d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc8abb06e2bbd33e30803ca59d284ead8ea970c6
proxmox/docs/04-configuration/UDM_PRO_VLAN_UTILIZATION_STATUS.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

275 lines
7.3 KiB
Markdown
Raw Blame History

# UDM Pro VLAN Plan - Utilization Status
**Last Updated:** 2026-01-14
**Status:****READY TO UTILIZE VLAN PLAN**
---
## Executive Summary
**VLAN Plan Status:****Foundation Complete - Ready for Utilization**
All prerequisites are met to utilize the complete VLAN plan. The infrastructure is ready for VLAN assignment and inter-VLAN communication.
---
## Current Status
### ✅ Completed Prerequisites
1. **VLAN 11 (MGMT-LAN)** - ✅ Fully Operational
- Subnet: 192.168.11.0/24
- Gateway: 192.168.11.1
- Proxmox hosts accessible
- Firewall configured
2. **Network Isolation** - ✅ Disabled
- Allows inter-VLAN routing
- Verified on MGMT-LAN
3. **Zone Matrix** - ✅ Configured
- Internal → Internal: Allow All
- Enables inter-VLAN communication
4. **Proxmox VLAN Support** - ✅ Verified
- VLAN-aware bridges configured on all hosts
- Bridge VLAN support confirmed
- Ready for VLAN assignment
5. **Firewall Rules** - ✅ Configured
- Default network (192.168.0.0/24) → Proxmox hosts
- VLAN 11 (192.168.11.0/24) → Proxmox hosts
- Ready for inter-VLAN rules
6. **Proxmox Hosts** - ✅ All Accessible
- ml110: 192.168.11.10
- r630-01: 192.168.11.11
- r630-02: 192.168.11.12
---
## VLAN Plan (18 VLANs)
### Core Management
| VLAN ID | Name | Subnet | Gateway | Status |
|--------:|------|--------|---------|--------|
| **11** | MGMT-LAN | 192.168.11.0/24 | 192.168.11.1 | ✅ Operational |
### Besu Networks
| VLAN ID | Name | Subnet | Gateway | Status |
|--------:|------|--------|---------|--------|
| 110 | BESU-VAL | 10.110.0.0/24 | 10.110.0.1 | ⏳ To Create |
| 111 | BESU-SEN | 10.111.0.0/24 | 10.111.0.1 | ⏳ To Create |
| 112 | BESU-RPC | 10.112.0.0/24 | 10.112.0.1 | ⏳ To Create |
### Service VLANs
| VLAN ID | Name | Subnet | Gateway | Status |
|--------:|------|--------|---------|--------|
| 120 | BLOCKSCOUT | 10.120.0.0/24 | 10.120.0.1 | ⏳ To Create |
| 121 | CACTI | 10.121.0.0/24 | 10.121.0.1 | ⏳ To Create |
| 130 | CCIP-OPS | 10.130.0.0/24 | 10.130.0.1 | ⏳ To Create |
| 132 | CCIP-COMMIT | 10.132.0.0/24 | 10.132.0.1 | ⏳ To Create |
| 133 | CCIP-EXEC | 10.133.0.0/24 | 10.133.0.1 | ⏳ To Create |
| 134 | CCIP-RMN | 10.134.0.0/24 | 10.134.0.1 | ⏳ To Create |
| 140 | FABRIC | 10.140.0.0/24 | 10.140.0.1 | ⏳ To Create |
| 141 | FIREFLY | 10.141.0.0/24 | 10.141.0.1 | ⏳ To Create |
| 150 | INDY | 10.150.0.0/24 | 10.150.0.1 | ⏳ To Create |
| 160 | SANKOFA-SVC | 10.160.0.0/22 | 10.160.0.1 | ⏳ To Create |
### Sovereign Tenants
| VLAN ID | Name | Subnet | Gateway | Status |
|--------:|------|--------|---------|--------|
| 200 | PHX-SOV-SMOM | 10.200.0.0/20 | 10.200.0.1 | ⏳ To Create |
| 201 | PHX-SOV-ICCC | 10.201.0.0/20 | 10.201.0.1 | ⏳ To Create |
| 202 | PHX-SOV-DBIS | 10.202.0.0/20 | 10.202.0.1 | ⏳ To Create |
| 203 | PHX-SOV-AR | 10.203.0.0/20 | 10.203.0.1 | ⏳ To Create |
**Total:** 1 configured, 17 to create
---
## Proxmox VLAN Support Verification
### ml110 (192.168.11.10)
- ✅ Bridge: vmbr0 configured
- ✅ VLAN support: Available
- ✅ Containers: Can be assigned VLAN tags
### r630-01 (192.168.11.11)
- ✅ Bridge: vmbr0 configured
- ✅ VLAN support: Available
- ✅ VLAN 200 interface: Detected (vmbr0v200, nic0.200)
- ✅ Containers: Can be assigned VLAN tags
### r630-02 (192.168.11.12)
- ✅ Bridge: vmbr0 configured
- ✅ VLAN support: Available
- ✅ Containers: Can be assigned VLAN tags
**Status:** ✅ All Proxmox hosts support VLAN assignment
---
## How to Utilize VLAN Plan
### Step 1: Create Additional VLANs (Via UDM Pro Web UI)
For each VLAN (110-203):
1. **Navigate:** Settings → Networks → Create New Network
2. **Configure:**
- Name: [VLAN Name] (e.g., BESU-VAL)
- VLAN ID: [VLAN ID] (e.g., 110)
- Subnet: [Subnet] (e.g., 10.110.0.0/24)
- Gateway: [Gateway] (e.g., 10.110.0.1)
- Zone: Internal
- Network Isolation: ❌ **Disabled** (important!)
