USW Lite 16 PoE Port Organization and Configuration Guide

Overview

This guide documents the optimized port assignment for the Ubiquiti USW Lite 16 PoE switch and provides step-by-step configuration instructions for both UniFi and vSphere environments.

Current Network Architecture 

┌─────────────────────────────┐
│    USW Lite 16 PoE          │ (Management Infrastructure)
│    ├── Port 1: US-8-60W     │ (Uplink to NUC cluster)
│    ├── Port 2: Mac Pro #2   │ (DVS connection)
│    ├── Port 3: MS-A2 #1     │ (Reserved)
│    ├── Port 4: Mac Pro #1   │ (Management)
│    ├── Port 5: Carbonite 1  │
│    ├── Port 6: MS-A2 #2     │ (Reserved)
│    ├── Port 7: Carbonite 2  │
│    ├── Port 8: MS-A2 #3     │ (Reserved)
│    ├── Port 11: Lutron IoT  │
│    ├── Port 13: Laptop      │ (Temporary)
│    ├── Port 15: Laptop      │ (Temporary)
│    └── Port 16: UAP-AC-Lite │
└─────────────────────────────┘

Port Assignment Plan

Infrastructure Block (Ports 1-8)

Port Device Profile VLANs Purpose Status
1 US-8-60W Uplink Switch-Trunk All VLANs Trunk to NUC cluster Active
2 Mac Pro NIC 2 ESXi-Host-Trunk 20,30,40,50,100,110,200 DVS connection Configure
3 MS-A2 #1 ESXi-Host-Trunk All VLANs VCF management host Reserved
4 Mac Pro NIC 1 Management-Only 10 Primary management Active
5 Carbonite NIC 1 Management-Only 10 Management only Active
6 MS-A2 #2 ESXi-Host-Trunk All VLANs VCF workload host Reserved
7 Carbonite NIC 2 Management-Only 10 Management only Active
8 MS-A2 #3 ESXi-Host-Trunk All VLANs VCF workload host Reserved

Flexible Block (Ports 9-16)

Port Device Profile VLANs Purpose Status
9-10 Available - - Future expansion Open
11 Lutron IoT Hub Default Native IoT device Active
12 Available - - Future expansion Open
13 Laptop Default Native Temporary user device Removable
14 Available - - Future expansion Open
15 Laptop Default Native Temporary user device Removable
16 UAP-AC-Lite ESXi-Host-Trunk All VLANs Wireless AP Active

VLAN Configuration

VLAN Assignments

VLAN ID Name Purpose Subnet MTU
10 Management ESXi management, vCenter 192.168.10.0/24 1500
20 vMotion VM migration traffic 192.168.20.0/24 9000
30 Storage iSCSI, NFS traffic 192.168.30.0/24 9000
40 NSX-TEP NSX tunnel endpoints 192.168.40.0/24 1600

Profile Definitions

Note: These profiles align with the established configuration in UniFi Switch Configuration Guide.

“ESXi-Host-Trunk” Profile

  • Native VLAN: 10 (Management)
  • Tagged VLANs: 20 (vMotion), 30 (Storage), 40 (NSX-TEP), 50 (NSX-Edge-Uplink), 100 (TKG-Management), 110 (TKG-Workload), 200 (NUC-Management)
  • Usage: ESXi hosts and infrastructure needing all VLANs
  • Advanced: Storm Control enabled (10% broadcast/multicast)

“Management-Only” Profile

  • Native VLAN: 10 (Management)
  • Tagged VLANs: None
  • Usage: Management-only devices, single-purpose infrastructure
  • Advanced: Storm Control enabled

“Switch-Trunk” Profile

  • Native VLAN: 10 (Management)
  • Tagged VLANs: All Networks (10, 20, 30, 40, 50, 100, 110, 200)
  • Usage: Inter-switch trunk links, uplinks
  • Advanced: Storm Control disabled (trunk links)

“Default” Profile

  • Native VLAN: 1 (Default/Native)
  • Tagged VLANs: None
  • Usage: User devices, IoT, laptops

Configuration Instructions

Part 1: UniFi CloudKey Gen 2 Configuration

Step 1: Access UniFi Network Controller

  1. Login to UniFi Controller

    URL: https://<cloudkey-ip>:8443
Credentials: Your UniFi admin credentials

  2. Navigate to Devices

    • Click Devices in left sidebar
    • Select your USW Lite 16 PoE switch

Step 2: Configure Switch Port Profiles

  1. Access Port Management
    • Click on the USW Lite 16 PoE switch
    • Go to Ports tab
    • Click Port Manager button

