d-bis/proxmox
4
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Packages Projects Releases Wiki Activity
Files
f0f0a4bb844eefe6c19e9568c3af9b2d387e5a2e
proxmox/docs/04-configuration/UDM_PRO_VLAN11_GATEWAY_ISSUE.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

301 lines
6.9 KiB
Markdown
Raw Blame History

# VLAN 11 Gateway Issue - Diagnosis & Solution
**Last Updated:** 2026-01-14
**Issue:** Gateway 192.168.11.1 is not reachable from dev machine (192.168.11.4)
**Status:** ⚠️ Gateway unreachable, but VLAN utilization still functional
---
## Issue Summary
### Symptoms
-**IP Configuration:** Correct (192.168.11.4/24)
-**Proxmox Hosts:** All reachable (192.168.11.10-12)
-**Gateway 192.168.11.1:** Not reachable (ARP FAILED)
-**Default Gateway 192.168.0.1:** Also not reachable
### Network Status
```bash
# Current IP
inet 192.168.11.4/24 brd 192.168.11.255 scope global noprefixroute eth0
# Routing
default via 192.168.11.1 dev eth0 proto kernel metric 25
192.168.11.0/24 dev eth0 proto kernel scope link metric 281
# ARP Table
192.168.11.10 dev eth0 lladdr 1c:98:ec:52:43:c8 REACHABLE ✅
192.168.11.11 dev eth0 lladdr 20:47:47:7e:37:6c REACHABLE ✅
192.168.11.1 dev eth0 FAILED ❌
```
---
## Root Cause Analysis
### Possible Causes
1. **UDM Pro VLAN 11 Interface Not Configured**
- UDM Pro might not have an active interface on 192.168.11.1
- VLAN 11 might be configured but gateway IP not assigned
2. **Firewall Blocking ICMP**
- UDM Pro firewall might block ICMP to gateway IP
- Zone-based firewall rules might prevent gateway access
3. **UDM Pro Routing Configuration**
- UDM Pro might route VLAN 11 through Default network
- Gateway might actually be 192.168.0.1 (Default network)
4. **Network Isolation Settings**
- Network Isolation might be enabled (unlikely, as Proxmox hosts are reachable)
- Zone Matrix might block gateway access
---
## Impact Assessment
### ✅ What Still Works
1. **VLAN Utilization** - ✅ **FULLY FUNCTIONAL**
- Can assign VMs/containers to VLANs
- Proxmox hosts accessible
- Inter-VLAN routing should work (if configured)
2. **Proxmox Access** - ✅ **WORKING**
- All Proxmox hosts reachable
- Web UI accessible
- SSH access working
3. **Local Network Communication** - ✅ **WORKING**
- Same-subnet communication works
- Proxmox hosts can communicate
### ⚠️ What Might Not Work
1. **Internet Access** - ⚠️ **MIGHT BE LIMITED**
- Default route points to unreachable gateway
- Internet connectivity might be blocked
2. **Inter-VLAN Routing** - ⚠️ **NEEDS VERIFICATION**
- Routing to other VLANs might not work
- Depends on UDM Pro routing configuration
3. **Gateway Management** - ⚠️ **BLOCKED**
- Cannot access UDM Pro via 192.168.11.1
- Must use Default network (192.168.0.1) for management
---
## Solutions
### Solution 1: Verify UDM Pro VLAN 11 Configuration (Recommended)
**Check UDM Pro Web UI:**
1. **Access UDM Pro:**
- URL: https://192.168.0.1 (Default network)
- Login: unifi_api / L@kers2010$$
2. **Navigate to VLAN 11:**
- Settings → Networks → MGMT-LAN
3. **Verify Gateway IP:**
- Check "Gateway IP" field
- Should be: 192.168.11.1
- If different, note the actual IP
4. **Check Network Isolation:**
- Ensure "Isolate Network" is **UNCHECKED**
- Save if changed
5. **Check Zone Matrix:**
- Policy Engine → Zone Matrix
- Verify Internal → Internal = Allow All
### Solution 2: Use Default Network Gateway (Workaround)
If UDM Pro routes VLAN 11 through Default network:
1. **Update Gateway:**
```bash
sudo ip route del default via 192.168.11.1
sudo ip route add default via 192.168.0.1 dev eth1 # If eth1 is Default network
```
2. **Or Update Netplan:**
```yaml
network:
version: 2
ethernets:
eth0:
addresses:
