d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
76e2e64008c8b0dd38dcf5cb4731e8ee170c5d43
proxmox/docs/04-configuration/UDM_PRO_VLAN_CONFIGURATION_STATUS.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

204 lines
6.3 KiB
Markdown
Raw Blame History

# UDM Pro VLAN Configuration Status
**Last Updated:** 2026-01-14
**Status:****100% CONFIGURED** - ALL 19 VLANs Created!
---
## Current Configuration Status
Based on UDM Pro web interface screenshots, **ALL VLANs from the plan are configured**:
### ✅ Complete VLAN List (All 19 Networks)
| # | VLAN ID | Name | Subnet | Status |
|---|---------|------|--------|--------|
| 1 | 1 | Default | 192.168.0.0/24 | ✅ Configured |
| 2 | 11 | MGMT-LAN | 192.168.11.0/24 | ✅ Configured |
| 3 | 110 | BESU-VAL | 10.110.0.0/24 | ✅ Configured |
| 4 | 111 | BESU-SEN | 10.111.0.0/24 | ✅ Configured |
| 5 | 112 | BESU-RPC | 10.112.0.0/24 | ✅ Configured |
| 6 | 120 | BLOCKSCOUT | 10.120.0.0/24 | ✅ Configured |
| 7 | 121 | CACTI | 10.121.0.0/24 | ✅ Configured |
| 8 | 130 | CCIP-OPS | 10.130.0.0/24 | ✅ Configured |
| 9 | 132 | CCIP-COMMIT | 10.132.0.0/24 | ✅ Configured |
| 10 | 133 | CCIP-EXEC | 10.133.0.0/24 | ✅ Configured |
| 11 | 134 | CCIP-RMN | 10.134.0.0/24 | ✅ Configured |
| 12 | 140 | FABRIC | 10.140.0.0/24 | ✅ Configured |
| 13 | 141 | FIREFLY | 10.141.0.0/24 | ✅ Configured |
| 14 | 150 | INDY | 10.150.0.0/24 | ✅ Configured |
| 15 | 160 | SANKOFA-SVC | 10.160.0.0/22 | ✅ Configured |
| 16 | 200 | PHX-SOV-SMOM | 10.200.0.0/20 | ✅ Configured |
| 17 | 201 | PHX-SOV-ICCC | 10.201.0.0/20 | ✅ Configured |
| 18 | 202 | PHX-SOV-DBIS | 10.202.0.0/24 | ✅ Configured ⚠️ |
| 19 | 203 | PHX-SOV-AR | 10.203.0.0/20 | ✅ Configured |
**Total Configured:****19/19 Networks (100%)**
**Note:** PHX-SOV-DBIS shows `/24` instead of `/20` as in the plan. This may be intentional or needs verification.
---
## Verification Steps
### Step 1: Check All Configured Networks
1. **Access UDM Pro:**
- URL: https://192.168.0.1
- Navigate: Settings → Networks → Networks
2. **Review All Pages:**
- Check page 2 (networks 11-20)
- Verify which VLANs from the plan are already configured
3. **Document Missing VLANs:**
- Compare configured VLANs with the plan
- Note which ones still need to be created
### Step 2: Verify Network Settings
For each configured VLAN, verify:
1. **Basic Settings:**
- ✅ VLAN ID matches plan
- ✅ Subnet matches plan
- ✅ Gateway IP matches plan
2. **Zone Assignment:**
- ✅ All VLANs should be in "Internal" zone
- ✅ Verify: Settings → Networks → [VLAN] → Zone = Internal
3. **Network Isolation:**
- ✅ "Isolate Network" should be **UNCHECKED** for all VLANs
- ✅ This enables inter-VLAN routing
4. **DHCP Configuration:**
- ✅ DHCP Server enabled (if needed)
- ✅ DHCP range configured appropriately
### Step 3: Verify Zone Matrix
1. **Navigate:** Policy Engine → Zone Matrix
2. **Verify:** Internal → Internal = **Allow All**
3. **This enables inter-VLAN communication**
---
## Next Steps
### Immediate Actions
1. **✅ Verify All 19 Networks**
- Check pages 2-3 of the network list
- Document which VLANs are configured
- Identify missing VLANs
2. **✅ Verify Network Isolation**
- Ensure "Isolate Network" is unchecked for all VLANs