  2. Create/Verify Profiles

    Note: These profiles should already exist from the UniFi Switch Configuration Guide. If not, create them as follows:

    “ESXi-Host-Trunk” Profile Configuration 

    Profile Name: ESXi-Host-Trunk
Native VLAN: Management (10)
Tagged VLANs: vMotion (20), vSAN (30), NSX-TEP (40), NSX-Edge-Uplink (50), 
              TKG-Management (100), TKG-Workload (110), NUC-Management (200)
Advanced Settings:
  Storm Control: Enabled (10% broadcast, 10% multicast)
  Port Isolation: Off

    “Management-Only” Profile Configuration 

    Profile Name: Management-Only
Native VLAN: Management (10)
Tagged VLANs: None
Advanced Settings:
  Storm Control: Enabled
  Port Isolation: Off

    “Switch-Trunk” Profile Configuration 

    Profile Name: Switch-Trunk
Native VLAN: Management (10)
Tagged VLANs: All Networks
Advanced Settings:
  Storm Control: Disabled (for trunk links)
  STP: Enabled

    “Default” Profile Configuration 

    Profile Name: Default
Native VLAN: Default (1)
Tagged VLANs: None

Step 3: Assign Port Profiles

  1. Infrastructure Ports (1-8)

    # For each port, click the port number and select profile:
Port 1: Profile = "Switch-Trunk"     # US-8-60W Uplink
Port 2: Profile = "ESXi-Host-Trunk"  # Mac Pro NIC 2 (CHANGE FROM MANAGEMENT-ONLY)
Port 3: Profile = "ESXi-Host-Trunk"  # MS-A2 #1 (Reserved)
Port 4: Profile = "Management-Only"  # Mac Pro NIC 1 (Keep current)
Port 5: Profile = "Management-Only"  # Carbonite NIC 1
Port 6: Profile = "ESXi-Host-Trunk"  # MS-A2 #2 (Reserved)
Port 7: Profile = "Management-Only"  # Carbonite NIC 2
Port 8: Profile = "ESXi-Host-Trunk"  # MS-A2 #3 (Reserved)

  2. Flexible Ports (9-16)

    Port 11: Profile = "Default"         # Lutron IoT Hub
Port 13: Profile = "Default"         # Laptop (Temporary)
Port 15: Profile = "Default"         # Laptop (Temporary)
Port 16: Profile = "ESXi-Host-Trunk" # UAP-AC-Lite

Step 4: Apply Configuration

  1. Save Changes
    • Click Apply Changes button
    • Wait for switch to provision (may take 1-2 minutes)
  2. Verify Port Status
    • Check that all ports show connected status
    • Verify no devices lost connectivity

Step 5: Add Port Labels (Optional)

  1. Label Ports for Future Reference

    Port 1: "US-8-60W-Uplink"
Port 2: "MacPro-DVS-NIC2"
Port 3: "MS-A2-Management-Host"
Port 4: "MacPro-Management-NIC1"
Port 5: "Carbonite-NIC1"
Port 6: "MS-A2-Workload-Host-1"
Port 7: "Carbonite-NIC2"
Port 8: "MS-A2-Workload-Host-2"
Port 11: "Lutron-IoT-Hub"
Port 13: "Laptop-Temp-1"
Port 15: "Laptop-Temp-2"
Port 16: "UAP-AC-Lite-Office"

Part 2: vSphere Configuration

Step 1: Mac Pro DVS Integration

Option A: vCenter Web Client Configuration

  1. Access vCenter Server

    URL: https://<vcenter-fqdn>/ui
Login: administrator@vsphere.local
  2. Navigate to Networking
    • Go to MenuNetworking
    • Select your Distributed Switch
  3. Add Mac Pro to DVS
    • Right-click distributed switch
    • Select Add and Manage Hosts
    • Choose Add hosts
    • Select Mac Pro host
    • Click Next

  4. Configure Physical Adapters

    vmnic0: Leave on vSwitch0 (Management)
vmnic1: Assign to Distributed Switch (Port 2 connection)
  5. Create VMkernel Adapters

    • Storage VMkernel (vmk1):

      Port Group: Storage (VLAN 30)
IP Address: 192.168.30.100/24
Services: None

    • vMotion VMkernel (vmk2):

      Port Group: vMotion (VLAN 20)
IP Address: 192.168.20.100/24
Services: vMotion

Option B: ESXi Host CLI Configuration

  1. SSH to Mac Pro

    ssh root@macpro.markalston.net

  2. Verify Current Configuration

    # Check current network adapters
esxcli network nic list
   
# Check current vSwitches
esxcli network vswitch standard list
   
# Check current VMkernel adapters
esxcli network ip interface list

  3. Add vmnic1 to Distributed Switch

    # Add vmnic1 to DVS (replace <dvs-name> with actual DVS name)
esxcli network vswitch dvs vmware add -v <dvs-name> -p vmnic1