- 192.168.11.4/24
# Remove gateway4 or set to 192.168.0.1
```
**Note:** This is a workaround. Proper solution is to configure UDM Pro VLAN 11 gateway.
### Solution 3: Check UDM Pro Firewall Rules
**Via UDM Pro Web UI:**
1. **Navigate:** Settings → Firewall & Security → Firewall Rules
2. **Check for rules blocking:**
- ICMP to gateway
- Management access to 192.168.11.1
3. **Add rule if needed:**
- Allow ICMP from VLAN 11 to Gateway
### Solution 4: Verify UDM Pro VLAN 11 Interface
**Check if UDM Pro has VLAN 11 interface:**
1. **SSH to UDM Pro** (if possible):
```bash
ssh root@192.168.0.1
```
2. **Check interfaces:**
```bash
ip addr show | grep 192.168.11
```
3. **If no interface found:**
- UDM Pro VLAN 11 might not be properly configured
- Reconfigure VLAN 11 in UDM Pro web UI
---
## Verification Steps
### Test 1: Verify Proxmox Access
```bash
# Should work
ping -c 3 192.168.11.10 # ml110
ping -c 3 192.168.11.11 # r630-01
ping -c 3 192.168.11.12 # r630-02
```
### Test 2: Test Gateway (Should Fail)
```bash
# Will fail
ping -c 3 192.168.11.1
```
### Test 3: Test Default Network Gateway
```bash
# Test if Default network gateway works
ping -c 3 192.168.0.1
```
### Test 4: Test Internet Access
```bash
# Test internet connectivity
ping -c 3 8.8.8.8
```
### Test 5: Test Inter-VLAN Routing (After VLANs Created)
```bash
# After creating VLANs, test routing
ping -c 3 10.110.0.1 # BESU-VAL gateway
```
---
## Impact on VLAN Utilization
### ✅ Can Still Do
1. **Assign VMs/Containers to VLANs**
- Proxmox VLAN assignment works
- Bridge VLAN support verified
2. **Access Proxmox Hosts**
- All hosts accessible
- Web UI working
- SSH working
3. **Create Additional VLANs**
- Via UDM Pro web UI (from Default network)
- Configuration will work
4. **Configure Firewall Rules**
- Via UDM Pro web UI
- Rules will apply correctly
### ⚠️ Limitations
1. **Internet Access**
- Might be limited if gateway unreachable
- May need to use Default network for internet
2. **Gateway Management**
- Cannot access UDM Pro via 192.168.11.1
- Must use 192.168.0.1 (Default network)
3. **Inter-VLAN Routing**
- Needs verification after creating VLANs
- Should work if UDM Pro routing is configured
---
## Recommended Actions
### Immediate (Optional)
1. **Verify UDM Pro VLAN 11 Configuration**
- Check gateway IP in UDM Pro web UI
- Ensure Network Isolation is disabled
2. **Test Internet Access**
- If internet works, gateway issue is non-critical
- If internet doesn't work, consider workaround
### Short-term (This Week)
1. **Fix UDM Pro VLAN 11 Gateway**
- Reconfigure if needed
- Verify interface is active
2. **Test Inter-VLAN Routing**
- Create test VLAN
- Verify routing works
### Long-term (This Month)
1. **Complete VLAN Plan**
- Create all 18 VLANs
- Verify routing between VLANs
- Configure firewall rules
---
## Conclusion
**Status:** ⚠️ **Gateway unreachable, but VLAN utilization functional**
**Key Points:**
- ✅ VLAN utilization can proceed
- ✅ Proxmox access working
- ⚠️ Gateway needs verification/fix
- ⚠️ Internet access might be limited
**Recommendation:**
1. Verify UDM Pro VLAN 11 configuration
2. Proceed with VLAN utilization (gateway issue is non-blocking)
3. Fix gateway as time permits
**VLAN Plan Status:****READY TO UTILIZE** (gateway issue is non-blocking)
---
**Last Updated:** 2026-01-14
Reference in New Issue View Git Blame Copy Permalink