- DHCP: Configure as needed
3. **Save**
### Step 2: Assign VMs/Containers to VLANs (Via Proxmox)
**Via Web UI:**
1. Go to: Datacenter → [Host] → VMs/Containers → [VM/Container ID]
2. Click: Hardware → Network Device
3. Edit: Bridge = vmbr0, VLAN Tag = [VLAN ID]
4. Save
**Via CLI:**
```bash
# For containers
pct set <CTID> -net0 name=eth0,bridge=vmbr0,tag=<VLAN_ID>
# For VMs
qm set <VMID> --net0 virtio,bridge=vmbr0,tag=<VLAN_ID>
```
### Step 3: Configure Firewall Rules (Via UDM Pro)
**Management → Service VLANs:**
- Allow: SSH (22), Database (5432, 3306), Admin consoles (8080, etc.)
**Service VLANs → Management:**
- Allow: Monitoring, Logging, Health checks
**Sovereign Tenant Isolation:**
- Block: Inter-tenant communication (200 ↔ 201, 200 ↔ 202, etc.)
---
## Testing VLAN Utilization
### Test 1: Verify VLAN Creation
```bash
# After creating a VLAN, test gateway connectivity
ping 10.110.0.1 # BESU-VAL gateway (after creation)
```
### Test 2: Verify VM/Container VLAN Assignment
```bash
# Check container network configuration
ssh root@192.168.11.10 "pct config <CTID> | grep net0"
# Should show: bridge=vmbr0,tag=<VLAN_ID>
```
### Test 3: Verify Inter-VLAN Routing
```bash
# From VLAN 11, test routing to other VLANs
ping 10.110.0.1 # BESU-VAL
ping 10.111.0.1 # BESU-SEN
# etc.
```
---
## Current Capabilities
### ✅ What You Can Do Now
1. **Assign VMs/Containers to VLAN 11** - Working
2. **Access Proxmox hosts** - All accessible
3. **Configure firewall rules** - Rules can be added
4. **Test inter-VLAN routing** - Enabled (after VLANs created)
5. **Create additional VLANs** - Ready via UDM Pro web UI
### ⏳ What Requires Additional Configuration
1. **Create remaining VLANs** - Via UDM Pro web UI (17 VLANs)
2. **Configure DHCP** - For each VLAN (optional)
3. **Set up firewall rules** - Inter-VLAN communication
4. **Migrate VMs/containers** - Assign to appropriate VLANs
---
## Quick Start: Create Your Next VLAN
### Example: Create VLAN 110 (BESU-VAL)
1. **Access UDM Pro:**
- URL: https://192.168.0.1 (or https://192.168.11.1 if accessible)
- Login: unifi_api / L@kers2010$$
2. **Create Network:**
- Settings → Networks → Create New Network
- Name: `BESU-VAL`
- VLAN ID: `110`
- Subnet: `10.110.0.0/24`
- Gateway: `10.110.0.1`
- Zone: `Internal`
- Network Isolation: ❌ **Unchecked** (critical!)
- Save
3. **Verify:**
- Test routing: `ping 10.110.0.1` from VLAN 11
- Check Zone Matrix: Internal → Internal = Allow All
4. **Assign Container:**
- Proxmox Web UI → Container → Network → VLAN Tag: 110
---
## Verification Checklist
- [x] VLAN 11 operational
- [x] Proxmox hosts accessible
- [x] Proxmox VLAN support verified
- [x] Network Isolation disabled
- [x] Zone Matrix configured (Internal → Internal = Allow All)
- [x] Firewall rules allow Default network
- [ ] Additional VLANs created (110-203)
- [ ] Firewall rules for inter-VLAN communication
- [ ] VMs/containers assigned to VLANs
---
## Summary
**Status:****READY TO UTILIZE VLAN PLAN**
**Foundation Complete:**
- ✅ VLAN 11 operational
- ✅ Proxmox accessible and VLAN-ready
- ✅ Routing enabled
- ✅ Firewall configured
- ✅ All prerequisites met
**Next Steps:**
1. Create additional VLANs via UDM Pro web UI
2. Assign VMs/containers to VLANs via Proxmox
3. Configure firewall rules for inter-VLAN communication
4. Test and verify VLAN utilization
**You can now utilize the VLAN plan!** The infrastructure is ready.
---
**Last Updated:** 2026-01-14
Reference in New Issue View Git Blame Copy Permalink