Site A Port Map
Authoritative per-port wiring reference for sa-sw-01 (Netgear XS716T core), sa-sw-02, and sa-sw-03 (access), including VLAN assignments, dedicated Corosync arrangement, SFP+ DAC uplinks, and sa-ap-01 PoE++ port.
sa-sw-01 (Netgear XS716T) is the 10 Gb core switch for Site A; sa-sw-02 and sa-sw-03 are access switches handling Proxmox management, IPMI, APs, and client-side VLANs. This page records every port assignment, VLAN tag, and the cabling decisions finalized on 2026-06-06 and 2026-06-08.
L2 core only — no routing on sa-sw-01
sa-sw-01 is L2 only: no routing, no DHCP. All inter-VLAN routing is handled by OPNsense on sa-edge-01.
Switching Philosophy
sa-sw-01 carries the OPNsense LAN trunk plus the Corosync heartbeat, VM Services, Kubernetes, storage, and backup VLANs. Proxmox management (VLAN 20) and IPMI (VLAN 10) are intentionally offloaded to sa-sw-02 and sa-sw-03, which frees Netgear ports for a dedicated Corosync (VLAN 25) uplink from sa-edge-01. The demoted UniFi Gateway Max sits behind OPNsense as a VLAN 253 transit device and is bootstrap/fallback only.
Access switch uplinks run over 10 G SFP+ DAC cables to the combo slots sa-sw-01 15F/16F (moved off copper on 2026-06-08), leaving all four RJ45 PoE++ ports per access switch free for devices.
Per-Node NIC Wiring
| Host | NIC | Connects to | VLANs / Role |
|---|---|---|---|
sa-edge-01 | Onboard 10G #1 | ISP handoff (WAN) | Fios 2 Gbps — no VLAN |
sa-edge-01 | Onboard 10G #2 | sa-sw-01 port 1 | OPNsense LAN trunk — tagged 10,20,25,30,40,50,60,70,80,90,100,110,120,253 |
sa-edge-01 | Onboard 1G #1 | sa-sw-02 port 1 | 20 Proxmox mgmt (access, offloaded) |
sa-edge-01 | Onboard 1G #2 | sa-sw-01 port 2 | 25 Corosync — dedicated access port |
sa-edge-01 | IPMI | sa-sw-02 port 2 | 10 Network Mgmt / IPMI (access, offloaded) |
sa-stor-01 | Onboard 1G i210 (red RJ45) | sa-sw-02 port 3 | 20 Proxmox mgmt (access, offloaded) |
sa-stor-01 | Onboard 10G AQC107 | — | unused / non-critical only — atlantic driver instability; never mgmt or Corosync |
sa-stor-01 | IPMI | sa-sw-02 port 4 | 10 Network Mgmt / IPMI (access, offloaded) |
sa-stor-01 | XL710 port 1 | sa-sw-01 port 3 | 25 30 Corosync shared trunk (no dedicated link — one onboard 1GbE, AQC107 avoided) |
sa-stor-01 | XL710 port 2 | sa-sw-01 port 4 | 40 50 100 |
sa-stor-01 | XL710 port 3 | sa-sw-01 port 5 | 60 Storage / Ceph public |
sa-stor-01 | XL710 port 4 | sa-sw-01 port 6 | 90 Backup / Replication |
sa-cmp-01 | Built-in 1G NIC | sa-sw-03 port 1 | 20 Proxmox mgmt (access, offloaded) |
sa-cmp-01 | X550-T2 port 1 | sa-sw-01 port 8 | 25 30 40 100 Corosync shared trunk (no spare NIC) |
sa-cmp-01 | X550-T2 port 2 | sa-sw-01 port 9 | 60 90 |
sa-cmp-02 | Built-in 1G NIC | sa-sw-03 port 2 | 20 Proxmox mgmt (access, offloaded) |
sa-cmp-02 | X550-T2 port 1 | sa-sw-01 port 10 | 25 30 40 100 Corosync shared trunk (no spare NIC) |
sa-cmp-02 | X550-T2 port 2 | sa-sw-01 port 11 | 60 90 |
Corosync on sa-stor-01 and ThinkPads
sa-stor-01 has a single onboard 1GbE (Intel i210, used for Proxmox mgmt). Its onboard 10G (Aquantia AQC107, atlantic driver) is avoided for critical traffic, so VLAN 25 (Corosync) rides XL710 port 1 as a tagged trunk alongside VLAN 30 — no dedicated link. sa-cmp-01 and sa-cmp-02 have no spare NIC; Corosync rides X550-T2 port 1 alongside VLANs 30, 40, 100. Only sa-edge-01 has a dedicated Corosync access port (onboard 1G #2 → sa-sw-01 port 2).
