d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/docs/04-configuration/UDM_PRO_PORT_PROFILES_GUIDE.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

239 lines
6.2 KiB
Markdown
Raw Permalink Blame History

# UDM Pro Port Profiles Configuration Guide
**Last Updated:** 2025-01-20
**Status:** Manual Configuration Required
---
## Overview
This guide provides instructions for configuring port profiles on the UDM Pro for VLAN trunking and access ports. Port profiles define how switch ports handle VLAN traffic (tagged/untagged, native VLAN, etc.).
---
## Port Profile Types
### 1. Trunk Port Profiles (802.1Q)
Trunk ports carry multiple VLANs using 802.1Q tagging. Used for:
- Proxmox host uplinks
- Switch-to-switch connections
- Devices that need access to multiple VLANs
### 2. Access Port Profiles
Access ports carry a single VLAN (untagged). Used for:
- End devices (computers, servers on single VLAN)
- Management devices
- Simple network connections
---
## Configuration Steps
### Accessing Port Profiles
1. **Access UniFi Network Web Interface:**
- Open browser: `https://192.168.0.1`
- Log in with admin credentials
2. **Navigate to Port Profiles:**
- Go to **Settings****Profiles****Port Profiles**
- Or: **Settings****Switching****Port Profiles**
- Or: **Devices** → Select switch → **Ports****Port Profiles**
---
## Trunk Port Profile Configuration
### Creating a Trunk Port Profile for All VLANs
1. **Create New Profile:**
- Click **Create New Port Profile** or **Add Profile**
- Name: `All-VLANs-Trunk` or `Service-VLANs-Trunk`
2. **Configure VLAN Settings:**
- **Native Network/VLAN:** MGMT-LAN (VLAN 11)
- **Tagged Networks/VLANs:** Add all service VLANs:
- VLAN 11 (MGMT-LAN)
- VLAN 110 (BESU-VAL)
- VLAN 111 (BESU-SEN)
- VLAN 112 (BESU-RPC)
- VLAN 120 (BLOCKSCOUT)
- VLAN 121 (CACTI)
- VLAN 130 (CCIP-OPS)
- VLAN 132 (CCIP-COMMIT)
- VLAN 133 (CCIP-EXEC)
- VLAN 134 (CCIP-RMN)
- VLAN 140 (FABRIC)
- VLAN 141 (FIREFLY)
- VLAN 150 (INDY)
- VLAN 160 (SANKOFA-SVC)
- VLAN 200 (PHX-SOV-SMOM)
- VLAN 201 (PHX-SOV-ICCC)
- VLAN 202 (PHX-SOV-DBIS)
- VLAN 203 (PHX-SOV-AR)
3. **Advanced Settings:**
- **802.1X:** Disabled (unless using port-based authentication)
- **STP:** Enabled (recommended)
- **Port Isolation:** Disabled (for trunk ports)
4. **Save Profile:**
- Click **Apply** or **Save**
- Verify profile is created
---
## Access Port Profile Configuration
### Creating Access Port Profiles
#### Management VLAN Access Port
1. **Create Profile:**
- Name: `MGMT-LAN-Access`
- **Native Network/VLAN:** MGMT-LAN (VLAN 11)
- **Tagged Networks:** None (access port, single VLAN)
- **Port Mode:** Access
2. **Use Cases:**
- Management devices
- Administrative workstations
- Devices that only need management network access
#### Service VLAN Access Ports (as needed)
Create separate access port profiles for each service VLAN if needed:
- **Name:** `[VLAN-NAME]-Access` (e.g., `BESU-VAL-Access`)
- **Native Network/VLAN:** The specific service VLAN
- **Tagged Networks:** None
---
## Applying Port Profiles to Switch Ports
### Method 1: Per-Port Configuration
1. **Access Switch Configuration:**
- Go to **Devices**
- Select the switch (UDM Pro or UniFi Switch)
- Click on **Ports** tab
2. **Configure Each Port:**
- Click on the port number
- Select **Port Profile:** Choose the appropriate profile
- Proxmox uplinks: Use `All-VLANs-Trunk`
- Management devices: Use `MGMT-LAN-Access`
- Service devices: Use appropriate access profile
3. **Save Configuration:**
- Click **Apply Changes**
- Port will be reconfigured
### Method 2: Bulk Port Configuration
1. **Select Multiple Ports:**
- In switch port view, select multiple ports (checkbox)
- Use Shift+Click or Ctrl+Click for multiple selection
2. **Apply Profile:**
- Select port profile from dropdown
- Click **Apply** or **Apply to Selected**
---
## Port Profile for Proxmox Hosts
### Recommended Configuration
**Uplink Ports (Proxmox → UDM Pro/Switch):**
- **Profile:** `All-VLANs-Trunk` (or custom trunk profile)
- **Native VLAN:** VLAN 11 (MGMT-LAN)
- **Tagged VLANs:** All service VLANs (110-203)
- **Port Speed:** Auto or 1G/10G (match interface capability)
### Proxmox Bridge Configuration
On Proxmox hosts, configure Linux bridges with VLAN tags:
- **vmbr0:** Native VLAN (VLAN 11) - Management
- **vmbr110:** VLAN 110 (BESU-VAL)
- **vmbr111:** VLAN 111 (BESU-SEN)
- etc.
---
## Verification
### Verify Port Profile Configuration
1. **Check Port Status:**
- Go to **Devices** → Switch → **Ports**
- Verify port profile is assigned
- Check port status (connected, speed, VLAN info)
2. **Test Connectivity:**
- Test connectivity from devices on different VLANs
- Verify trunk ports carry multiple VLANs
- Verify access ports only carry single VLAN
3. **Check VLAN Traffic:**
- Use network monitoring tools
- Verify tagged/untagged traffic as expected
- Check VLAN tags on trunk ports
---
## Port Profile Best Practices
### Trunk Ports
- **Native VLAN:** Use management VLAN (VLAN 11) for consistency
- **Tagged VLANs:** Include all VLANs needed by connected device
- **STP:** Enable Spanning Tree Protocol (prevents loops)
- **Port Security:** Consider port security if needed
### Access Ports
- **Single VLAN:** Only assign one VLAN per access port
- **Native VLAN:** Set to the desired access VLAN
- **No Tagged VLANs:** Access ports should not have tagged VLANs
- **Port Security:** Enable if needed to limit MAC addresses
---
## Troubleshooting
### Port Not Working
- Verify port profile is assigned
- Check port is enabled
- Verify physical connection
- Check port speed/duplex settings
- Review port statistics for errors
### VLAN Traffic Not Passing
- Verify VLANs are included in trunk port profile
- Check VLAN tags are correct
- Verify devices are configured for VLAN tagging
- Check firewall rules aren't blocking traffic
- Review switch logs for VLAN-related errors
### Native VLAN Mismatch
- Ensure native VLAN matches on both ends of connection
- Verify native VLAN is configured correctly
- Check for VLAN ID mismatches
---
## Related Documentation
- [UDM_PRO_STATUS.md](./UDM_PRO_STATUS.md) - Configuration status
- [UDM_PRO_CONFIGURATION_CHECKLIST.md](./UDM_PRO_CONFIGURATION_CHECKLIST.md) - Complete checklist
---
**Last Updated:** 2025-01-20
Reference in New Issue View Git Blame Copy Permalink