AORXI Homelab
Switching & Cabling

Site A Port Map

Authoritative per-port wiring reference for sa-sw-01 (Netgear XS716T core), sa-sw-02, and sa-sw-03 (access), including VLAN assignments, dedicated Corosync arrangement, SFP+ DAC uplinks, and sa-ap-01 PoE++ port.

sa-sw-01 (Netgear XS716T) is the 10 Gb core switch for Site A; sa-sw-02 and sa-sw-03 are access switches handling Proxmox management, IPMI, APs, and client-side VLANs. This page records every port assignment, VLAN tag, and the cabling decisions finalized on 2026-06-06 and 2026-06-08.

L2 core only — no routing on sa-sw-01

sa-sw-01 is L2 only: no routing, no DHCP. All inter-VLAN routing is handled by OPNsense on sa-edge-01.

Switching Philosophy

sa-sw-01 carries the OPNsense LAN trunk plus the Corosync heartbeat, VM Services, Kubernetes, storage, and backup VLANs. Proxmox management (VLAN 20) and IPMI (VLAN 10) are intentionally offloaded to sa-sw-02 and sa-sw-03, which frees Netgear ports for a dedicated Corosync (VLAN 25) uplink from sa-edge-01. The demoted UniFi Gateway Max sits behind OPNsense as a VLAN 253 transit device and is bootstrap/fallback only.

Access switch uplinks run over 10 G SFP+ DAC cables to the combo slots sa-sw-01 15F/16F (moved off copper on 2026-06-08), leaving all four RJ45 PoE++ ports per access switch free for devices.

Per-Node NIC Wiring

HostNICConnects toVLANs / Role
sa-edge-01Onboard 10G #1ISP handoff (WAN)Fios 2 Gbps — no VLAN
sa-edge-01Onboard 10G #2sa-sw-01 port 1OPNsense LAN trunk — tagged 10,20,25,30,40,50,60,70,80,90,100,110,120,253
sa-edge-01Onboard 1G #1sa-sw-02 port 120 Proxmox mgmt (access, offloaded)
sa-edge-01Onboard 1G #2sa-sw-01 port 225 Corosync — dedicated access port
sa-edge-01IPMIsa-sw-02 port 210 Network Mgmt / IPMI (access, offloaded)
sa-stor-01Onboard 1G i210 (red RJ45)sa-sw-02 port 320 Proxmox mgmt (access, offloaded)
sa-stor-01Onboard 10G AQC107unused / non-critical onlyatlantic driver instability; never mgmt or Corosync
sa-stor-01IPMIsa-sw-02 port 410 Network Mgmt / IPMI (access, offloaded)
sa-stor-01XL710 port 1sa-sw-01 port 325 30 Corosync shared trunk (no dedicated link — one onboard 1GbE, AQC107 avoided)
sa-stor-01XL710 port 2sa-sw-01 port 440 50 100
sa-stor-01XL710 port 3sa-sw-01 port 560 Storage / Ceph public
sa-stor-01XL710 port 4sa-sw-01 port 690 Backup / Replication
sa-cmp-01Built-in 1G NICsa-sw-03 port 120 Proxmox mgmt (access, offloaded)
sa-cmp-01X550-T2 port 1sa-sw-01 port 825 30 40 100 Corosync shared trunk (no spare NIC)
sa-cmp-01X550-T2 port 2sa-sw-01 port 960 90
sa-cmp-02Built-in 1G NICsa-sw-03 port 220 Proxmox mgmt (access, offloaded)
sa-cmp-02X550-T2 port 1sa-sw-01 port 1025 30 40 100 Corosync shared trunk (no spare NIC)
sa-cmp-02X550-T2 port 2sa-sw-01 port 1160 90

Corosync on sa-stor-01 and ThinkPads

sa-stor-01 has a single onboard 1GbE (Intel i210, used for Proxmox mgmt). Its onboard 10G (Aquantia AQC107, atlantic driver) is avoided for critical traffic, so VLAN 25 (Corosync) rides XL710 port 1 as a tagged trunk alongside VLAN 30 — no dedicated link. sa-cmp-01 and sa-cmp-02 have no spare NIC; Corosync rides X550-T2 port 1 alongside VLANs 30, 40, 100. Only sa-edge-01 has a dedicated Corosync access port (onboard 1G #2 → sa-sw-01 port 2).

sa-sw-01 — Netgear XS716T Core Switch

16-port 10 Gb switch. Uses 14 of 16 ports. Ports 15 and 16 are combo slots; SFP+ side (15F/16F) is populated with DAC cables — RJ45 sides (15T/16T) are therefore unavailable.

