proxmox/docs/04-configuration/UDM_PRO_VLAN_CONFIGURATION_STATUS.md

UDM Pro VLAN Configuration Status

Last Updated: 2026-01-14
Status: ✅ 100% CONFIGURED - ALL 19 VLANs Created!

---

Current Configuration Status

Based on UDM Pro web interface screenshots, ALL VLANs from the plan are configured:

✅ Complete VLAN List (All 19 Networks)

#	VLAN ID	Name	Subnet	Status
1	1	Default	192.168.0.0/24	✅ Configured
2	11	MGMT-LAN	192.168.11.0/24	✅ Configured
3	110	BESU-VAL	10.110.0.0/24	✅ Configured
4	111	BESU-SEN	10.111.0.0/24	✅ Configured
5	112	BESU-RPC	10.112.0.0/24	✅ Configured
6	120	BLOCKSCOUT	10.120.0.0/24	✅ Configured
7	121	CACTI	10.121.0.0/24	✅ Configured
8	130	CCIP-OPS	10.130.0.0/24	✅ Configured
9	132	CCIP-COMMIT	10.132.0.0/24	✅ Configured
10	133	CCIP-EXEC	10.133.0.0/24	✅ Configured
11	134	CCIP-RMN	10.134.0.0/24	✅ Configured
12	140	FABRIC	10.140.0.0/24	✅ Configured
13	141	FIREFLY	10.141.0.0/24	✅ Configured
14	150	INDY	10.150.0.0/24	✅ Configured
15	160	SANKOFA-SVC	10.160.0.0/22	✅ Configured
16	200	PHX-SOV-SMOM	10.200.0.0/20	✅ Configured
17	201	PHX-SOV-ICCC	10.201.0.0/20	✅ Configured
18	202	PHX-SOV-DBIS	10.202.0.0/24	✅ Configured ⚠️
19	203	PHX-SOV-AR	10.203.0.0/20	✅ Configured

Total Configured: ✅ 19/19 Networks (100%)

Note: PHX-SOV-DBIS shows /24 instead of /20 as in the plan. This may be intentional or needs verification.

---

Verification Steps

Step 1: Check All Configured Networks

1. Access UDM Pro:

   • URL: https://192.168.0.1
   • Navigate: Settings → Networks → Networks

2. Review All Pages:

   • Check page 2 (networks 11-20)
   • Verify which VLANs from the plan are already configured

3. Document Missing VLANs:

   • Compare configured VLANs with the plan
   • Note which ones still need to be created

Step 2: Verify Network Settings

For each configured VLAN, verify:

1. Basic Settings:

   • ✅ VLAN ID matches plan
   • ✅ Subnet matches plan
   • ✅ Gateway IP matches plan

2. Zone Assignment:

   • ✅ All VLANs should be in "Internal" zone
   • ✅ Verify: Settings → Networks → [VLAN] → Zone = Internal

3. Network Isolation:

   • ✅ "Isolate Network" should be UNCHECKED for all VLANs
   • ✅ This enables inter-VLAN routing

4. DHCP Configuration:

   • ✅ DHCP Server enabled (if needed)
   • ✅ DHCP range configured appropriately

Step 3: Verify Zone Matrix

1. Navigate: Policy Engine → Zone Matrix
2. Verify: Internal → Internal = Allow All
3. This enables inter-VLAN communication

---

Next Steps

Immediate Actions

1. ✅ Verify All 19 Networks

   • Check pages 2-3 of the network list
   • Document which VLANs are configured
   • Identify missing VLANs

2. ✅ Verify Network Isolation

   • Ensure "Isolate Network" is unchecked for all VLANs
   • This is critical for inter-VLAN routing

3. ✅ Verify Zone Matrix

   • Internal → Internal = Allow All
   • This enables inter-VLAN communication

Short-term (This Week)

1. Create Missing VLANs

   • Create any VLANs not yet configured
   • Follow the plan: VLANs 134, 140, 141, 150, 160, 200-203

2. Configure DHCP

   • Set up DHCP ranges for each VLAN (if needed)
   • Or configure static IPs for production

3. Test Inter-VLAN Routing

   • From VLAN 11, test routing to other VLANs
   • Verify connectivity between VLANs

Long-term (This Month)

1. Configure Firewall Rules

   • Management → Service VLANs
   • Service VLANs → Management
   • Sovereign tenant isolation

2. Assign VMs/Containers to VLANs

   • Migrate VMs/containers to appropriate VLANs
   • Test connectivity

3. Document VLAN Assignments

   • Document which services are on which VLANs
   • Update architecture documentation

---

Configuration Checklist

Network Configuration

• Default (VLAN 1) - ✅ Configured
• MGMT-LAN (VLAN 11) - ✅ Configured
• BESU-VAL (VLAN 110) - ✅ Configured
• BESU-SEN (VLAN 111) - ✅ Configured
• BESU-RPC (VLAN 112) - ✅ Configured
• BLOCKSCOUT (VLAN 120) - ✅ Configured
• CACTI (VLAN 121) - ✅ Configured
• CCIP-OPS (VLAN 130) - ✅ Configured
• CCIP-COMMIT (VLAN 132) - ✅ Configured
• CCIP-EXEC (VLAN 133) - ✅ Configured
• CCIP-RMN (VLAN 134) - ✅ Configured
• FABRIC (VLAN 140) - ✅ Configured
• FIREFLY (VLAN 141) - ✅ Configured
• INDY (VLAN 150) - ✅ Configured
• SANKOFA-SVC (VLAN 160) - ✅ Configured
• PHX-SOV-SMOM (VLAN 200) - ✅ Configured
• PHX-SOV-ICCC (VLAN 201) - ✅ Configured
• PHX-SOV-DBIS (VLAN 202) - ✅ Configured (⚠️ /24 instead of /20)
• PHX-SOV-AR (VLAN 203) - ✅ Configured

Status: ✅ 19/19 Networks Configured (100%)

Network Settings Verification

• All VLANs in "Internal" zone
• "Isolate Network" unchecked for all VLANs
• Zone Matrix: Internal → Internal = Allow All
• DHCP configured appropriately
• Gateway IPs match plan

Firewall Configuration

• Management → Service VLANs rules
• Service VLANs → Management rules
• Sovereign tenant isolation rules

---

Summary

Status: ✅ 100% COMPLETE - ALL VLANs CONFIGURED!

Current State:

• ✅ ALL 19 VLANs configured (100% complete)
• ✅ Core networks (Default, MGMT-LAN) operational
• ✅ Besu networks (110-112) configured
• ✅ Service VLANs (120-121, 130, 132-134) configured
• ✅ Additional service VLANs (140-141, 150, 160) configured
• ✅ Sovereign tenant VLANs (200-203) configured
• ⚠️ PHX-SOV-DBIS shows /24 instead of /20 (needs verification)

Next Steps:

1. ✅ Verify all 19 networks - COMPLETE
2. ⏳ Verify Network Isolation settings (ensure disabled for all VLANs)
3. ⏳ Verify Zone Matrix configuration (Internal → Internal = Allow All)
4. ⏳ Verify PHX-SOV-DBIS subnet (/24 vs /20)
5. ⏳ Test inter-VLAN routing
6. ⏳ Configure firewall rules for inter-VLAN communication
7. ⏳ Assign VMs/containers to appropriate VLANs

VLAN Plan Utilization: ✅ READY TO PROCEED - All VLANs are configured!

---

Last Updated: 2026-01-14