ProSoundWeb Community
Sound Reinforcement - Forums for Live Sound Professionals - Your Displayed Name Must Be Your Real Full Name To Post In The Live Sound Forums => LAB: The Classic Live Audio Board => Topic started by: Riley Casey on January 19, 2015, 04:08:15 PM
-
I have seen discussion of being able to split the ports on a switch such that some are isolated into a separate network for use in connections ( such as a wifi ) that do not want to mix traffic with Dante data. In Googling around for pointers on this I find WAY too much information on elements of VPN set up that are pretty clearly not applicable to what I want to do. Does anyone have a link to a concise rendition of setting Cisco or Netgear switches create a VPN on some portion of the ports?
-
Hi Riley,
From what you say you want to be looking up VLAN not VPN
-
I have seen discussion of being able to split the ports on a switch such that some are isolated into a separate network for use in connections ( such as a wifi ) that do not want to mix traffic with Dante data. In Googling around for pointers on this I find WAY too much information on elements of VPN set up that are pretty clearly not applicable to what I want to do. Does anyone have a link to a concise rendition of setting Cisco or Netgear switches create a VPN on some portion of the ports?
As Sunil says, you're probably looking for a VLAN setup. There's some good info on the Yamaha website http://www.yamahaproaudio.com/global/en/training_support/selftraining/dante_guide/
-
Here is a good little tutorial on configuring a Cisco SG500 series switch. http://www.firewall.cx/cisco-technical-knowledgebase/cisco-switches/885-cisco-switches-sg500-52p.html
There is a bit more required than just creating a couple VLans and assigning ports to a specific VLan.
-
Ah ha ! Looking for the right term would have made for a much better start. Thanks for the pointers.
-
Ah ha ! Looking for the right term would have made for a much better start. Thanks for the pointers.
Yes, all you need is to use VLAN's for the port, don't chance config of the Yamaha.
The Cisco small biz stuff is actually harder to use that the enterprise switches you configure from a command line.
Here are the gotcha's in your gear:
1 - Make sure you set the PVID for the VLAN you want the port to be a member of
2 - In the port to VLAN table make sure you exclude the other active VLAN's from the port, even if the port is not a member of that VLAN.
If you allow two VLAN's to a single port really bad things happen and you defeat your purpose.
Good luck!
-
I have seen discussion of being able to split the ports on a switch such that some are isolated into a separate network for use in connections ( such as a wifi ) that do not want to mix traffic with Dante data. In Googling around for pointers on this I find WAY too much information on elements of VPN set up that are pretty clearly not applicable to what I want to do. Does anyone have a link to a concise rendition of setting Cisco or Netgear switches create a VPN on some portion of the ports?
How big a network are you talking about?
What are the devices?
I run 2 dante ports from my LS9, the console port and a MacBook into the four switch ports of my router/WAP and use a wireless tablet. The Dante data goes to the MacBook and the tablet controls the LS9. I record 24-32 channels.
I have had no issues with the mixed usage. There really is a lot of capacity in the network gear.
Sent from my iPad using Tapatalk HD
-
Riley,
VLANs are indeed what you want, as pointed out above. A small switch that support VLANs properly would be my choice. In your case you'll configure the switch for a pair of VLANs, placing the wireless access point on the VLAN which supports the need for wireless access. The WAP can be configured to support WPA2 and security won't be a problem.
Creating multiple virtual networks on the switch won't be much of an issue. The real issue will be configuring the VLANS to support your need for one direction security, simplified by your decisions as to what devices are going to be supported by which VLAN, and which devices need access to both, or only one, of the VLANs. Again not a really big deal if you plan properly. Drawings and diagrams are your friend here.
A small MANAGED switch should cost less than $200 and will usually have 8-12 ports on it. The ports can be expanded easily by adding additional switches, or even unmanaged hubs, following the 3-4-5 rule for connectivity, which in most small SOHO networks isn't even a thought.
I highly recommend a small switch from the Cisco 300 series. These switches won't leave you looking for a feature you need which isn't provided on other brand switches, and reliability is insured.
Here are links to a few you might look at.
http://www.cisco.com/c/en/us/products/collateral/switches/small-business-smart-switches/data_sheet_c78-610061.html (http://www.cisco.com/c/en/us/products/collateral/switches/small-business-smart-switches/data_sheet_c78-610061.html)
http://www.secureitstore.com/SF300-24.asp?gclid=CJ_qm_iYy8QCFRMV7Aod8EEAsA# (http://www.secureitstore.com/SF300-24.asp?gclid=CJ_qm_iYy8QCFRMV7Aod8EEAsA#)
-
I run 2 dante ports from my LS9, the console port and a MacBook into the four switch ports of my router/WAP and use a wireless tablet. The Dante data goes to the MacBook and the tablet controls the LS9. I record 24-32 channels.
