d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/04-configuration/UDM_PRO_VLAN_UTILIZATION_STATUS.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

7.3 KiB
Raw Permalink Blame History

UDM Pro VLAN Plan - Utilization Status

Last Updated: 2026-01-14
Status: READY TO UTILIZE VLAN PLAN

Executive Summary

VLAN Plan Status: Foundation Complete - Ready for Utilization

All prerequisites are met to utilize the complete VLAN plan. The infrastructure is ready for VLAN assignment and inter-VLAN communication.

Current Status

Completed Prerequisites

  1. VLAN 11 (MGMT-LAN) - Fully Operational

    • Subnet: 192.168.11.0/24
    • Gateway: 192.168.11.1
    • Proxmox hosts accessible
    • Firewall configured

  2. Network Isolation - Disabled

    • Allows inter-VLAN routing
    • Verified on MGMT-LAN

  3. Zone Matrix - Configured

    • Internal → Internal: Allow All
    • Enables inter-VLAN communication

  4. Proxmox VLAN Support - Verified

    • VLAN-aware bridges configured on all hosts
    • Bridge VLAN support confirmed
    • Ready for VLAN assignment

  5. Firewall Rules - Configured

    • Default network (192.168.0.0/24) → Proxmox hosts
    • VLAN 11 (192.168.11.0/24) → Proxmox hosts
    • Ready for inter-VLAN rules

  6. Proxmox Hosts - All Accessible

    • ml110: 192.168.11.10
    • r630-01: 192.168.11.11
    • r630-02: 192.168.11.12

VLAN Plan (18 VLANs)

Core Management

VLAN ID Name Subnet Gateway Status
11 MGMT-LAN 192.168.11.0/24 192.168.11.1 Operational

Besu Networks

VLAN ID Name Subnet Gateway Status
110 BESU-VAL 10.110.0.0/24 10.110.0.1 To Create
111 BESU-SEN 10.111.0.0/24 10.111.0.1 To Create
112 BESU-RPC 10.112.0.0/24 10.112.0.1 To Create

Service VLANs

VLAN ID Name Subnet Gateway Status
120 BLOCKSCOUT 10.120.0.0/24 10.120.0.1 To Create
121 CACTI 10.121.0.0/24 10.121.0.1 To Create
130 CCIP-OPS 10.130.0.0/24 10.130.0.1 To Create
132 CCIP-COMMIT 10.132.0.0/24 10.132.0.1 To Create
133 CCIP-EXEC 10.133.0.0/24 10.133.0.1 To Create
134 CCIP-RMN 10.134.0.0/24 10.134.0.1 To Create
140 FABRIC 10.140.0.0/24 10.140.0.1 To Create
141 FIREFLY 10.141.0.0/24 10.141.0.1 To Create
150 INDY 10.150.0.0/24 10.150.0.1 To Create
160 SANKOFA-SVC 10.160.0.0/22 10.160.0.1 To Create

Sovereign Tenants

VLAN ID Name Subnet Gateway Status
200 PHX-SOV-SMOM 10.200.0.0/20 10.200.0.1 To Create
201 PHX-SOV-ICCC 10.201.0.0/20 10.201.0.1 To Create
202 PHX-SOV-DBIS 10.202.0.0/20 10.202.0.1 To Create
203 PHX-SOV-AR 10.203.0.0/20 10.203.0.1 To Create

Total: 1 configured, 17 to create

Proxmox VLAN Support Verification

ml110 (192.168.11.10)

  • Bridge: vmbr0 configured
  • VLAN support: Available
  • Containers: Can be assigned VLAN tags

r630-01 (192.168.11.11)

  • Bridge: vmbr0 configured
  • VLAN support: Available
  • VLAN 200 interface: Detected (vmbr0v200, nic0.200)
  • Containers: Can be assigned VLAN tags

r630-02 (192.168.11.12)

  • Bridge: vmbr0 configured
  • VLAN support: Available
  • Containers: Can be assigned VLAN tags

Status: All Proxmox hosts support VLAN assignment

How to Utilize VLAN Plan

Step 1: Create Additional VLANs (Via UDM Pro Web UI)

For each VLAN (110-203):

