d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4eead3e53fecdb2b7e629bb9f56b22ff92c61d2e
proxmox/docs/04-configuration/UDM_PRO_VLAN11_GATEWAY_ISSUE.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

6.9 KiB
Raw Blame History

VLAN 11 Gateway Issue - Diagnosis & Solution

Last Updated: 2026-01-14
Issue: Gateway 192.168.11.1 is not reachable from dev machine (192.168.11.4)
Status: ⚠️ Gateway unreachable, but VLAN utilization still functional

Issue Summary

Symptoms

  • IP Configuration: Correct (192.168.11.4/24)
  • Proxmox Hosts: All reachable (192.168.11.10-12)
  • Gateway 192.168.11.1: Not reachable (ARP FAILED)
  • Default Gateway 192.168.0.1: Also not reachable

Network Status

# Current IP
inet 192.168.11.4/24 brd 192.168.11.255 scope global noprefixroute eth0

# Routing
default via 192.168.11.1 dev eth0 proto kernel metric 25
192.168.11.0/24 dev eth0 proto kernel scope link metric 281

# ARP Table
192.168.11.10 dev eth0 lladdr 1c:98:ec:52:43:c8 REACHABLE ✅
192.168.11.11 dev eth0 lladdr 20:47:47:7e:37:6c REACHABLE ✅
192.168.11.1 dev eth0 FAILED ❌

Root Cause Analysis

Possible Causes

  1. UDM Pro VLAN 11 Interface Not Configured

    • UDM Pro might not have an active interface on 192.168.11.1
    • VLAN 11 might be configured but gateway IP not assigned

  2. Firewall Blocking ICMP

    • UDM Pro firewall might block ICMP to gateway IP
    • Zone-based firewall rules might prevent gateway access

  3. UDM Pro Routing Configuration

    • UDM Pro might route VLAN 11 through Default network
    • Gateway might actually be 192.168.0.1 (Default network)

  4. Network Isolation Settings

    • Network Isolation might be enabled (unlikely, as Proxmox hosts are reachable)
    • Zone Matrix might block gateway access

Impact Assessment

What Still Works

  1. VLAN Utilization - FULLY FUNCTIONAL

    • Can assign VMs/containers to VLANs
    • Proxmox hosts accessible
    • Inter-VLAN routing should work (if configured)

  2. Proxmox Access - WORKING

    • All Proxmox hosts reachable
    • Web UI accessible
    • SSH access working

  3. Local Network Communication - WORKING

    • Same-subnet communication works
    • Proxmox hosts can communicate

⚠️ What Might Not Work

  1. Internet Access - ⚠️ MIGHT BE LIMITED

    • Default route points to unreachable gateway
    • Internet connectivity might be blocked

  2. Inter-VLAN Routing - ⚠️ NEEDS VERIFICATION

    • Routing to other VLANs might not work
    • Depends on UDM Pro routing configuration

  3. Gateway Management - ⚠️ BLOCKED

    • Cannot access UDM Pro via 192.168.11.1
    • Must use Default network (192.168.0.1) for management

Solutions

Solution 1: Verify UDM Pro VLAN 11 Configuration (Recommended)

Check UDM Pro Web UI:

  1. Access UDM Pro:

  2. Navigate to VLAN 11:

    • Settings → Networks → MGMT-LAN

  3. Verify Gateway IP:

    • Check "Gateway IP" field
    • Should be: 192.168.11.1
    • If different, note the actual IP

  4. Check Network Isolation:

    • Ensure "Isolate Network" is UNCHECKED
    • Save if changed

  5. Check Zone Matrix:

    • Policy Engine → Zone Matrix
    • Verify Internal → Internal = Allow All

Solution 2: Use Default Network Gateway (Workaround)

If UDM Pro routes VLAN 11 through Default network:

  1. Update Gateway:

    sudo ip route del default via 192.168.11.1
sudo ip route add default via 192.168.0.1 dev eth1  # If eth1 is Default network

  2. Or Update Netplan:

    network:
  version: 2
  ethernets:
    eth0:
      addresses:
        - 192.168.11.4/24
      # Remove gateway4 or set to 192.168.0.1

Note: This is a workaround. Proper solution is to configure UDM Pro VLAN 11 gateway.

