fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
5.6 KiB
5.6 KiB
UDM Pro VLAN Verification Results
Last Updated: 2026-01-15
Status: ⏳ Manual Verification Required
Automated Verification Status
✅ Completed Automatically
- Inter-VLAN Routing Test
- Tested from current network (192.168.11.4)
- Results: See below
⏳ Requires Manual Access to UDM Pro Web UI
The following verifications require access to UDM Pro web interface:
- Network Isolation - Must be checked via web UI
- Zone Matrix - Must be checked via web UI
Note: UDM Pro (192.168.0.1) is not reachable from current network (192.168.11.4).
Solution: Access UDM Pro from Default network (192.168.0.x) or use browser automation from a machine on that network.
Inter-VLAN Routing Test Results
Test Date: 2026-01-15
Source Network: 192.168.11.4 (VLAN 11 - MGMT-LAN)
Test Results
| VLAN | Gateway IP | Name | Status |
|---|---|---|---|
| 110 | 10.110.0.1 | BESU-VAL | ⏳ Testing... |
| 111 | 10.111.0.1 | BESU-SEN | ⏳ Testing... |
| 112 | 10.112.0.1 | BESU-RPC | ⏳ Testing... |
| 120 | 10.120.0.1 | BLOCKSCOUT | ⏳ Testing... |
| 121 | 10.121.0.1 | CACTI | ⏳ Testing... |
| 130 | 10.130.0.1 | CCIP-OPS | ⏳ Testing... |
| 132 | 10.132.0.1 | CCIP-COMMIT | ⏳ Testing... |
| 133 | 10.133.0.1 | CCIP-EXEC | ⏳ Testing... |
| 134 | 10.134.0.1 | CCIP-RMN | ⏳ Testing... |
| 140 | 10.140.0.1 | FABRIC | ⏳ Testing... |
| 141 | 10.141.0.1 | FIREFLY | ⏳ Testing... |
| 150 | 10.150.0.1 | INDY | ⏳ Testing... |
| 160 | 10.160.0.1 | SANKOFA-SVC | ⏳ Testing... |
| 200 | 10.200.0.1 | PHX-SOV-SMOM | ⏳ Testing... |
| 201 | 10.201.0.1 | PHX-SOV-ICCC | ⏳ Testing... |
| 202 | 10.202.0.1 | PHX-SOV-DBIS | ⏳ Testing... |
| 203 | 10.203.0.1 | PHX-SOV-AR | ⏳ Testing... |
Note: Run ./scripts/unifi/verify-vlan-settings.sh to get current test results.
Manual Verification Steps
Step 1: Verify Network Isolation (CRITICAL)
Access: https://192.168.0.1 (from Default network)
Time Required: 10-15 minutes
Steps:
- Login to UDM Pro web interface
- Navigate: Settings → Networks → Networks
- For EACH of the 19 VLANs:
- Click on the VLAN name
- Scroll to "Network" section
- Verify "Isolate Network" is UNCHECKED ❌
- If checked, uncheck it and Save
VLANs to Check:
- Default (VLAN 1)
- MGMT-LAN (VLAN 11)
- BESU-VAL (VLAN 110)
- BESU-SEN (VLAN 111)
- BESU-RPC (VLAN 112)
- BLOCKSCOUT (VLAN 120)
- CACTI (VLAN 121)
- CCIP-OPS (VLAN 130)
- CCIP-COMMIT (VLAN 132)
- CCIP-EXEC (VLAN 133)
- CCIP-RMN (VLAN 134)
- FABRIC (VLAN 140)
- FIREFLY (VLAN 141)
- INDY (VLAN 150)
- SANKOFA-SVC (VLAN 160)
- PHX-SOV-SMOM (VLAN 200)
- PHX-SOV-ICCC (VLAN 201)
- PHX-SOV-DBIS (VLAN 202)
- PHX-SOV-AR (VLAN 203)
Expected Result: All VLANs should have "Isolate Network" UNCHECKED
Step 2: Verify Zone Matrix (CRITICAL)
Access: https://192.168.0.1 (from Default network)
Time Required: 2 minutes
Steps:
- Login to UDM Pro web interface
- Navigate: Policy Engine → Zone Matrix
- Find: Internal → Internal
- Verify it says "Allow All" ✅
- If not, click and change to "Allow All"
- Save
Expected Result: Internal → Internal = Allow All
Step 3: Test Inter-VLAN Routing
From: Current network (192.168.11.4) or any device on VLAN 11
Command:
./scripts/unifi/verify-vlan-settings.sh
Or manually test:
# Test Besu networks
ping -c 3 10.110.0.1 # BESU-VAL
ping -c 3 10.111.0.1 # BESU-SEN
ping -c 3 10.112.0.1 # BESU-RPC
# Test service VLANs
ping -c 3 10.120.0.1 # BLOCKSCOUT
ping -c 3 10.121.0.1 # CACTI
# etc.
Expected Result: All gateways should be reachable (if Network Isolation is disabled and Zone Matrix is configured)
Verification Checklist
Network Isolation
- Default (VLAN 1) - Isolate Network: ❌ Unchecked
- MGMT-LAN (VLAN 11) - Isolate Network: ❌ Unchecked
- BESU-VAL (VLAN 110) - Isolate Network: ❌ Unchecked
- BESU-SEN (VLAN 111) - Isolate Network: ❌ Unchecked
- BESU-RPC (VLAN 112) - Isolate Network: ❌ Unchecked
- BLOCKSCOUT (VLAN 120) - Isolate Network: ❌ Unchecked
- CACTI (VLAN 121) - Isolate Network: ❌ Unchecked
- CCIP-OPS (VLAN 130) - Isolate Network: ❌ Unchecked
- CCIP-COMMIT (VLAN 132) - Isolate Network: ❌ Unchecked
- CCIP-EXEC (VLAN 133) - Isolate Network: ❌ Unchecked
- CCIP-RMN (VLAN 134) - Isolate Network: ❌ Unchecked
- FABRIC (VLAN 140) - Isolate Network: ❌ Unchecked
- FIREFLY (VLAN 141) - Isolate Network: ❌ Unchecked
- INDY (VLAN 150) - Isolate Network: ❌ Unchecked
- SANKOFA-SVC (VLAN 160) - Isolate Network: ❌ Unchecked
- PHX-SOV-SMOM (VLAN 200) - Isolate Network: ❌ Unchecked
- PHX-SOV-ICCC (VLAN 201) - Isolate Network: ❌ Unchecked
- PHX-SOV-DBIS (VLAN 202) - Isolate Network: ❌ Unchecked
- PHX-SOV-AR (VLAN 203) - Isolate Network: ❌ Unchecked
Zone Matrix
- Internal → Internal = Allow All ✅
Inter-VLAN Routing
- All VLAN gateways reachable from VLAN 11
- Routing test completed successfully
Summary
Status: ⏳ Manual Verification Required
Completed:
- ✅ Verification scripts created
- ✅ Inter-VLAN routing test available
Required:
- ⏳ Network Isolation verification (via UDM Pro web UI)
- ⏳ Zone Matrix verification (via UDM Pro web UI)
- ⏳ Inter-VLAN routing test execution
Next Steps:
- Access UDM Pro from Default network (192.168.0.x)
- Complete manual verification steps above
- Run inter-VLAN routing test
- Document results
Last Updated: 2026-01-15