I have had no issues with the mixed usage. There really is a lot of capacity in the network gear.
Rob, this is obviously working ok for you but I have seen problems with a similar setup where the netgear router would fall over after 12+ hours of use. I'm guessing that the the wireless was being inundated with dante traffic. Playing super safe, my prefered option is to have a switch for the Dante network and a separate WAP for Yamaha control.
edit: changed netgear switch to netgear router
-
I too just run both Dante and console/amplifier control mixed on the same network. I'm using Cisco SG300 switches setup as described on yamahaproaudio.com. This ensures that the critical clock and audio packets will get prioritized over other traffic, but there's ton of headroom in most Dante setups, certainly in mine.
I'm often running:
60 channels from two Rios to CL5
16 channels back to Rios
32 channels to a Focusrite Rednet that feeds a MyMix system
4 channels from Shure ULX-D
16 channels from my-slot to a QL1 for Dugan automix
16 channels back from QL1
64 to Macbook for recording
And there's no trouble using the network for both Powersoft Armonia control and CL and QL control simultaneously.
-
Rob, this is obviously working ok for you but I have seen problems with a similar setup where the netgear switch would fall over after 12+ hours of use. I'm guessing that the the wireless was being inundated with dante traffic. Playing super safe, my prefered option is to have a switch for the Dante network and a separate WAP for Yamaha control.
ADE, that makes no sense at all. Something was configured wrong.
In the grand scheme of things it's not that much traffic. VLAN's isolate at layer 2 so the networks can't interfere.
As far as forwarding performance, even the least expensive managed switch will have 4G of forwarding performance.
All they have to do is look at the source and destination MAC address and forward the packed based on a table to the right port. It's not like it's having to deal with IP and route.
-
ADE, that makes no sense at all. Something was configured wrong.
Hi Scott,
I've edited my post, it was a domestic router with Wi-Fi not a switch.
It was three years ago or so but I remember the configuration. 2 laptops, 1 MY card, 1 LS9 connected to a netgear router with Wi-Fi for StageMix and RDP. DHCP enabled and all on the same subnet. We are talking basic here, 6 channels of DVS playback and 2 record on one laptop, control and backup analogue playback on the second laptop. No QOS, no VLANs.
I'd previously used this router a number of times without dante and it had been ok. With the Dante setup I remember having to reboot the router 3 or 4 times over a 3 day event. Maybe, one of the laptops was connecting via Wi-Fi as well as well as ethernet, I suspect this may have been the case, and the router tried to route dante through the Wi-Fi.
I don't have a general problem with Dante and control being on the same network (or same segment as long as there is at least some QOS). From my early experience, it's putting it all on these little 4 port routers that I would question.
-
Yes...you said a netgear switch not a consumer router with a few switchports. That is an incomprehensible configuration.
-
Yes...you said a netgear switch not a consumer router with a few switchports. That is an incomprehensible configuration.
What is it that is incomprehensible?
However, I believe many of the consumer wifi routers with local ports are switches (say, 4 external ports and 2 internal ports for the AP and the router). Not many except for some very low end units are hubs anymore.
I use a Netgear consumer unit with no trouble at all. Ever.
Sent from my iPad using Tapatalk HD
-
I'm reading through these posts and see that there is a myriad of misconception and inaccurate advice. The OPs request was to separate his existing flat network (single broadcast domain), into a pair of networks which do not have the capability to pass network traffic between each other. This is done by creating a pair of VLANs using an intelligent manageable switch. In Rileys case he was specific in his first post, however, at some point in time Riley may need to consider the need for each and the other LAN to converse, accept packets from each other. This could be for the use of DHCP, data movement, etc., but at some point this will become the case.
The classic home router provided by the ISP will often have any number of ports where additional workstations can be attached. Yes, these ports are considered to be a switch, however, in most cases they can not be managed and are useless for Rileys specific application, separating the LAN. All ports see all traffic, and this is the typical design of most combo router/switch devices.
A router could be used to separate the LAN. Routers work at layer 3 (network layer) of the ISO model. Routers drop and do NOT forward broadcast traffic effectively isolating the two LANs, just as your home private network is isolated from the licensed IP addresses of the internet. Configuration of the router for this project would become a nightmare for Riley, requiring updated routing tables with the change of each physical device.