sa-sw-01 — Netgear XS716T Core Switch
16-port 10 Gb switch. Uses 14 of 16 ports. Ports 15 and 16 are combo slots; SFP+ side (15F/16F) is populated with DAC cables — RJ45 sides (15T/16T) are therefore unavailable.
| Port | Device / NIC | Mode | VLANs |
|---|---|---|---|
| 1 | sa-edge-01 OPNsense LAN (onboard 10G #2) | Trunk | Tagged 10 20 25 30 40 50 60 70 80 90 100 110 120 253 |
| 2 | sa-edge-01 Corosync (onboard 1G #2) | Access | Untagged 25 |
| 3 | sa-stor-01 XL710 port 1 (VM Services + Corosync) | Trunk | Tagged 25 30 |
| 4 | sa-stor-01 XL710 port 2 | Trunk | Tagged 40 50 100 |
| 5 | sa-stor-01 XL710 port 3 | Trunk | Tagged 60 |
| 6 | sa-stor-01 XL710 port 4 | Trunk | Tagged 90 |
| 7 | Spare — no 2nd onboard 1GbE on sa-stor-01; AQC107 avoided for Corosync | — | — |
| 8 | sa-cmp-01 X550-T2 port 1 (Corosync shared) | Trunk | Tagged 25 30 40 100 |
| 9 | sa-cmp-01 X550-T2 port 2 | Trunk | Tagged 60 90 |
| 10 | sa-cmp-02 X550-T2 port 1 (Corosync shared) | Trunk | Tagged 25 30 40 100 |
| 11 | sa-cmp-02 X550-T2 port 2 | Trunk | Tagged 60 90 |
| 12 | Emergency admin / spare (relocated 2026-06-08 from p16) | Access | Untagged 10 or 20 |
| 13 | Spare — freed copper (was XG #2 uplink before SFP+ move) | — | — |
| 14 | UniFi Gateway Max WAN (demoted, copper RJ45) | Access | Untagged 253 UniFi WAN transit |
| 15F | sa-sw-02 uplink — SFP+ DAC | Trunk | Tagged 10 20 100 110 120 |
| 16F | sa-sw-03 uplink — SFP+ DAC | Trunk | Tagged 10 20 100 110 120 |
SFP+ combo slots 15F/16F
The uplinks to sa-sw-02 and sa-sw-03 moved from copper RJ45 (p12/p13) to SFP+ DAC on 2026-06-08 to free PoE++ RJ45 ports for sa-ap-01. Because the SFP+ sides (15F/16F) are populated, the copper sides (15T/16T) cannot be used simultaneously. Ports 12 and 13 are now spare copper, with emergency-admin access on p12.
sa-sw-02 — Access Switch (sa-edge-01 + sa-stor-01)
4× 10 G RJ45 (PoE++ 802.3bt) + 2× 10 G SFP+. All four RJ45 ports are occupied. The uplink uses SFP+ port 5 (DAC to sa-sw-01 15F). SFP+ port 6 is spare.