  4. Create VMkernel Adapters

    Storage VMkernel:

    # Create storage VMkernel on DVS
esxcli network ip interface add -i vmk1 -d <dvs-name> -P "Storage"
esxcli network ip interface ipv4 set -i vmk1 -I 192.168.30.100 -N 255.255.255.0 -t static

    vMotion VMkernel:

    # Create vMotion VMkernel on DVS
esxcli network ip interface add -i vmk2 -d <dvs-name> -P "vMotion"
esxcli network ip interface ipv4 set -i vmk2 -I 192.168.20.100 -N 255.255.255.0 -t static
esxcli network ip interface tag add -i vmk2 -t VMotion

Step 2: Verify Configuration

  1. Check Network Connectivity

    # Test management network (should work via vmnic0/vSwitch0)
vmkping -I vmk0 192.168.10.1
   
# Test storage network (via vmnic1/DVS)
vmkping -I vmk1 192.168.30.1
   
# Test vMotion network (via vmnic1/DVS)
vmkping -I vmk2 192.168.20.1

  2. Verify VMkernel Adapters

    esxcli network ip interface list | grep -E "vmk[0-9]"

  3. Check DVS Configuration

    esxcli network vswitch dvs vmware list

Validation and Testing

Network Connectivity Tests

  1. From Mac Pro ESXi Console

    # Test each VMkernel interface
vmkping -I vmk0 -c 3 192.168.10.1    # Management
vmkping -I vmk1 -c 3 192.168.30.10   # Storage (NAS)
vmkping -I vmk2 -c 3 192.168.20.8    # vMotion (NUC-01)

  2. From UniFi Console

    • Verify port status shows connected
    • Check traffic statistics on configured ports
    • Confirm VLAN assignments in port details

Troubleshooting

Common Issues

  1. Port 2 Configuration Change
    • Symptom: Mac Pro loses network connectivity on vmnic1
    • Solution: Verify “All” profile applied correctly to Port 2
    • Check: UniFi port status and VLAN assignments
  2. DVS Communication Issues
    • Symptom: Cannot create VMkernel adapters on DVS
    • Solution: Verify DVS exists and Mac Pro is added as host
    • Check: vCenter networking view for DVS membership
  3. VLAN Connectivity Problems
    • Symptom: VMkernel ping fails to specific VLANs
    • Solution: Verify VLAN configuration on both UniFi and DVS
    • Check: Port profile includes required VLAN tags

Recovery Procedures

  1. Management Network Recovery

    # If management network fails, access via console
# Verify vmnic0 stays on vSwitch0
esxcli network vswitch standard list
esxcli network vswitch standard portgroup list

  2. DVS Rollback

    # Remove vmnic1 from DVS if needed
esxcli network vswitch dvs vmware remove -v <dvs-name> -p vmnic1
   
# Add back to standard switch if necessary
esxcli network vswitch standard add -v vSwitch1
esxcli network vswitch standard uplink add -v vSwitch1 -u vmnic1

Future Expansion

MS-A2 Deployment (Ports 3, 6, 8)

When deploying MS-A2 hosts:

  1. Physical Connection
    • Connect MS-A2 NIC 1 to reserved port (3, 6, or 8)
    • Connect MS-A2 SFP+ ports to future 10G switch
  2. Port Configuration
    • Ports already configured with “All” profile
    • No UniFi changes needed
  3. ESXi Configuration
    • Configure management on 1GbE port
    • Configure storage/vMotion on 10G ports (future)

10G Network Integration

When USW-Aggregation is deployed:

  1. Uplink Migration
    • Move high-bandwidth devices to 10G switch
    • Keep management traffic on 1GbE infrastructure
  2. Port Reassignment
    • Some reserved ports may become available
    • Consider consolidating connections

Documentation References

Maintenance Notes

Regular Checks

  1. Monthly: Verify port utilization and traffic patterns
  2. Quarterly: Review VLAN assignments and profiles
  3. Before Changes: Always verify console access to Mac Pro

Change Management

  1. Document Changes: Update this guide with any modifications
  2. Test Connectivity: Always test after configuration changes
  3. Backup Configs: Export UniFi and vCenter configurations before major changes

Last Updated: 2025-01-29
Author: Mark Alston
Version: 1.0

This project is for educational and home lab purposes.