[PDF]BIAMP Tesira Networking Guide - Rackcdn.comc353616.r16.cf1.rackcdn.com/Biamp_Tech_Note_Separating_AVB_Networks.pdfCachedSimilar3) Configuring MAC...
0 downloads
207 Views
707KB Size
BIAMP Tesira Networking Guide
Isolating AVB networks when multiple Tesira systems are connected to a common non-AVB control network. Introduction: When two or more independent Tesira systems are connected to the same control network, one Tesira Server or Server IO becomes responsible for synchronization for the AVB network regardless of configuration. If any switch link between the separate Tesira networks is non AVB compliant, the necessary protocols for synchronization of both networks will not pass between them. Typically this condition will cause one AVB network to malfunction or not pass audio at all. Looking in the DEVICE MAINTENANCE dialog of the Tesira Software will show a yellow status indicator for the system having the trouble.
Selecting the device with the yellow status indicator and hitting the FAULTS button will show the Network audio clocks not synchronized status.
BIAMP SYSTEMS TECHNICAL SUPPORT GROUP
www.biamp.com
•
Page 1 of 12
The following figure shows an example of such a network topology.
BIAMP SYSTEMS TECHNICAL SUPPORT GROUP
www.biamp.com
•
Page 2 of 12
The remedy to this problem lies in blocking Tesira discovery packets passing between the two AVB networks such that a server on each can master its own local audio network. This can be done by employing filtering on the uplink ports. This document will address the use of MAC (hardware address) or IP based filtering to allow Ethernet packets from only a specific list of machines on the middle control network. Referring to the network diagram, the example will configure each AVB switch to allow Ethernet packets ONLY from the Common Control Terminal. The method used depends on whether the control network uses static or dynamically assigned IP addresses. If the Common Control Terminal gets a DHCP address, the MAC based filtering should be used. If the Common Control Terminal uses a static address, IP filtering will suffice. The process for enabling this filtering is as follows: 1) Finding the MAC or IP addresses of allowed machines. 2) Logging in to the switch management console. 3) Configuring MAC or IP based filtering on the uplink ports. Finding the MAC or IP address of allowed machines In the network diagram, we have one Common Control Terminal. In order to set up the filtering, we will need to know either its MAC or IP address. This can be found in the computer’s Network and Sharing Center (Windows 7 terminology).
Clicking on the Local Area Connection highlighted in blue will show the status of the connection. BIAMP SYSTEMS TECHNICAL SUPPORT GROUP
www.biamp.com
•
Page 3 of 12
Clicking on the Details button will show the Physical addresss (MAC) and IP address of the computer.
In this case the addresses are as follows: MAC 18:03:73:D2:5D:7A IP
172.16.10.116
BIAMP SYSTEMS TECHNICAL SUPPORT GROUP
www.biamp.com
•
Page 4 of 12
Logging in to The Netgear GS724T-AVB switch management console: The GS724T-AVB is a stock switch with special licensing that enables core protocols behind the IEEE standards for AVB. Without these protocols enabled, AVB will not propagate through the switch. This license is available only in switches purchased through BIAMP Systems. This switch hosts a web interface for configuration. The switch will take on a DHCP address if a server is present; else, it will take on a default IP address of 192.168.0.239. If DHCP is employed, the Smart Control Center application is used to discover the switch on the network (CDROM included in box with switch). Using either method, entering the IP address into a web browser will reveal the switch management console.
The default password for the unit is ‘password’ (entered without quotes). Next, the unit will display the system information and the other configuration menus.
Now the configuration process can begin.
BIAMP SYSTEMS TECHNICAL SUPPORT GROUP
www.biamp.com
•
Page 5 of 12
Configuring MAC or IP based filtering on the uplink ports Now the AVB switches will be configured to allow only the Common Control Terminal to make the uplink to the AVB networks. The configuration of each switch is identical in this case. If the Common Control Terminal has a dynamically assigned IP address, MAC based filtering should be used. If the Common Control Terminal has a static IP address, IP based filtering can be used. MAC based filtering In the switch configuration menu, Choose the Security tab and click on the ACL menu header.
Expand the Basic menu item and choose MAC ACL (Access Control List). In the MAC ACL table enter a name for the MAC filtering ACL and click Add in the bottom right of the configuration page.
BIAMP SYSTEMS TECHNICAL SUPPORT GROUP
www.biamp.com
•
Page 6 of 12
Verify the ACL was added
Now move to the MAC Rules menu item. Set a Permit rule 1 for the Common Control Terminal MAC address as follows. Click Add at the bottom right of the configuration menu.
Any additional permitted machines would next be added in the same manner. Note that only 10 rules can be included in one Access Control List. Rule numbers cannot be skipped and the final rule will be configured as a Deny rule as follows.
BIAMP SYSTEMS TECHNICAL SUPPORT GROUP
www.biamp.com
•
Page 7 of 12
This rule denies access to any machines not on the permit list. Click Add at the bottom right of the configuration menu. Verify that there are now permit rules for the allowed machines and a deny rule with Match Every set to True.
Now move to the MAC Binding Configuration menu item.
Expand the Port Selection table by clicking the arrow under the heading. Click on the uplink port to bind the Access Control List to that port.
BIAMP SYSTEMS TECHNICAL SUPPORT GROUP
www.biamp.com
•
Page 8 of 12
Click Apply at the bottom right of the configuration menu. Verify the settings after the refresh.
Now the uplink port will only allow traffic from the Common Control Terminal based on its MAC address. All other traffic will be blocked. The protocols necessary for the Tesira AVB network will flow freely within each independent Tesira Network and become responsible for their own synchronization.
IP Based Filtering
BIAMP SYSTEMS TECHNICAL SUPPORT GROUP
www.biamp.com
•
Page 9 of 12
In the switch configuration menu, Choose the Security tab and click on the ACL menu header.
Expand the Advanced menu item and choose IP ACL (Access Control List). In the IP ACL table enter the number 1 (if this is the first IP ACL created) for the IP filtering ACL and click Add in the bottom right of the configuration page.
Verify the IP ACL was added after the refresh
Now move to the IP Rules menu item. Set a Permit rule 1 for the Common Control Terminal IP address and Subnet Mask as follows (recall that in this example, the Common Control BIAMP SYSTEMS TECHNICAL SUPPORT GROUP
www.biamp.com
•
Page 10 of 12
Terminal address is 172.16.10.116 with subnet mask of 255.255.255.0). Click Add at the bottom right of the configuration menu.
Any additional permitted machines would next be added in the same manner. Note that only 10 rules can be included in one Access Control List. Rule numbers cannot be skipped and the final rule will be configured as a Deny rule as follows.
This rule denies access to any machines not on the permit list. Click Add at the bottom right of the configuration menu. Verify that there are now permit rules for the allowed machines and a deny rule with Match Every set to True.
Now move to the IP Binding Configuration menu item.
BIAMP SYSTEMS TECHNICAL SUPPORT GROUP
www.biamp.com
•
Page 11 of 12
Expand the Port Selection table by clicking the arrow under the heading. Click on the uplink port to bind the Access Control List to that port.
Click Apply at the bottom right of the configuration menu. Verify the settings after the refresh.
Now the uplink port will only allow traffic from the Common Control Terminal based on its IP address. All other traffic will be blocked. The protocols necessary for the Tesira AVB network will flow freely within each independent Tesira Network and become responsible for their own synchronization. Note that ANY machine on the network with this address will have access to the Tesira networks regardless of hardware (MAC) address.
BIAMP SYSTEMS TECHNICAL SUPPORT GROUP
www.biamp.com
•
Page 12 of 12
