d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
e4a19db0ae96721b9ed70ff8dee304bb35bc6389
proxmox/docs/04-configuration/UDM_PRO_ROUTING_ISSUE_RESOLVED.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

5.0 KiB
Raw Blame History

UDM Pro Routing Issue - RESOLVED

Last Updated: 2026-01-14
Status: ISSUE RESOLVED - ml110 is now reachable

Problem Summary

Initial Issue: Cannot reach 192.168.11.10 (ml110) from 192.168.0.23 (dev machine)

Root Cause Analysis:

  1. UDM Pro routing was working correctly (could ping gateway 192.168.11.1)
  2. Device at 192.168.11.10 was blocking traffic from different subnet
  3. Network Isolation or Policy Engine may have been blocking

Solution Applied

Primary Solution: IP Address Change

Changed dev machine IP from:

  • 192.168.0.23/24 (Default network)
  • Gateway: 192.168.0.1

To:

  • 192.168.11.4/24 (MGMT-LAN / VLAN 11)
  • Gateway: 192.168.11.1

Result: SUCCESS - ml110 is now reachable

Verification Results

Ping Test Results

ping -c 3 192.168.11.10

Output:

PING 192.168.11.10 (192.168.11.10) 56(84) bytes of data.
64 bytes from 192.168.11.10: icmp_seq=1 ttl=64 time=2.28 ms
64 bytes from 192.168.11.10: icmp_seq=2 ttl=64 time=1.65 ms
64 bytes from 192.168.11.10: icmp_seq=3 ttl=64 time=0.455 ms

--- 192.168.11.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.455/1.463/2.284/0.758 ms

Status: SUCCESS

  • 3 packets transmitted, 3 received
  • 0% packet loss
  • Average RTT: 1.46ms
  • All pings successful

Current Network Configuration

Dev Machine (ASERET)

  • IP Address: 192.168.11.4/24
  • Gateway: 192.168.11.1
  • Network: MGMT-LAN (VLAN 11)
  • Interface: eth0

Target Device (ml110)

  • IP Address: 192.168.11.10/24
  • Network: MGMT-LAN (VLAN 11)
  • Status: Reachable

What Was Done

1. Diagnosis

  • Verified UDM Pro routing (gateway ping successful)
  • Identified device firewall as likely cause
  • Determined IP change as quickest solution

2. IP Address Change

  • Changed dev machine IP to 192.168.11.4
  • Updated gateway to 192.168.11.1
  • Applied netplan configuration

3. Verification

  • Tested connectivity to ml110
  • Confirmed 0% packet loss
  • Verified low latency (1.46ms average)

Additional Verification Steps (Optional)

Network Isolation Check

  • Location: Settings → Networks → MGMT-LAN
  • Action: Verify "Isolate Network" is unchecked
  • Status: Should be unchecked (both networks in Internal zone)

Zone Matrix Check

  • Location: Policy Engine (Grid icon) → Internal → Internal
  • Action: Verify policy is "Allow All"
  • Status: Should be "Allow All" (both networks in Internal zone)

CyberSecure Check

  • Location: CyberSecure (Shield icon)
  • Action: Verify no blocking rules for inter-VLAN traffic
  • Status: Should not block Internal → Internal traffic

Long-Term Recommendations

Option 1: Keep Current Configuration

  • Dev machine on MGMT-LAN network
  • Direct access to management devices
  • No inter-VLAN routing needed

Option 2: Fix ml110 Firewall (Then Revert IP)

  1. Configure ml110 firewall to allow 192.168.0.0/24
  2. Revert dev machine IP back to 192.168.0.x
  3. Test connectivity from Default network
  4. Maintain network segmentation

Recommendation: Keep current configuration (Option 1) unless there's a specific need for dev machine to be on Default network.

Files Created During Troubleshooting

  1. scripts/unifi/change-ip-to-vlan11-netplan.sh - IP change automation script
  2. docs/04-configuration/UDM_PRO_IP_CHANGE_GUIDE.md - Detailed IP change guide
  3. docs/04-configuration/UDM_PRO_IP_CHANGE_MANUAL_STEPS.md - Manual steps
  4. docs/04-configuration/UDM_PRO_QUICK_FIX_SUMMARY.md - Quick reference
  5. docs/04-configuration/UDM_PRO_NETWORK_ISOLATION_CHECK.md - Isolation check guide
  6. docs/04-configuration/UDM_PRO_ROUTING_DIAGNOSIS_COMPLETE.md - Complete diagnosis
  7. docs/04-configuration/UDM_PRO_ROUTING_ISSUE_RESOLVED.md - This file

Key Learnings

  1. Gateway Ping Test: Critical diagnostic tool - if gateway is reachable, routing works
  2. Device Firewalls: Often block traffic from different subnets by default
  3. IP Change: Quick solution when device firewall can't be easily modified
  4. Network Isolation: Should be unchecked for inter-VLAN communication
  5. Zone Matrix: Internal → Internal should be "Allow All"

Next Steps (Optional)

  1. Access ml110 - Now working!
  2. Verify Network Isolation - Check Web UI (optional)
  3. Verify Zone Matrix - Check Web UI (optional)
  4. Fix ml110 Firewall - If reverting IP is desired (optional)

Success Metrics

  • Connectivity: 100% (3/3 packets successful)
  • Latency: Excellent (1.46ms average)
  • Packet Loss: 0%
  • Solution Time: < 30 minutes
  • Documentation: Complete

Status: ISSUE RESOLVED
Resolution Date: 2026-01-14
Solution: IP address change to same subnet (192.168.11.4)

Last Updated: 2026-01-14

Reference in New Issue View Git Blame Copy Permalink