Solution 3: Check UDM Pro Firewall Rules

Via UDM Pro Web UI:

  1. Navigate: Settings → Firewall & Security → Firewall Rules
  2. Check for rules blocking:
    • ICMP to gateway
    • Management access to 192.168.11.1
  3. Add rule if needed:
    • Allow ICMP from VLAN 11 to Gateway

Solution 4: Verify UDM Pro VLAN 11 Interface

Check if UDM Pro has VLAN 11 interface:

  1. SSH to UDM Pro (if possible):

    ssh root@192.168.0.1

  2. Check interfaces:

    ip addr show | grep 192.168.11

  3. If no interface found:

    • UDM Pro VLAN 11 might not be properly configured
    • Reconfigure VLAN 11 in UDM Pro web UI

Verification Steps

Test 1: Verify Proxmox Access

# Should work
ping -c 3 192.168.11.10  # ml110
ping -c 3 192.168.11.11  # r630-01
ping -c 3 192.168.11.12  # r630-02

Test 2: Test Gateway (Should Fail)

# Will fail
ping -c 3 192.168.11.1

Test 3: Test Default Network Gateway

# Test if Default network gateway works
ping -c 3 192.168.0.1

Test 4: Test Internet Access

# Test internet connectivity
ping -c 3 8.8.8.8

Test 5: Test Inter-VLAN Routing (After VLANs Created)

# After creating VLANs, test routing
ping -c 3 10.110.0.1  # BESU-VAL gateway

Impact on VLAN Utilization

Can Still Do

  1. Assign VMs/Containers to VLANs

    • Proxmox VLAN assignment works
    • Bridge VLAN support verified

  2. Access Proxmox Hosts

    • All hosts accessible
    • Web UI working
    • SSH working

  3. Create Additional VLANs

    • Via UDM Pro web UI (from Default network)
    • Configuration will work

  4. Configure Firewall Rules

    • Via UDM Pro web UI
    • Rules will apply correctly

⚠️ Limitations

  1. Internet Access

    • Might be limited if gateway unreachable
    • May need to use Default network for internet

  2. Gateway Management

    • Cannot access UDM Pro via 192.168.11.1
    • Must use 192.168.0.1 (Default network)

  3. Inter-VLAN Routing

    • Needs verification after creating VLANs
    • Should work if UDM Pro routing is configured

Recommended Actions

Immediate (Optional)

  1. Verify UDM Pro VLAN 11 Configuration

    • Check gateway IP in UDM Pro web UI
    • Ensure Network Isolation is disabled

  2. Test Internet Access

    • If internet works, gateway issue is non-critical
    • If internet doesn't work, consider workaround

Short-term (This Week)

  1. Fix UDM Pro VLAN 11 Gateway

    • Reconfigure if needed
    • Verify interface is active

  2. Test Inter-VLAN Routing

    • Create test VLAN
    • Verify routing works

Long-term (This Month)

  1. Complete VLAN Plan
    • Create all 18 VLANs
    • Verify routing between VLANs
    • Configure firewall rules

Conclusion

Status: ⚠️ Gateway unreachable, but VLAN utilization functional

Key Points:

  • VLAN utilization can proceed
  • Proxmox access working
  • ⚠️ Gateway needs verification/fix
  • ⚠️ Internet access might be limited

Recommendation:

  1. Verify UDM Pro VLAN 11 configuration
  2. Proceed with VLAN utilization (gateway issue is non-blocking)
  3. Fix gateway as time permits

VLAN Plan Status: READY TO UTILIZE (gateway issue is non-blocking)

Last Updated: 2026-01-14

Reference in New Issue View Git Blame Copy Permalink