Port Mappings

Source: Marc Mercer (SRE Lead) — sre-iac repository, Rev 1.0, 2026-02-24

This document covers physical port → connection mappings only. For VLAN/IP assignments see VLAN & IP Allocation.

Naming Convention

Type	Pattern	Example
Server data port	<hostname>-p<N>	m35g9-stk01-p1 (eno1)
Server iLO port	<hostname>-ilo	m35g9-ilo01
UPS management port	<model>-<unit>	smt15c-apc01
NAS port	<hostname>-p<N>	qnap-01-p1
Workstation port	<hostname>-p<N>	ser5-fed4201-p1
DMZ appliance port	<hostname>-p<N>	ser7-opn01-p1
Controller port	<hostname>-p<N>	oc200-01-p1
Switch/router	native interface naming	ge-0/0/1, SFP+ 1, etc.

Server port numbering: p1=eno1, p2=eno2, p3=eno3, p4=eno4, piLO=dedicated iLO NIC.

OOB Management IP Assignments (VLAN 100 — 192.168.169.0/24)

IP Address	Device	Description
192.168.169.1	srx320-01 (irb.100)	Router OOB management gateway
192.168.169.33	ex2200t-01 (vlan.100)	Network switch management
192.168.169.34	ex2200p-01 (vlan.100)	OOB switch management
192.168.169.35	ex2200t-02 (vlan.100)	Storage switch management
192.168.168.x	iLO/IPMI	Server management interfaces

---

Part 1 — Interim (Juniper Hardware, 1G)

srx320-01 — Edge Router/Firewall

Port	Connection	Security Zone	Trunk VLANs	Purpose
ge-0/0/0	ISP / FTTH	UNTRUST	—	WAN uplink
ge-0/0/1	ex2200t-01 (LACP ae0)	TRUST + DMZ + MGMT	2, 100, 200, 500, 600, 610, 1000–1099	Network switch uplink
ge-0/0/2	ex2200t-01 (LACP ae0)	TRUST + DMZ + MGMT	(same)	LACP pair with ge-0/0/1
ge-0/0/3	—	—	—	Available
ge-0/0/4	—	—	—	Available
ge-0/0/5	Homestead switch	HOMESTEAD	untagged	Lee home network (192.168.125.0/24)

IRB Interfaces:

Interface	IP	Zone	Purpose
irb.2	10.10.96.1/20	TRUST	Legacy Production
irb.100	192.168.169.1/24	MGMT	OOB Management
irb.200	10.20.0.1/24	TRUST	Control Plane
irb.500	10.50.0.1/24	TRUST	Provider
irb.600	10.60.0.1/24	DMZ	DMZ

---

ex2200t-01 — Network Switch (24× 1G + 4× SFP)

VLANs: 2 (Legacy), 100 (Management), 200 (Control), 500 (Provider), 600 (DMZ), 610 (HA Sync), 1000–1099 (Tenant) Management: 192.168.169.33 (VLAN 100)

Port	Connection	LACP Group	Purpose
ge-0/0/0	srx320-01 ge-0/0/1	ae0 (router uplink)	SRX LACP member 1
ge-0/0/1	srx320-01 ge-0/0/2	ae0 (router uplink)	SRX LACP member 2
ge-0/0/2	m35g9-stk01-p1	ae1 (stk01-net)	Server 1 eno1 — bond-net
ge-0/0/3	m35g9-stk01-p2	ae1 (stk01-net)	Server 1 eno2 — bond-net
ge-0/0/4	m35g9-stk02-p1	ae2 (stk02-net)	Server 2 eno1 — bond-net
ge-0/0/5	m35g9-stk02-p2	ae2 (stk02-net)	Server 2 eno2 — bond-net
ge-0/0/6	m35g9-stk03-p1	ae3 (stk03-net)	Server 3 eno1 — bond-net
ge-0/0/7	m35g9-stk03-p2	ae3 (stk03-net)	Server 3 eno2 — bond-net
ge-0/0/8	m35g9-pmx01-p1	ae4 (pmx01-net)	Server 4 eno1 — bond-net
ge-0/0/9	m35g9-pmx01-p2	ae4 (pmx01-net)	Server 4 eno2 — bond-net
ge-0/0/10	ser5-fed4201-p1	ae5 (ws-net)	Workstation eno1 — bond-net
ge-0/0/11	ser5-fed4201-p2	ae5 (ws-net)	Workstation eno2 — bond-net
ge-0/0/12	qnap-01-p1	—	NAS — single link
ge-0/0/13–22	—	—	Available
ge-0/0/23	ex2200p-01 ge-0/0/23	—	Inter-switch trunk (VLAN 100 only) — OOB path

---

ex2200t-02 — Storage Switch (24× 1G + 4× SFP)

VLANs: 100 (OOB only), 300 (Ceph Public), 400 (Ceph Cluster) Management: 192.168.169.35 (VLAN 100 via OOB trunk)

Storage Isolation

NO uplink to router for storage traffic. VLANs 300/400 are a completely isolated storage fabric.