The proper way for Riley to separate his network into a pair of LANs is through the use of a managed switch. The managed switch will support both LANs through the assignment of virtual LANs (VLAN). Each of the two (2) VLANs will be assigned to a group of ports, separating the those ports and the hardware attached from one and the other. Port assignment of this type is known as creating a STATIC VLAN.
Generally speaking I have not seen a time when intercommunication between two LANs is not, or has not, become a requirement. In the case where this requirement needs to be met then TRUNKING must be applied. With certain switches this means the use of a router. When Cisco switches are used port trunking is configured and the two VLANs are then configured to allow designated devices to converse between each other. This trunking protocol is inherent in almost all decent manageable switches today. The protocol is IEEE 802.1Q, which should show up in the switch specifications. These are just a couple of the reasons I recommended the 300 series switches to Riley in my first post.
If Riley has no need to pass data between the two network, if his WIFI network must be totally secured from the other networks, then a switch with a simple configuration will do the job.
If Riley decides he needs interlan communication then trunking will be part of the solution.
If Riley uses WAP2 and 802.1x level security features, his wireless network will be secure.
Any switch, manageable or not, should be able to handle the number of frames sent by the small number of devices usually attached in the case of a studio, or sound provider. Broadcast and very large events, such as those Mac works with are not the same as being discussed here.
Switches work at both level 2 and 3 of the ISO model.
The ISO model layers are;
Application
Presentation
Session
Transport
Network
Datalink
Physical
Layer one (1) is the physical layer.
Have a good day.
-
Nice explanation Bob.
Sent from my iPad using Tapatalk HD
-
What is it that is incomprehensible?
However, I believe many of the consumer wifi routers with local ports are switches (say, 4 external ports and 2 internal ports for the AP and the router). Not many except for some very low end units are hubs anymore.
I use a Netgear consumer unit with no trouble at all. Ever.
Sent from my iPad using Tapatalk HD
You use a consumer router for Dante? I understand some folks use them for remote control however I can't support putting it in the signal path.
I hope that clarifies my position.
-
You use a consumer router for Dante? I understand some folks use them for remote control however I can't support putting it in the signal path.
I hope that clarifies my position.
I just pulled a bunch of Netgear switches from a Dante setup after having nothing but problems and replaced them with professional, rack-mount managed switches and all problems went away.
-
Nice explanation Bob.
Sent from my iPad using Tapatalk HD
Nice wrong explanation. Sorry Bob but 802.1q vlan trunking is a layer two protocol that allows multiple collision domains (untagged LAN's) to share a common physical media.
Usual application is inter switch communication. It however has nothing to do with routing layer 3 traffic.
Remember we are talking about providing a path for whatever reason between those two networks. This is very common to segment a LAN in an enterprise environment. A router that understands .1q (pronounced dot 1 q) can create virtual interfaces for each vlan on a single physical interface. That router, if used as the gateway for each network allows l3 and above traffic to transit the vlans.
Originally what was being talked about was running two networks in a single collision domain. As Bob pointed out any managed switch allows you to assign ports to vlans. These ports are statically assigned to the vlan. A vlan is by nature a static assignment.
There are really only two take away a for the audio professional.
1. A managed switch should always be used for any critical path traffic. A manages switch allows visibility into layer 2 information such as duplex and speed mismatch, collisions or other performance robbing problems.
2. Managed switches allow you to create virtual LANs and segment the switch. Think of it as several little switches in one box. You can assign any port to any virtual lab
If you need to manage devices in both vlans then you should look at a hybrid layer2/3 switch or running a trunk port to your pc then create an interface on each network for the PC. A switch and router is too much to travel with on the road. This is way out of the original scope of the thread and worthy of another debate.
I am sure a day will come when a network/computer tech will be part of large tours. The network and computers have become too mission critical to leave any question as to who is responsible for the operation and maintenance.
-
I think you better re-read my post Scott. I didn't mention anywhere in my post which layer 802.1q was applicable to, but good for you knowing that if it's a bridging protocol it belongs on layer 2. You count the OSI model layers from the bottom up, so that would be the DATALINK layer in case you're wondering.
-
Just reading between the lines - is the intent to split up one managed switch into two VLANs for primary and redundant without having to buy a second switch?
If so, that's a single point of failure.
-
I think you better re-read my post Scott. I didn't mention anywhere in my post which layer 802.1q was applicable to, but good for you knowing that if it's a bridging protocol it belongs on layer 2. You count the OSI model layers from the bottom up, so that would be the DATALINK layer in case you're wondering.
No hostility intended but you did say:
Generally speaking I have not seen a time when intercommunication between two LANs is not, or has not, become a requirement. In the case where this requirement needs to be met then TRUNKING must be applied. With certain switches this means the use of a router.