PortDevice / NICModeVLANs
1sa-edge-01 OPNsense LAN (onboard 10G #2)TrunkTagged 10 20 25 30 40 50 60 70 80 90 100 110 120 253
2sa-edge-01 Corosync (onboard 1G #2)AccessUntagged 25
3sa-stor-01 XL710 port 1 (VM Services + Corosync)TrunkTagged 25 30
4sa-stor-01 XL710 port 2TrunkTagged 40 50 100
5sa-stor-01 XL710 port 3TrunkTagged 60
6sa-stor-01 XL710 port 4TrunkTagged 90
7Spare — no 2nd onboard 1GbE on sa-stor-01; AQC107 avoided for Corosync
8sa-cmp-01 X550-T2 port 1 (Corosync shared)TrunkTagged 25 30 40 100
9sa-cmp-01 X550-T2 port 2TrunkTagged 60 90
10sa-cmp-02 X550-T2 port 1 (Corosync shared)TrunkTagged 25 30 40 100
11sa-cmp-02 X550-T2 port 2TrunkTagged 60 90
12Emergency admin / spare (relocated 2026-06-08 from p16)AccessUntagged 10 or 20
13Spare — freed copper (was XG #2 uplink before SFP+ move)
14UniFi Gateway Max WAN (demoted, copper RJ45)AccessUntagged 253 UniFi WAN transit
15Fsa-sw-02 uplink — SFP+ DACTrunkTagged 10 20 100 110 120
16Fsa-sw-03 uplink — SFP+ DACTrunkTagged 10 20 100 110 120

SFP+ combo slots 15F/16F

The uplinks to sa-sw-02 and sa-sw-03 moved from copper RJ45 (p12/p13) to SFP+ DAC on 2026-06-08 to free PoE++ RJ45 ports for sa-ap-01. Because the SFP+ sides (15F/16F) are populated, the copper sides (15T/16T) cannot be used simultaneously. Ports 12 and 13 are now spare copper, with emergency-admin access on p12.

sa-sw-02 — Access Switch (sa-edge-01 + sa-stor-01)

4× 10 G RJ45 (PoE++ 802.3bt) + 2× 10 G SFP+. All four RJ45 ports are occupied. The uplink uses SFP+ port 5 (DAC to sa-sw-01 15F). SFP+ port 6 is spare.

PortDevice / NICModeVLAN
1 (RJ45)sa-edge-01 Proxmox mgmt (onboard 1G #1)Access20 Proxmox Management
2 (RJ45)sa-edge-01 IPMIAccess10 Network Mgmt / IPMI
3 (RJ45)sa-stor-01 Proxmox mgmt (onboard 1G i210)Access20 Proxmox Management
4 (RJ45)sa-stor-01 IPMIAccess10 Network Mgmt / IPMI
5 (SFP+)Uplink → sa-sw-01 15F (SFP+ DAC)TrunkTagged 10 20 100 110 120
6 (SFP+)Spare

sa-sw-03 — Access Switch (ThinkPads + AP)

4× 10 G RJ45 (PoE++ 802.3bt) + 2× 10 G SFP+. Ports 1–3 occupied; port 4 reserved for a future second AP. The uplink uses SFP+ port 5 (DAC to sa-sw-01 16F). SFP+ port 6 is spare.

PortDevice / NICModeVLAN
1 (RJ45)sa-cmp-01 (P51) Proxmox mgmtAccess20 Proxmox Management
2 (RJ45)sa-cmp-02 (P52) Proxmox mgmtAccess20 Proxmox Management
3 (RJ45, PoE++)sa-ap-01 — UniFi U7 Pro XGSHybridNative 10 + Tagged 100 110 120
4 (RJ45, PoE++)Spare — reserved for future 2nd AP
5 (SFP+)Uplink → sa-sw-01 16F (SFP+ DAC)TrunkTagged 10 20 100 110 120
6 (SFP+)Spare

sa-ap-01 — UniFi U7 Pro XGS (added 2026-06-08)

WiFi 7, 8-stream AP. Primary uplink is 10 GbE; it draws ~29 W PoE++ (802.3bt). Port profile: native (untagged) VLAN 10 for AP management, tagged VLANs 100 (Lab / Trusted Client), 110 (IoT), 120 (Guest WiFi) — matching the trunk VLANs already on the sa-sw-03 uplink. The AP's secondary 1GbE port is unused. No external PoE injector; power comes from sa-sw-03 port 3.

VLAN 253 — UniFi WAN Transit

VLAN 253 is tagged on sa-edge-01's OPNsense LAN trunk (port 1) so OPNsense can provide the WAN gateway (10.10.253.1) to the demoted UniFi Gateway Max. The Gateway Max WAN port lands on sa-sw-01 port 14, configured as an untagged VLAN 253 access port. The Gateway Max LAN side continues to serve existing Wi-Fi users and clients under double NAT — this is intentional.

Access switch uplink VLANs

sa-sw-02 and sa-sw-03 uplinks carry only VLANs 10, 20, 100, 110, and 120. They never carry VLANs 25, 30, 40, 50, 60, 65, 70, 80, or 90. Corosync, VM, K8s, storage, and backup traffic stays on sa-sw-01 only.

On this page