Port	Connection	LACP Group	Purpose
ge-0/0/0	m35g9-stk01-p3	ae1 (stk01-stor)	Server 1 eno3 — bond-stor
ge-0/0/1	m35g9-stk01-p4	ae1 (stk01-stor)	Server 1 eno4 — bond-stor
ge-0/0/2	m35g9-stk02-p3	ae2 (stk02-stor)	Server 2 eno3 — bond-stor
ge-0/0/3	m35g9-stk02-p4	ae2 (stk02-stor)	Server 2 eno4 — bond-stor
ge-0/0/4	m35g9-stk03-p3	ae3 (stk03-stor)	Server 3 eno3 — bond-stor
ge-0/0/5	m35g9-stk03-p4	ae3 (stk03-stor)	Server 3 eno4 — bond-stor
ge-0/0/6	m35g9-pmx01-p3	ae4 (pmx01-stor)	Server 4 eno3 — bond-stor (Ceph client)
ge-0/0/7	m35g9-pmx01-p4	ae4 (pmx01-stor)	Server 4 eno4 — bond-stor (Ceph client)
ge-0/0/8–22	—	—	Available
ge-0/0/23	ex2200p-01 ge-0/0/8	—	Inter-switch trunk (VLAN 100 only) — OOB path

---

ex2200p-01 — OOB Management Switch (24× 1G PoE + 4× SFP)

VLAN: 100 only Management: 192.168.169.34

Port	Connection	Purpose
ge-0/0/0	m35g9-ilo01	Server 1 iLO
ge-0/0/1	m35g9-ilo02	Server 2 iLO
ge-0/0/2	m35g9-ilo03	Server 3 iLO
ge-0/0/3	m35g9-ilo04	Server 4 iLO
ge-0/0/4	smt15c-apc01	UPS 1 management
ge-0/0/5	smt15c-apc02	UPS 2 management
ge-0/0/6	smt15c-apc03	UPS 3 management
ge-0/0/7	smt15c-apc04	UPS 4 management
ge-0/0/8	ex2200t-02 ge-0/0/23	Inter-switch trunk (VLAN 100) — storage switch OOB
ge-0/0/9–22	—	Available
ge-0/0/23	ex2200t-01 ge-0/0/23	Inter-switch trunk (VLAN 100) — primary OOB path

---

OOB Management Topology (VLAN 100)

                    ┌─────────────────┐
                    │  ser5-fed4201   │
                    │  (Workstation)  │
                    └────────┬────────┘
                             │ ae5 (VLAN 100 tagged)
                             ▼
┌─────────────────┐  ae0    ┌─────────────────┐
│    srx320-01    │◄───────►│   ex2200t-01    │
│  irb.100 = .1   │ VLAN100 │  vlan.100 = .33 │
└─────────────────┘  trunk  └────────┬────────┘
                                     │ ge-0/0/23 (VLAN 100 trunk)
                                     ▼
┌─────────────────┐ ge-0/0/8 ┌─────────────────┐
│   ex2200t-02    │◄─────────│   ex2200p-01    │◄─── iLO × 4
│  vlan.100 = .35 │ VLAN100  │  vlan.100 = .34 │◄─── UPS × 4
└─────────────────┘  trunk   └─────────────────┘

OOB Access Paths from Workstation (ae5, VLAN 100 tagged):

• → ex2200t-01 → srx320-01 (192.168.169.1)
• → ex2200t-01 (192.168.169.33)
• → ex2200t-01 → ge-0/0/23 → ex2200p-01 (192.168.169.34)
• → ex2200t-01 → ge-0/0/23 → ex2200p-01 → iLO × 4, UPS × 4
• → ex2200t-01 → ge-0/0/23 → ex2200p-01 → ge-0/0/8 → ex2200t-02 (192.168.169.35)

---

Part 2 — Target (Omada + Juniper OOB)

The target architecture adds 10G SFP+ uplinks per server while maintaining identical VLAN IDs and IP allocations. Each server gains dual paths per plane (10G primary + 1G LACP fallback).

er74m-01 — Edge Router (TP-Link ER7412-M2)

Port	Connection	Zone	Purpose
WAN (10G SFP+)	ISP / FTTH	UNTRUST	WAN uplink
2.5G Port 1	ser7-opn01-p1	DMZ	OPNsense HA primary
2.5G Port 2	ser7-opn02-p1	DMZ	OPNsense HA secondary
1G Port (LACP)	sx3008-01	TRUST + DMZ + MGMT	Network switch primary uplink
1G Port (LACP)	sg3428-01	TRUST + DMZ + MGMT	Network switch secondary uplink
1G Port (LACP)	sg3452-01	HOMESTEAD	Lee home network

sx3008-01 — 10G Network Switch

Carries: 200 (Control), 500 (Provider), 600 (DMZ), 610 (HA Sync), 1000–1099 (Tenant)

Each server connects via 10G SFP+ (bond-net primary path). Router uplink via 10G SFP+.

sx3008-02 — 10G Storage Switch (Isolated)

Carries: 300 (Ceph Public), 400 (Ceph Cluster) only. No router uplink.

Each server connects via 10G SFP+ (bond-stor primary path).

sg3428-01 — 1G Network Switch (Fallback)

Carries: 200, 500, 600, 610, 1000–1099. 1G LACP bonds from each server (bond-net fallback path). QNAP NAS, workstation.

sg3428-02 — 1G Storage Switch (Fallback, Isolated)

Carries: 300, 400 only. No router uplink. 1G LACP bonds from each server (bond-stor fallback path).

ex2200-01 — OOB Switch (Repurposed from Interim)

Carries: VLAN 100 only. Same port assignments as ex2200p-01 in interim (iLO × 4, UPS × 4). Adds Omada controller (oc200-01, PoE powered).

DMZ Appliances (Bare-Metal in Target)

Device	Port 1	Port 2
ser7-opn01	2.5G → er74m-01 port 1 (DMZ inbound)	Cross-connect → ser7-opn02 port 2 (HA sync)
ser7-opn02	2.5G → er74m-01 port 2 (DMZ inbound)	Cross-connect → ser7-opn01 port 2 (HA sync)

Direct physical connections — no switch in the DMZ path.

---

Document Control

Rev	Date	Author	Description
1.0	2026-02-24	Marc Mercer	Initial release