLANs (Via UDM Pro Web UI) For each VLAN (110-203): 1. **Navigate:** Settings → Networks → Create New Network 2. **Configure:** - Name: [VLAN Name] (e.g., BESU-VAL) - VLAN ID: [VLAN ID] (e.g., 110) - Subnet: [Subnet] (e.g., 10.110.0.0/24) - Gateway: [Gateway] (e.g., 10.110.0.1) - Zone: Internal - Network Isolation: ❌ **Disabled** (important!) - DHCP: Configure as needed 3. **Save** ### Step 2: Assign VMs/Containers to VLANs (Via Proxmox) **Via Web UI:** 1. Go to: Datacenter → [Host] → VMs/Containers → [VM/Container ID] 2. Click: Hardware → Network Device 3. Edit: Bridge = vmbr0, VLAN Tag = [VLAN ID] 4. Save **Via CLI:** ```bash # For containers pct set -net0 name=eth0,bridge=vmbr0,tag= # For VMs qm set --net0 virtio,bridge=vmbr0,tag= ``` ### Step 3: Configure Firewall Rules (Via UDM Pro) **Management → Service VLANs:** - Allow: SSH (22), Database (5432, 3306), Admin consoles (8080, etc.) **Service VLANs → Management:** - Allow: Monitoring, Logging, Health checks **Sovereign Tenant Isolation:** - Block: Inter-tenant communication (200 ↔ 201, 200 ↔ 202, etc.) --- ## Testing VLAN Utilization ### Test 1: Verify VLAN Creation ```bash # After creating a VLAN, test gateway connectivity ping 10.110.0.1 # BESU-VAL gateway (after creation) ``` ### Test 2: Verify VM/Container VLAN Assignment ```bash # Check container network configuration ssh root@192.168.11.10 "pct config | grep net0" # Should show: bridge=vmbr0,tag= ``` ### Test 3: Verify Inter-VLAN Routing ```bash # From VLAN 11, test routing to other VLANs ping 10.110.0.1 # BESU-VAL ping 10.111.0.1 # BESU-SEN # etc. ``` --- ## Current Capabilities ### ✅ What You Can Do Now 1. **Assign VMs/Containers to VLAN 11** - Working 2. **Access Proxmox hosts** - All accessible 3. **Configure firewall rules** - Rules can be added 4. **Test inter-VLAN routing** - Enabled (after VLANs created) 5. **Create additional VLANs** - Ready via UDM Pro web UI ### ⏳ What Requires Additional Configuration 1. **Create remaining VLANs** - Via UDM Pro web UI (17 VLANs) 2. **Configure DHCP** - For each VLAN (optional) 3. **Set up firewall rules** - Inter-VLAN communication 4. **Migrate VMs/containers** - Assign to appropriate VLANs --- ## Quick Start: Create Your Next VLAN ### Example: Create VLAN 110 (BESU-VAL) 1. **Access UDM Pro:** - URL: https://192.168.0.1 (or https://192.168.11.1 if accessible) - Login: unifi_api / L@kers2010$$ 2. **Create Network:** - Settings → Networks → Create New Network - Name: `BESU-VAL` - VLAN ID: `110` - Subnet: `10.110.0.0/24` - Gateway: `10.110.0.1` - Zone: `Internal` - Network Isolation: ❌ **Unchecked** (critical!) - Save 3. **Verify:** - Test routing: `ping 10.110.0.1` from VLAN 11 - Check Zone Matrix: Internal → Internal = Allow All 4. **Assign Container:** - Proxmox Web UI → Container → Network → VLAN Tag: 110 --- ## Verification Checklist - [x] VLAN 11 operational - [x] Proxmox hosts accessible - [x] Proxmox VLAN support verified - [x] Network Isolation disabled - [x] Zone Matrix configured (Internal → Internal = Allow All) - [x] Firewall rules allow Default network - [ ] Additional VLANs created (110-203) - [ ] Firewall rules for inter-VLAN communication - [ ] VMs/containers assigned to VLANs --- ## Summary **Status:** ✅ **READY TO UTILIZE VLAN PLAN** **Foundation Complete:** - ✅ VLAN 11 operational - ✅ Proxmox accessible and VLAN-ready - ✅ Routing enabled - ✅ Firewall configured - ✅ All prerequisites met **Next Steps:** 1. Create additional VLANs via UDM Pro web UI 2. Assign VMs/containers to VLANs via Proxmox 3. Configure firewall rules for inter-VLAN communication 4. Test and verify VLAN utilization **You can now utilize the VLAN plan!** The infrastructure is ready. --- **Last Updated:** 2026-01-14