To me in this paragraph you associated trunking and routing. While you can certainly create a trunk port to a router it is not a requirement and it does not participate in the IP packet forwarding process.
An equally valid configuration would be to have an untagged port in each VLAN connected to an interface on a router. If you are going to be routing any latency sensitive traffic this is in fact the preferred design. If both VLAN's are trunked on the same PHY the router is a "one armed bandit" and the packets have to ingress and egress the same interface. This adds undesired latency.
For management purposes this is not relevant, only latency sensitive traffic.
-
Trunking of large scale networks will often require routing (layer 3), and additional switches (layer 2), and as I said, "with certain switches". Configuring trunking may require an additional switch. We can converse forever on the benefits and scenarios Riley may encounter, however, he hasn't replied with his actual needs other than the initial post, and until seeing more detail I would probably feel a secure WAP utilizing WPA2 would be his best configuration at this point. Certainly a flat network of the size he'll implement won't produce enough traffic to create a bottleneck if a decent switch is used.
-
Trunking of large scale networks will often require routing (layer 3), and additional switches (layer 2), and as I said, "with certain switches". Configuring trunking may require an additional switch. We can converse forever on the benefits and scenarios Riley may encounter, however, he hasn't replied with his actual needs other than the initial post, and until seeing more detail I would probably feel a secure WAP utilizing WPA2 would be his best configuration at this point. Certainly a flat network of the size he'll implement won't produce enough traffic to create a bottleneck if a decent switch is used.
That's all well beyond the scope, I don't know what your level of network expertise is. I was just making sure the primary concept of tagging and untagging was clear. After all I never mentioned .1q as it is well beyond the scope of the original question.
Until he answers we won't know if he needs two isolated collision domains for the Dante and Management traffic.
-
Wow, I love how PSW can start to become 4chan if given enough time. :P
Thanks for all the interesting and apparently conflicting suggestions. Yes, the original intent was to create separate networks over the same connection path ( fiber generally ) between the console end switches and the stage end RIO boxes. We routinely run multiple consoles and multiple RIO boxes in separate locations and often separate rooms for corporate events. It can often be helpful for me as system tech to connect to the control port of a console and make configuration changes during set up to a console 500 ft and two stories apart. Yamaha and Audinate emphasize keeping any network that might see wifi traffic apart from any network that handles Dante traffic and thus the interest in vLan set ups.
I wouldn't normally run a vlan configuration to allow both primary and secondary Dante networks as we are configured with separate switches in all our console and RIO racks. If how ever I had a switch fail or for some other reason had only a single switch available I would have no compunction about running primary and secondary on a vlan split switch as the redundant cabling is to me the real safety net more so than the redundant switches. Of course the most scary part of any of the networking hardware we use are the cheesy 12 VDC wall wart plugs on the switches.
-
Do they say why no WIFI traffic other than security?
-
Wow, I love how PSW can start to become 4chan if given enough time. :P
Thanks for all the interesting and apparently conflicting suggestions. Yes, the original intent was to create separate networks over the same connection path ( fiber generally ) between the console end switches and the stage end RIO boxes. We routinely run multiple consoles and multiple RIO boxes in separate locations and often separate rooms for corporate events. It can often be helpful for me as system tech to connect to the control port of a console and make configuration changes during set up to a console 500 ft and two stories apart. Yamaha and Audinate emphasis keeping any network that might see wifi traffic apart from any network that handles Dante traffic and thus the interest in vLan set ups.
I wouldn't normally run a vlan configuration to allow both primary and secondary Dante networks as we are configured with separate switches in all our console and RIO racks. If how ever I had a switch fail or for some other reason had only a single switch available I would have no compunction about running primary and secondary on a vlan split switch as the redundant cabling is to me the real safety net more so than the redundant switches. Of course the most scary part of any of the networking hardware we use are the cheesy 12 VDC wall wart plugs on the switches.
Glad for the clarification Riley. My day job is a network engineer FYI.
Enterprise switches don't have wall warts. Good ones have provisions for redundant power supplies. The Cisco 300, while being about the best affordable switch for the masses is hardly an enterprise switch.
You can take this pretty. Far. We can run a protected management network that would be able to access all of the networks. For devices that don't support routing we can do creative NAT. Between redundant runs and Enterprise grade switches (BTW would not go with Cisco, way too expensive. Juniper and HP Procurve are my Enterprise value points currently).
I would love to be part of a project that combines my network expertise and my love for live production. If you want to exchange some network diagrams I would be glad to document my suggestions for your consideration.
Just shoot me a PM. In any case, sounds like a great project and good luck.