AV Police Squad

By The Power Of VLAN!

I always saw products with dual NIC cards as a way to protect the client’s LAN from the devices that might not be approved to reside on their network. The first port would reside on the client LAN, so they can remote into the device and have all the access they require. The second port would allow the device to communicate to the other local devices with network ports that didn’t need remote access from a user. In practice, this meant that the first port went to some really fancy, managed network switch that belonged to the client, and the second port went to some rinky-dink switch the tech had lying around to allow the AV devices to communicate with each other within the room.

You could imagine my surprise when I found both network ports of a device connected to the really fancy, managed network switch. I thought there had been some mistake. I’ve seen those memes that purport to have found infinite power by plugging the cord of a power strip into itself.

I asked the installer how connecting both NIC cards to the same switch could be allowed in this system.

His reply: “By the power of VLANs.”

Not only was that an epic, He-Man-like reply, but it woke me up to the power of switches. I constantly talk about the limitations of wire-map drawings for audio DSP mixers, and how there is so much configuration beyond the cables that you cannot discern what is going on “under the hood” just by looking at the cables connected to the device. At that point in my career, I didn’t realize the same could be true for network switches. Just because two devices are connected to the same switch does not mean they are on the same network…not by a long shot.

My friend continued, “There is no way I’m spending $1,200 for a managed network switch and not taking full advantage of it. I’ve got Gigabit ports, port mirroring, PoE+, IP base, 2x 10 GE uplinks…. This here is a fancy switch!”

The first ethernet port on his control system was on a separate VLAN from the second. Funny enough, there was a cheapy switch connected to a different port that was on the same VLAN as the second “AV-only” port of the control system. I asked about that.

My friend replied, “There is no way I’m spending $1,200 on a second managed network switch [or larger switch] for some simple control protocols. They all pass information through the fancy switch anyway. I’m covered.”

It was a brilliant solution. He took advantage of the managed switch with a high price per port, and was still able to leverage its management tools with an inexpensive unmanaged switch to pass information to the “AV network” that had a significantly lower price per port. The topology was well thought out and purposeful.

As an industry, we do not exploit the power of VLANs nearly enough. We talked about local VLANs on one switch, but VLANs can span multiple switches, so we can guide our clients to standardize on AV VLANs IDs. This would allow for more efficient and safe AV network traffic throughout their building or campus. VLANs could be assigned for AV control, streaming, Dante audio, etc.

VLANs are not the answer to everything, of course. You would not want to put redundant NIC cards on the same switch. For example, if your client requires redundant Dante networks, it wouldn’t be a good idea to connect the Primary and Secondary Dante ports to the same switch on different VLANs. The redundancy should include switch failure, not just cabling or port failure.

I learned a powerful lesson that day. VLANs transformed what I always assumed was fairly straightforward technology (send this information to this port or all ports) into something more complex, useful, capable and mysterious. Clearly, this is similar to how Teela, even though she was the Sorceress’ daughter, thought Prince Adam was lazy and cowardly, despite the fact that his alter ego was Master of the Universe.

And, my reader friends, just like Prince Adam, by the power of VLANs…you too have the power!