  1. Navigate: Settings → Networks → Create New Network
  2. Configure:
    • Name: [VLAN Name] (e.g., BESU-VAL)
    • VLAN ID: [VLAN ID] (e.g., 110)
    • Subnet: [Subnet] (e.g., 10.110.0.0/24)
    • Gateway: [Gateway] (e.g., 10.110.0.1)
    • Zone: Internal
    • Network Isolation: Disabled (important!)
    • DHCP: Configure as needed
  3. Save

Step 2: Assign VMs/Containers to VLANs (Via Proxmox)

Via Web UI:

  1. Go to: Datacenter → [Host] → VMs/Containers → [VM/Container ID]
  2. Click: Hardware → Network Device
  3. Edit: Bridge = vmbr0, VLAN Tag = [VLAN ID]
  4. Save

Via CLI:

# For containers
pct set <CTID> -net0 name=eth0,bridge=vmbr0,tag=<VLAN_ID>

# For VMs
qm set <VMID> --net0 virtio,bridge=vmbr0,tag=<VLAN_ID>

Step 3: Configure Firewall Rules (Via UDM Pro)

Management → Service VLANs:

  • Allow: SSH (22), Database (5432, 3306), Admin consoles (8080, etc.)

Service VLANs → Management:

  • Allow: Monitoring, Logging, Health checks

Sovereign Tenant Isolation:

  • Block: Inter-tenant communication (200 ↔ 201, 200 ↔ 202, etc.)

Testing VLAN Utilization

Test 1: Verify VLAN Creation

# After creating a VLAN, test gateway connectivity
ping 10.110.0.1  # BESU-VAL gateway (after creation)

Test 2: Verify VM/Container VLAN Assignment

# Check container network configuration
ssh root@192.168.11.10 "pct config <CTID> | grep net0"

# Should show: bridge=vmbr0,tag=<VLAN_ID>

Test 3: Verify Inter-VLAN Routing

# From VLAN 11, test routing to other VLANs
ping 10.110.0.1  # BESU-VAL
ping 10.111.0.1  # BESU-SEN
# etc.

Current Capabilities

What You Can Do Now

  1. Assign VMs/Containers to VLAN 11 - Working
  2. Access Proxmox hosts - All accessible
  3. Configure firewall rules - Rules can be added
  4. Test inter-VLAN routing - Enabled (after VLANs created)
  5. Create additional VLANs - Ready via UDM Pro web UI

What Requires Additional Configuration

  1. Create remaining VLANs - Via UDM Pro web UI (17 VLANs)
  2. Configure DHCP - For each VLAN (optional)
  3. Set up firewall rules - Inter-VLAN communication
  4. Migrate VMs/containers - Assign to appropriate VLANs

Quick Start: Create Your Next VLAN

Example: Create VLAN 110 (BESU-VAL)

  1. Access UDM Pro:

  2. Create Network:

    • Settings → Networks → Create New Network
    • Name: BESU-VAL
    • VLAN ID: 110
    • Subnet: 10.110.0.0/24
    • Gateway: 10.110.0.1
    • Zone: Internal
    • Network Isolation: Unchecked (critical!)
    • Save

  3. Verify:

    • Test routing: ping 10.110.0.1 from VLAN 11
    • Check Zone Matrix: Internal → Internal = Allow All

  4. Assign Container:

    • Proxmox Web UI → Container → Network → VLAN Tag: 110

Verification Checklist

  • VLAN 11 operational
  • Proxmox hosts accessible
  • Proxmox VLAN support verified
  • Network Isolation disabled
  • Zone Matrix configured (Internal → Internal = Allow All)
  • Firewall rules allow Default network
  • Additional VLANs created (110-203)
  • Firewall rules for inter-VLAN communication
  • VMs/containers assigned to VLANs

Summary

Status: READY TO UTILIZE VLAN PLAN

Foundation Complete:

  • VLAN 11 operational
  • Proxmox accessible and VLAN-ready
  • Routing enabled
  • Firewall configured
  • All prerequisites met

Next Steps:

  1. Create additional VLANs via UDM Pro web UI
  2. Assign VMs/containers to VLANs via Proxmox
  3. Configure firewall rules for inter-VLAN communication
  4. Test and verify VLAN utilization

You can now utilize the VLAN plan! The infrastructure is ready.

Last Updated: 2026-01-14

Reference in New Issue View Git Blame Copy Permalink