- This is critical for inter-VLAN routing
3. **✅ Verify Zone Matrix**
- Internal → Internal = Allow All
- This enables inter-VLAN communication
### Short-term (This Week)
1. **Create Missing VLANs**
- Create any VLANs not yet configured
- Follow the plan: VLANs 134, 140, 141, 150, 160, 200-203
2. **Configure DHCP**
- Set up DHCP ranges for each VLAN (if needed)
- Or configure static IPs for production
3. **Test Inter-VLAN Routing**
- From VLAN 11, test routing to other VLANs
- Verify connectivity between VLANs
### Long-term (This Month)
1. **Configure Firewall Rules**
- Management → Service VLANs
- Service VLANs → Management
- Sovereign tenant isolation
2. **Assign VMs/Containers to VLANs**
- Migrate VMs/containers to appropriate VLANs
- Test connectivity
3. **Document VLAN Assignments**
- Document which services are on which VLANs
- Update architecture documentation
---
## Configuration Checklist
### Network Configuration
- [x] Default (VLAN 1) - ✅ Configured
- [x] MGMT-LAN (VLAN 11) - ✅ Configured
- [x] BESU-VAL (VLAN 110) - ✅ Configured
- [x] BESU-SEN (VLAN 111) - ✅ Configured
- [x] BESU-RPC (VLAN 112) - ✅ Configured
- [x] BLOCKSCOUT (VLAN 120) - ✅ Configured
- [x] CACTI (VLAN 121) - ✅ Configured
- [x] CCIP-OPS (VLAN 130) - ✅ Configured
- [x] CCIP-COMMIT (VLAN 132) - ✅ Configured
- [x] CCIP-EXEC (VLAN 133) - ✅ Configured
- [x] CCIP-RMN (VLAN 134) - ✅ Configured
- [x] FABRIC (VLAN 140) - ✅ Configured
- [x] FIREFLY (VLAN 141) - ✅ Configured
- [x] INDY (VLAN 150) - ✅ Configured
- [x] SANKOFA-SVC (VLAN 160) - ✅ Configured
- [x] PHX-SOV-SMOM (VLAN 200) - ✅ Configured
- [x] PHX-SOV-ICCC (VLAN 201) - ✅ Configured
- [x] PHX-SOV-DBIS (VLAN 202) - ✅ Configured (⚠️ /24 instead of /20)
- [x] PHX-SOV-AR (VLAN 203) - ✅ Configured
**Status:****19/19 Networks Configured (100%)**
### Network Settings Verification
- [ ] All VLANs in "Internal" zone
- [ ] "Isolate Network" unchecked for all VLANs
- [ ] Zone Matrix: Internal → Internal = Allow All
- [ ] DHCP configured appropriately
- [ ] Gateway IPs match plan
### Firewall Configuration
- [ ] Management → Service VLANs rules
- [ ] Service VLANs → Management rules
- [ ] Sovereign tenant isolation rules
---
## Summary
**Status:****100% COMPLETE - ALL VLANs CONFIGURED!**
**Current State:**
-**ALL 19 VLANs configured** (100% complete)
- ✅ Core networks (Default, MGMT-LAN) operational
- ✅ Besu networks (110-112) configured
- ✅ Service VLANs (120-121, 130, 132-134) configured
- ✅ Additional service VLANs (140-141, 150, 160) configured
- ✅ Sovereign tenant VLANs (200-203) configured
- ⚠️ PHX-SOV-DBIS shows `/24` instead of `/20` (needs verification)
**Next Steps:**
1.~~Verify all 19 networks~~ - **COMPLETE**
2. ⏳ Verify Network Isolation settings (ensure disabled for all VLANs)
3. ⏳ Verify Zone Matrix configuration (Internal → Internal = Allow All)
4. ⏳ Verify PHX-SOV-DBIS subnet (/24 vs /20)
5. ⏳ Test inter-VLAN routing
6. ⏳ Configure firewall rules for inter-VLAN communication
7. ⏳ Assign VMs/containers to appropriate VLANs
**VLAN Plan Utilization:****READY TO PROCEED** - All VLANs are configured!
---
**Last Updated:** 2026-01-14
Reference in New Issue View Git Blame Copy Permalink