# UDM Pro Port Profiles Configuration Guide **Last Updated:** 2025-01-20 **Status:** Manual Configuration Required --- ## Overview This guide provides instructions for configuring port profiles on the UDM Pro for VLAN trunking and access ports. Port profiles define how switch ports handle VLAN traffic (tagged/untagged, native VLAN, etc.). --- ## Port Profile Types ### 1. Trunk Port Profiles (802.1Q) Trunk ports carry multiple VLANs using 802.1Q tagging. Used for: - Proxmox host uplinks - Switch-to-switch connections - Devices that need access to multiple VLANs ### 2. Access Port Profiles Access ports carry a single VLAN (untagged). Used for: - End devices (computers, servers on single VLAN) - Management devices - Simple network connections --- ## Configuration Steps ### Accessing Port Profiles 1. **Access UniFi Network Web Interface:** - Open browser: `https://192.168.0.1` - Log in with admin credentials 2. **Navigate to Port Profiles:** - Go to **Settings** → **Profiles** → **Port Profiles** - Or: **Settings** → **Switching** → **Port Profiles** - Or: **Devices** → Select switch → **Ports** → **Port Profiles** --- ## Trunk Port Profile Configuration ### Creating a Trunk Port Profile for All VLANs 1. **Create New Profile:** - Click **Create New Port Profile** or **Add Profile** - Name: `All-VLANs-Trunk` or `Service-VLANs-Trunk` 2. **Configure VLAN Settings:** - **Native Network/VLAN:** MGMT-LAN (VLAN 11) - **Tagged Networks/VLANs:** Add all service VLANs: - VLAN 11 (MGMT-LAN) - VLAN 110 (BESU-VAL) - VLAN 111 (BESU-SEN) - VLAN 112 (BESU-RPC) - VLAN 120 (BLOCKSCOUT) - VLAN 121 (CACTI) - VLAN 130 (CCIP-OPS) - VLAN 132 (CCIP-COMMIT) - VLAN 133 (CCIP-EXEC) - VLAN 134 (CCIP-RMN) - VLAN 140 (FABRIC) - VLAN 141 (FIREFLY) - VLAN 150 (INDY) - VLAN 160 (SANKOFA-SVC) - VLAN 200 (PHX-SOV-SMOM) - VLAN 201 (PHX-SOV-ICCC) - VLAN 202 (PHX-SOV-DBIS) - VLAN 203 (PHX-SOV-AR) 3. **Advanced Settings:** - **802.1X:** Disabled (unless using port-based authentication) - **STP:** Enabled (recommended) - **Port Isolation:** Disabled (for trunk ports) 4. **Save Profile:** - Click **Apply** or **Save** - Verify profile is created --- ## Access Port Profile Configuration ### Creating Access Port Profiles #### Management VLAN Access Port 1. **Create Profile:** - Name: `MGMT-LAN-Access` - **Native Network/VLAN:** MGMT-LAN (VLAN 11) - **Tagged Networks:** None (access port, single VLAN) - **Port Mode:** Access 2. **Use Cases:** - Management devices - Administrative workstations - Devices that only need management network access #### Service VLAN Access Ports (as needed) Create separate access port profiles for each service VLAN if needed: - **Name:** `[VLAN-NAME]-Access` (e.g., `BESU-VAL-Access`) - **Native Network/VLAN:** The specific service VLAN - **Tagged Networks:** None --- ## Applying Port Profiles to Switch Ports ### Method 1: Per-Port Configuration 1. **Access Switch Configuration:** - Go to **Devices** - Select the switch (UDM Pro or UniFi Switch) - Click on **Ports** tab 2. **Configure Each Port:** - Click on the port number - Select **Port Profile:** Choose the appropriate profile - Proxmox uplinks: Use `All-VLANs-Trunk` - Management devices: Use `MGMT-LAN-Access` - Service devices: Use appropriate access profile 3. **Save Configuration:** - Click **Apply Changes** - Port will be reconfigured ### Method 2: Bulk Port Configuration 1. **Select Multiple Ports:** - In switch port view, select multiple ports (checkbox) - Use Shift+Click or Ctrl+Click for multiple selection 2. **Apply Profile:** - Select port profile from dropdown - Click **Apply** or **Apply to Selected** --- ## Port Profile for Proxmox Hosts ### Recommended Configuration **Uplink Ports (Proxmox → UDM Pro/Switch):** - **Profile:** `All-VLANs-Trunk` (or custom trunk profile) - **Native VLAN:** VLAN 11 (MGMT-LAN) - **Tagged VLANs:** All service VLANs (110-203) - **Port Speed:** Auto or 1G/10G (match interface capability) ### Proxmox Bridge Configuration On Proxmox hosts, configure Linux bridges with VLAN tags: - **vmbr0:** Native VLAN (VLAN 11) - Management - **vmbr110:** VLAN 110 (BESU-VAL) - **vmbr111:** VLAN 111 (BESU-SEN) - etc. --- ## Verification ### Verify Port Profile Configuration 1. **Check Port Status:** - Go to **Devices** → Switch → **Ports** - Verify port profile is assigned - Check port status (connected, speed, VLAN info) 2. **Test Connectivity:** - Test connectivity from devices on different VLANs - Verify trunk ports carry multiple VLANs - Verify access ports only carry single VLAN 3. **Check VLAN Traffic:** - Use network monitoring tools - Verify tagged/untagged traffic as expected - Check VLAN tags on trunk ports --- ## Port Profile Best Practices ### Trunk Ports - **Native VLAN:** Use management VLAN (VLAN 11) for consistency - **Tagged VLANs:** Include all VLANs needed by connected device - **STP:** Enable Spanning Tree Protocol (prevents loops) - **Port Security:** Consider port security if needed ### Access Ports - **Single VLAN:** Only assign one VLAN per access port - **Native VLAN:** Set to the desired access VLAN - **No Tagged VLANs:** Access ports should not have tagged VLANs - **Port Security:** Enable if needed to limit MAC addresses --- ## Troubleshooting ### Port Not Working - Verify port profile is assigned - Check port is enabled - Verify physical connection - Check port speed/duplex settings - Review port statistics for errors ### VLAN Traffic Not Passing - Verify VLANs are included in trunk port profile - Check VLAN tags are correct - Verify devices are configured for VLAN tagging - Check firewall rules aren't blocking traffic - Review switch logs for VLAN-related errors ### Native VLAN Mismatch - Ensure native VLAN matches on both ends of connection - Verify native VLAN is configured correctly - Check for VLAN ID mismatches --- ## Related Documentation - [UDM_PRO_STATUS.md](./UDM_PRO_STATUS.md) - Configuration status - [UDM_PRO_CONFIGURATION_CHECKLIST.md](./UDM_PRO_CONFIGURATION_CHECKLIST.md) - Complete checklist --- **Last Updated:** 2025-01-20