d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
proxmox/docs/04-configuration/UDM_PRO_ROUTING_TROUBLESHOOTING.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

5.4 KiB
Raw Permalink Blame History

UDM Pro Routing Troubleshooting Guide

Last Updated: 2026-01-13
Status: Active Documentation Issue: 192.168.0.23 cannot reach 192.168.11.10 (VLAN 11)
Error: "Destination Host Unreachable" from 192.168.0.1

Problem Summary

Source: 192.168.0.23 (on 192.168.0.0/24 - UDM Pro default network)
Destination: 192.168.11.10 (on 192.168.11.0/24 - VLAN 11 MGMT-LAN)
Gateway: 192.168.0.1 (UDM Pro)

Symptoms:

  • Ping fails with "Destination Host Unreachable"
  • Firewall rule created successfully (allows 192.168.0.0/24 → VLAN 11)
  • Routing issue persists

Root Cause

The UDM Pro at 192.168.0.1 doesn't have a route configured to reach 192.168.11.0/24. While inter-VLAN routing is enabled by default for networks configured as VLANs on the UDM Pro, the 192.168.0.0/24 network (UDM Pro's default/management network) may not automatically route to other VLANs.

Solution: Configure Inter-VLAN Routing

Option 1: Verify VLAN 11 Network Configuration (Recommended)

  1. Access UniFi Network Web Interface:

    • URL: https://192.168.0.1
    • Login with admin credentials

  2. Navigate to Network Settings:

    • Go to SettingsNetworks
    • Click on MGMT-LAN (VLAN 11)

  3. Verify Network Configuration:

    • Network Name: MGMT-LAN
    • VLAN ID: 11
    • Subnet: 192.168.11.0/24
    • Gateway IP/Subnet: 192.168.11.1/24
    • DHCP Mode: DHCP Server (or DHCP Server with DHCP Guard)
    • DHCP Range: 192.168.11.100-192.168.11.200

  4. Check Routing Settings:

    • Look for "Enable Inter-VLAN Routing" or "Route Between VLANs" option
    • Ensure it's enabled
    • Save if changes were made

  5. Verify Default Network Configuration:

    • Go to SettingsNetworks
    • Find the default network (usually named "Default" or "LAN")
    • Verify it's configured as 192.168.0.0/24
    • Check if inter-VLAN routing is enabled

Option 2: Configure Static Route (If Option 1 Doesn't Work)

If inter-VLAN routing is enabled but still not working, you may need to add a static route:

  1. Navigate to Routing Settings:

    • Go to SettingsRouting & FirewallStatic Routes (or Routes)

  2. Add Static Route:

    • Name: Route to VLAN 11
    • Destination Network: 192.168.11.0/24
    • Gateway: 192.168.11.1 (or leave blank if using interface routing)
    • Interface: Select the interface/VLAN for VLAN 11
    • Distance: 1 (or default)
    • Click Add or Save

  3. Verify Route:

    • Check the static routes list
    • Ensure the route is active

Option 3: Check Firewall Rules Order

Even with routing enabled, firewall rules are evaluated first. Verify:

  1. Check ACL Rules Priority:

    • The "Allow Default Network to Management VLAN" rule should have priority 5
    • Ensure no BLOCK rules with higher priority are blocking the traffic

  2. Verify Rule Status:

    cd /home/intlc/projects/proxmox
NODE_TLS_REJECT_UNAUTHORIZED=0 node scripts/unifi/list-acl-rules-node.js

  3. Check for Default Deny Rules:

    • UDM Pro may have a default deny policy for inter-VLAN traffic
    • Ensure explicit ALLOW rules are in place

Verification Steps

Step 1: Test Routing from UDM Pro

  1. SSH to UDM Pro (if SSH is enabled):

    ssh root@192.168.0.1

  2. Test ping from UDM Pro:

    ping -c 3 192.168.11.10

    Expected Result: Should succeed if routing is configured correctly

Step 2: Check Routing Table

From UDM Pro (via SSH or web interface):

  1. View routing table:

    • Via SSH: ip route show or route -n
    • Via Web UI: SettingsRouting & FirewallRoutes

  2. Look for route to 192.168.11.0/24:

    • Should show: 192.168.11.0/24 via <gateway> dev <interface>
    • Or: 192.168.11.0/24 dev <vlan-interface>

Step 3: Test from Source Device

From 192.168.0.23:

# Test ping
ping -c 3 192.168.11.10

# Test with traceroute (if available)
traceroute 192.168.11.10

Expected Result: Should succeed after routing is configured

Alternative: Use VLAN 11 Gateway Directly

If routing through UDM Pro continues to fail, you can configure the source device to use the VLAN 11 gateway directly:

  1. Add static route on source device (192.168.0.23):

    # Linux
sudo ip route add 192.168.11.0/24 via 192.168.11.1

# Or add to /etc/network/interfaces or systemd-networkd

  2. Or configure default gateway:

    • Change default gateway to 192.168.11.1 if accessing VLAN 11 is primary use case
    • Not recommended if you need access to both networks

Troubleshooting Checklist

  • Firewall rule created and enabled (Priority 5)
  • VLAN 11 network configured correctly on UDM Pro
  • Inter-VLAN routing enabled on UDM Pro
  • Static route configured (if needed)
  • No BLOCK rules with higher priority blocking traffic
  • UDM Pro can ping 192.168.11.10 directly
  • Routing table shows route to 192.168.11.0/24
  • Source device can reach UDM Pro (ping 192.168.0.1)
  • Destination host is online (ping 192.168.11.10 from VLAN 11)

Related Documentation

Last Updated: 2026-01-13

Reference in New Issue View Git Blame Copy Permalink