d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
3f76bc950779f8c1a4403abddb952cdbce5fa420
proxmox/docs/04-configuration/UDM_PRO_COMPLETE_MANUAL_GUIDE.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

9.4 KiB
Raw Blame History

UDM Pro Complete Manual Configuration Guide

Last Updated: 2025-01-20
Status: Active Documentation Purpose: Comprehensive guide for all remaining manual configuration tasks

Overview

This guide consolidates all remaining manual configuration tasks for the UDM Pro. All automated tasks have been completed (21/35 tasks). This guide covers the 14 remaining tasks that require manual configuration via the UniFi Network web interface.

Quick Start

Access UniFi Network Web Interface:

  1. Open browser: https://192.168.0.1
  2. Log in with admin credentials
  3. Follow the guides below for each task

Task 1: DHCP Static IP Reservations (High Priority)

Estimated Time: 15-30 minutes
Guide: UDM_PRO_DHCP_RESERVATIONS_GUIDE.md

Quick Steps:

  1. Navigate: Settings → Networks → MGMT-LAN (VLAN 11)
  2. Add Reservations:
    • 192.168.11.1 → UDM Pro (Gateway)
    • 192.168.11.10 → ML110 (Proxmox)
    • 192.168.11.11 → R630-01
    • 192.168.11.12 → R630-02
    • 192.168.11.13 → R630-03
    • 192.168.11.14 → R630-04
  3. Verify: Check active leases

Task 2: Sovereign Tenant Isolation Firewall Rules (High Priority)

Estimated Time: 30-45 minutes
Guide: UDM_PRO_FIREWALL_MANUAL_CONFIGURATION.md

Quick Steps:

  1. Navigate: Settings → Firewall & Security → Firewall Rules
  2. Create Block Rules:
    • Block VLAN 200 → VLANs 201-203
    • Block VLAN 201 → VLANs 200, 202-203
    • Block VLAN 202 → VLANs 200-201, 203
    • Block VLAN 203 → VLANs 200-202
  3. Set Priority: Block rules should have higher priority (lower index) than allow rules
  4. Verify: Test connectivity between VLANs

Task 3: Port Profiles Configuration (High Priority)

Estimated Time: 30-60 minutes
Guide: UDM_PRO_PORT_PROFILES_GUIDE.md

Quick Steps:

  1. Navigate: Settings → Profiles → Port Profiles (or Devices → Switch → Ports)
  2. Create Trunk Profile:
    • Name: All-VLANs-Trunk
    • Native VLAN: 11 (MGMT-LAN)
    • Tagged VLANs: All service VLANs (11, 110-203)
  3. Create Access Profiles:
    • MGMT-LAN-Access (VLAN 11 only)
    • Service VLAN access profiles as needed
  4. Apply to Ports:
    • Proxmox uplinks: Use trunk profile
    • Management devices: Use access profile

Task 4: WAN Configuration Verification (High Priority)

Estimated Time: 10-15 minutes

Steps:

  1. Navigate: Settings → Internet → WAN Networks
  2. Verify Internet 1 (Primary WAN):
    • DNS Servers: 8.8.8.8, 1.1.1.1
    • Gateway: Verify correct gateway
    • Connection Type: Verify (DHCP/Static/PPPoE)
  3. Verify Internet 2 (Secondary WAN):
    • Configure if needed for failover
    • DNS Servers: 8.8.8.8, 1.1.1.1
  4. Test Connectivity:
    • Verify internet connectivity
    • Test DNS resolution

Note: Current status shows 2 WAN interfaces (Internet 1, Internet 2) - dual WAN is available.

Task 5: System Settings (Medium Priority)

Estimated Time: 15-20 minutes
Guide: UDM_PRO_SYSTEM_SETTINGS_GUIDE.md

Steps:

  1. Navigate: Settings → System Settings → General
  2. Configure:
    • Hostname: Set appropriate hostname (e.g., udm-pro-primary)
    • Timezone: Select timezone (e.g., America/Los_Angeles)
    • NTP Servers: Configure NTP servers
      • Primary: pool.ntp.org or time.google.com
      • Secondary: 1.pool.ntp.org or time.cloudflare.com
  3. Verify:
    • Check system time is correct
    • Verify NTP synchronization

Task 6: Configuration Backup (Medium Priority)

Estimated Time: 5-10 minutes

Steps:

  1. Navigate: Settings → System Settings → Backups (or Maintenance → Backups)
  2. Configure Automatic Backups:
    • Enable automatic backups
    • Set frequency: Daily (recommended)
    • Set retention: 7-30 days
    • Choose backup location
  3. Create Manual Backup:
    • Click Download Backup or Export Configuration
    • Save backup file securely
    • Store in safe location

Task 7: Device Adoption (Medium Priority - Conditional)

Estimated Time: 15-30 minutes (if devices need adoption)

Steps:

  1. Navigate: Devices
  2. Check for Pending Devices:
    • Look for devices showing "Pending Adoption"
    • Verify devices are powered on and connected
  3. Adopt Devices:
    • Click Adopt for each pending device
    • Wait for adoption to complete
    • Verify devices show as "Online"
  4. Configure Switch Ports:
    • Apply port profiles to switch ports
    • Configure VLAN trunking for Proxmox connections
    • Configure access ports for management devices

Note: Only perform if UniFi switches/APs are present and need adoption.

