Files

Deploy to Phoenix / deploy (push) Has been cancelled

Details

docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates

- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-02-12 15:46:57 -08:00

6.0 KiB

Raw Blame History

UDM Pro Routing Configuration via API

Last Updated: 2026-01-13
Status: Routing configuration NOT available via API

Summary

Answer: No, routing configuration cannot be handled via the API.

The UniFi Network API provides read-only access to routing information but does not support configuring static routes or inter-VLAN routing via API endpoints.

API Routing Endpoints

Available (Read-Only)

Endpoint	Method	Access	Description
`/api/s/{site}/stat/routing`	GET	✅ Read	Routing statistics
`/api/s/{site}/rest/routing`	GET	✅ Read	Routing configuration (varies by version)

Note: These endpoints are read-only. They allow you to view routing information but cannot be used to create, modify, or delete routes.

Not Available (Write Access)

Configuration	API Endpoint	Status
Static Routes	❌ Not available	Requires web UI
Inter-VLAN Routing	❌ Not available	Requires web UI
Route Configuration	❌ Not available	Requires web UI
Network Routing Settings	❌ Not available	Requires web UI

Current API Capabilities

Official API (API Key)

Write Access Available:

✅ ACL Rules (/sites/{siteId}/acl-rules)
✅ Firewall Zones (/sites/{siteId}/firewall/zones)
✅ Traffic Matching Lists (/sites/{siteId}/traffic-matching-lists)

Write Access NOT Available:

❌ Network/VLAN creation/modification
❌ Static routes configuration
❌ Inter-VLAN routing configuration
❌ DHCP reservations
❌ Port profiles
❌ System configuration

Private API (Username/Password)

Write Access:

❌ Network creation/modification (403 Forbidden - permission issue)
❌ Routing configuration (not available)

Why Routing Configuration Requires Manual Setup

Security: Routing configuration is a critical network function that affects all traffic
Complexity: Routing involves multiple network interfaces and requires careful configuration
API Limitations: UniFi Network API focuses on firewall/ACL rules, not routing
UDM Pro Design: Routing is typically configured during initial setup or via web UI

Solutions for Routing Configuration

Option 1: Manual Configuration via Web UI (Recommended)

Access UniFi Network Web Interface:
- URL: https://192.168.0.1
- Navigate to: Settings → Networks
Verify Inter-VLAN Routing:
- Check each network's settings
- Ensure "Enable Inter-VLAN Routing" or similar option is enabled
- This is typically enabled by default for VLANs
Configure Static Route (if needed):
- Navigate to: Settings → Routing & Firewall → Static Routes
- Add route: 192.168.11.0/24 via 192.168.11.1
- Save configuration

Reference: UDM_PRO_ROUTING_TROUBLESHOOTING.md

Option 2: Verify Network Configuration

The routing issue may be resolved by ensuring:

Both networks are properly configured as VLANs
Inter-VLAN routing is enabled (default for VLANs)
Networks are in the same zone (Internal zone allows "Allow All" policy)

Current Status:

Default network: 192.168.0.0/24 → Internal zone
MGMT-LAN (VLAN 11): 192.168.11.0/24 → Internal zone
Zone Policy: Internal → Internal = "Allow All"

Since both networks are in the Internal zone with "Allow All" policy, the firewall/zone should allow traffic. The issue is likely routing configuration.

Workaround: Use Firewall Rules

While routing cannot be configured via API, you can use firewall rules to control traffic:

Firewall Rules (ACL Rules) - Available via API:
- ✅ Create rules to allow/block traffic between networks
- ✅ Configure source/destination filters
- ✅ Set protocol and port filters
Current Firewall Rule:
- Rule: "Allow Default Network to Management VLAN"
- Priority: 5
- Allows: 192.168.0.0/24 → VLAN 11 (all protocols)
- Status: ✅ Created via API

Note: Firewall rules control access but don't configure routing. If routing isn't configured, traffic won't reach the firewall rules.

Testing Routing Configuration

Check Current Routing (Read-Only via API)

You can query routing information to verify configuration:

# Using Private API (if available)
curl -k -X GET 'https://192.168.0.1/proxy/network/api/s/default/stat/routing' \
  -H 'Cookie: unifises=<session-cookie>'

# Or via Official API (if routing endpoint exists)
curl -k -X GET 'https://192.168.0.1/proxy/network/integration/v1/sites/{siteId}/routing' \
  -H 'X-API-KEY: <api-key>'

Note: These endpoints may not exist or may return limited information.

Manual Verification

SSH to UDM Pro:
```
ssh root@192.168.0.1
```
Check routing table:
```
ip route show
# or
route -n
```
Look for route to VLAN 11:
- Should show: 192.168.11.0/24 dev <interface> or 192.168.11.0/24 via <gateway>

Conclusion

Routing configuration must be done manually via the UDM Pro web interface. The API cannot be used to:

Create static routes
Enable/disable inter-VLAN routing
Configure routing between networks

What the API CAN do:

✅ Read routing statistics (if endpoint exists)
✅ Create firewall/ACL rules to control traffic
✅ Configure firewall zones

Next Steps:

Access UDM Pro web UI: https://192.168.0.1
Verify inter-VLAN routing is enabled
Add static route if needed (Settings → Routing & Firewall → Static Routes)
Test connectivity: ping 192.168.11.10 from 192.168.0.23

UDM_PRO_API_LIMITATIONS.md - Complete API limitations
UDM_PRO_ROUTING_TROUBLESHOOTING.md - Routing troubleshooting guide
VLAN_11_SETTINGS_REFERENCE.md - VLAN 11 configuration

Last Updated: 2026-01-13

6.0 KiB Raw Blame History