| Port | Device / NIC | Mode | VLAN |
|---|---|---|---|
| 1 (RJ45) | sa-edge-01 Proxmox mgmt (onboard 1G #1) | Access | 20 Proxmox Management |
| 2 (RJ45) | sa-edge-01 IPMI | Access | 10 Network Mgmt / IPMI |
| 3 (RJ45) | sa-stor-01 Proxmox mgmt (onboard 1G i210) | Access | 20 Proxmox Management |
| 4 (RJ45) | sa-stor-01 IPMI | Access | 10 Network Mgmt / IPMI |
| 5 (SFP+) | Uplink → sa-sw-01 15F (SFP+ DAC) | Trunk | Tagged 10 20 100 110 120 |
| 6 (SFP+) | Spare | — | — |
sa-sw-03 — Access Switch (ThinkPads + AP)
4× 10 G RJ45 (PoE++ 802.3bt) + 2× 10 G SFP+. Ports 1–3 occupied; port 4 reserved for a future second AP. The uplink uses SFP+ port 5 (DAC to sa-sw-01 16F). SFP+ port 6 is spare.
| Port | Device / NIC | Mode | VLAN |
|---|---|---|---|
| 1 (RJ45) | sa-cmp-01 (P51) Proxmox mgmt | Access | 20 Proxmox Management |
| 2 (RJ45) | sa-cmp-02 (P52) Proxmox mgmt | Access | 20 Proxmox Management |
| 3 (RJ45, PoE++) | sa-ap-01 — UniFi U7 Pro XGS | Hybrid | Native 10 + Tagged 100 110 120 |
| 4 (RJ45, PoE++) | Spare — reserved for future 2nd AP | — | — |
| 5 (SFP+) | Uplink → sa-sw-01 16F (SFP+ DAC) | Trunk | Tagged 10 20 100 110 120 |
| 6 (SFP+) | Spare | — | — |
sa-ap-01 — UniFi U7 Pro XGS (added 2026-06-08)
WiFi 7, 8-stream AP. Primary uplink is 10 GbE; it draws ~29 W PoE++ (802.3bt). Port profile: native (untagged) VLAN 10 for AP management, tagged VLANs 100 (Lab / Trusted Client), 110 (IoT), 120 (Guest WiFi) — matching the trunk VLANs already on the sa-sw-03 uplink. The AP's secondary 1GbE port is unused. No external PoE injector; power comes from sa-sw-03 port 3.
VLAN 253 — UniFi WAN Transit
VLAN 253 is tagged on sa-edge-01's OPNsense LAN trunk (port 1) so OPNsense can provide the WAN gateway (10.10.253.1) to the demoted UniFi Gateway Max. The Gateway Max WAN port lands on sa-sw-01 port 14, configured as an untagged VLAN 253 access port. The Gateway Max LAN side continues to serve existing Wi-Fi users and clients under double NAT — this is intentional.
Access switch uplink VLANs
sa-sw-02 and sa-sw-03 uplinks carry only VLANs 10, 20, 100, 110, and 120. They never carry VLANs 25, 30, 40, 50, 60, 65, 70, 80, or 90. Corosync, VM, K8s, storage, and backup traffic stays on sa-sw-01 only.
Related Pages
- Site B Port Map — equivalent port map for
sb-sw-01andsb-sw-02 - Switch Operations — VLAN provisioning, LACP, and switch management procedures
- VLAN Reference — full VLAN table with subnets and gateways
- Per-Site Inventory — NIC models, RAM, and storage per host
Switching & Cabling
Switch tier roles, VLAN carry rules, and cabling policy for Site A and Site B. Netgear 10 Gb core switches handle server and infrastructure traffic; access switches handle IPMI, APs, and user devices.
Site B Port Map
Authoritative switch port map for Site B: sb-sw-01 (Netgear XS748T 48-port 10 Gb core) and sb-sw-02 (UniFi USW 24 PoE access), with per-node NIC-to-VLAN wiring for all five compute nodes and the edge device.