Task 8: WAN Failover Configuration (Low Priority - Conditional)

Estimated Time: 20-30 minutes (if dual WAN available)

Prerequisites:

  • Dual WAN available (verified: Internet 1, Internet 2)
  • Secondary WAN connection configured

Steps:

  1. Navigate: Settings → Internet → WAN Failover
  2. Configure Failover:
    • Enable WAN failover
    • Set primary WAN: Internet 1
    • Set secondary WAN: Internet 2
    • Configure failover threshold: 3 failed pings
    • Configure health check: Ping 8.8.8.8 every 30 seconds
  3. Test Failover:
    • Test failover by disconnecting primary WAN
    • Verify automatic failover to secondary
    • Test failback when primary restored

Task 9: NAT Pool Configuration (Low Priority - Conditional)

Estimated Time: 30-60 minutes (if public IP blocks available)

Prerequisites:

  • Public IP blocks assigned/available
  • NAT pool configuration supported on UDM Pro

Required NAT Pools:

  • VLAN 132 (CCIP-COMMIT) → Public Block #2
  • VLAN 133 (CCIP-EXEC) → Public Block #3
  • VLAN 134 (CCIP-RMN) → Public Block #4
  • VLAN 160 (SANKOFA-SVC) → Public Block #5
  • VLANs 200-203 (Sovereign tenants) → Public Block #6

Steps:

  1. Navigate: Settings → Routing & Firewall → NAT (or similar)
  2. Configure NAT Pools:
    • Create NAT pool for each VLAN
    • Assign public IP block to each pool
    • Configure egress NAT rules
  3. Verify:
    • Test egress traffic uses correct public IPs
    • Verify NAT pool assignments

Note: This is conditional and may not be applicable if public IP blocks are not available.

Task 10: SSL Certificate (Low Priority - Optional)

Estimated Time: 15-30 minutes

Option 1: Let's Encrypt (Recommended for Production)

  1. Navigate: Settings → System Settings → Certificate
  2. Configure Let's Encrypt:
    • Enable Let's Encrypt
    • Enter domain name
    • Configure email for notifications
    • Certificate auto-renews

Option 2: Self-Signed (Acceptable for Development)

  • Current setup uses self-signed certificate
  • Document this in configuration
  • Can upgrade to Let's Encrypt later

Configuration Verification Checklist

After completing manual configurations, verify:

  • DHCP reservations active and devices receiving correct IPs
  • Firewall rules created and enabled
  • Port profiles created and applied to ports
  • WAN configuration verified (DNS, gateway)
  • System settings configured (hostname, timezone, NTP)
  • Backups enabled and working
  • Devices adopted (if applicable)
  • Connectivity tested between VLANs
  • Internet connectivity verified

Testing & Verification

Test Connectivity

# Test VLAN connectivity
ping 192.168.11.1  # UDM Pro gateway
ping 192.168.11.10 # ML110 (if configured)

# Test internet connectivity
ping 8.8.8.8
nslookup google.com 8.8.8.8

Verify Configuration

Run verification script:

cd /home/intlc/projects/proxmox
./scripts/unifi/verify-configuration.sh

Troubleshooting

Common Issues

  1. Devices not getting static IPs:

    • Verify MAC address is correct
    • Check device is on correct VLAN
    • Verify reservation is enabled

  2. Firewall rules not working:

    • Check rule priority/order
    • Verify rules are enabled
    • Check rule source/destination networks

  3. Port profiles not applying:

    • Verify port profile is created
    • Check port is not locked/restricted
    • Verify physical connection

  4. WAN connectivity issues:

    • Verify DNS servers are correct
    • Check gateway configuration
    • Test connectivity from devices

Priority Order

Recommended completion order:

  1. High Priority (Complete First):

    • DHCP Reservations
    • Sovereign Tenant Isolation
    • Port Profiles
    • WAN Configuration

  2. Medium Priority (Complete Next):

    • System Settings
    • Configuration Backup
    • Device Adoption (if applicable)

  3. Low/Conditional Priority (Complete Last):

    • WAN Failover (if needed)
    • NAT Pools (if applicable)
    • SSL Certificate (optional)

Related Documentation

Last Updated: 2025-01-20

Reference in New Issue View Git Blame Copy Permalink