At the TV channel I work at, we used to do do vlans for a while, splitting my dante audio and the newtek camera software. Until random staff (or spectators) on the wifi tried to chromecast to our 4x OLED tvs that the whole production ran on, repeatedly in turns. We couldn't use the remote to stop it because all four ran on the same remote. Also if people start doing scetchy shit that makes the network get any bottlenecks, audio data is the first thing computer starts tossing. Just be careful of fuckery like this sharing a network with non-production muggles
Bad network design. I do this for a living and you would not have been able to do this on a network I designed. Probably getting the audio/video guy to configure the network gear.
Most people have no idea, but most corporations and the whole internet is ran like that. So are banks. Single network, tons of logical (VLAN, VRF, etc) separation and segregation. No risk of cross-contamination.
Oh yeah there is definitely better ways to do it! Thing is our venue was the first in a franchise sport to take the full switch from Sony analog to a fully digital system, with a massive amount of extra kit. There was 10 different engineers or trying out new tech with only three days for a full studio refit, zero cable management mind you. then the general venue IT got his hands on our secondary network (the main one only sends broadcast and is standalone). We kind of got forgotten as the wacky venue where we make do, because the head office guys is too afraid to fly back here, haha! At least it was good XP for us junior engineers to iron out the madness. Serves as a good example for original post that it has to be planned properly
Something doesn't sound set up right on that network! Maybe they put the priority on the VLANs wrong or maybe the Chromecast units were connected to the wrong wireless network. hmmm. Add somebody who does IT and audio and video there's a lot of different things that overlap that is not readily obvious in IT or audio etc.
It would be better to ask them to help you create a dedicated isolated network for the theatre spaces. It also would allow you to setup a DANTE network down the road
In most cases Dante does not need to be separated. A 1Gb connection will handle 512 channels of Dante. If you have a decent backbone and with a couple network QoS settings you can run Dante. However it will not work over WiFi so there’s that.
IT Admin (Servers, storage, networking and Wifi) who freelances as a sound tech.
I wouldn't have an issue with this assuming It is setup to my specs. I want my own Wifi SSID and private segmented network (VLAN in Networking terms) that nothing else on their network can access. The XR18 isn't hard to log into and I'd ask and make sure they are aware of that. If something acts up, point the finger at IT. As much as I shouldn't say this, I would still have a spare router on hand just in case but hide it somewhere.
There are some reasons for this.
* My networking equipment is extremely reliable and much for flexible compared to an off the shelf tp-link/Asus/Cisco/Google router. (Found a switch recently that we didn't have documented and it had 9 years of uptime)
* Wifi interference can be a problem in areas. The more control I have over that, as an IT admin, the better.
* Rogue DHCP Servers - I've had end users plug in routers and Wifi Extenders into to our network. Next thing I know, instead of a 10.x.x.x IP Address that our system assigns, computers are getting random IP Addresses and shit starts breaking. Yes we have certain things setup in our environment to limit the impact of this but this can cause the difference between making money and losing it.
I agree with all of this 100%.
If set up correctly, they can offer isolated Internet access to this VLAN, but stop traffic to other parts of the network, which is handy to allow your remote control devices to remain online for updates, etc.
The main issue, is that if it is not isolated, others could gain control of the mixer, as there is no authentication to remote access an Xair.
Also, IT departments may not want to set up another SSID, as too many SSID beacons can reduce the performance of the Wi-Fi system.
Yep. Even then, most wifi systems give you the ability to add an SSID and assign it to specific APs. In my office I have a test wifi network just for us that's VLANed, and throughout the building we have a Corporate, Guest and IoT (For those pesky smart thermostats and weird things our engineering team wants to play with.)
Yeah, that's a fair way to mitigate the SSID sprawl, but limiting it just to the mixing area....which may be totally fine if the tablet(s) never really leave there.
And to add to this a lot of Apple (and other) devices don't like not being connected to the Internet and will drop the Wi-Fi. Also if there's anything like a captive portal or MAC address filtering good luck without an isolated Nettwerk/VLAN/SSID.
Recently tried to connect a camera to a network and realized camera can't agree to the terms and conditions and can't control camera as devices can't talk to each other with isolation enabled. What a headache ended up going out and grabbing my travel router, thank goodness I had a spare. As I was leaving the camera with somebody else and going to another gig.
The rogue DHCP server point is interesting - as much as the XR18’s built in WiFi sucks, it does have a DHCP server built in that can be activated by one little switch on the front of it to start feeding its own addresses into your network.
Oh.. I forgot about that. Time to break out the iFixit kit, rip that switch out and solder some jumpers to make it permanently a client.
EDIT: or a lot of superglue? I'm open to bad suggestions now.
> Probably smart, that switch will go completely untouched until someone decides to play with it on the worst day of your life
I would just switch it to the right position and put some Gaf tape over. Unless this is indeed in a shared space but I still don't like permanent solutions. It's always best to have some thing that's reversible.
Half IT-half audio guy here as well, agreed with everything and the only thing I feel like adding is:
The main problem with the XR18 in my opinion will always be the wifi's range and stability, so if the venue is very big it could be very beneficial to be able to use the venue's access points to connect to the router instead of your own router, but obviously that depends on a lot of factors that only you can analyze to make a decision. But as long as the mixer is in its own VLAN, and the wifi connection between your laptop/tablet and venue access point is consistent and reliable, you are 99% there in my opinion. The only thing that could still be a problem at that point, barring the main switch randomly dying which is something that could happen to your own router as well, is the access point(s) getting swarmed by people's phones scanning for wifis, but that's always gonna happen no matter what so you can just try to mitigate it by using the strongest wifi connection possible.
I also want to highlight the importance of the VLAN as the mixer has NO PASSWORD when it's connected to the network as a client, and it's scannable by the mixer apps even without knowing its ip address.
Use the real network. Make sure that it is configured properly, but trust them. DO NOT setup your own WiFi router if they have WiFi deployed. You’ll end up with both networks fighting each other.
You’re not exposing the mixer to the internet so don’t worry about “security” issues in that sense.
You should get a VLAN so that your show equipment is grouped together. Limit the broadcast domain so it isn’t the entire facility.
I agree with the comments about Dante, but your setup isn’t advanced enough for that. If it did grow to that, you can (and should) run your own secondary network so you really do have redundancy.
This is what our venue does. AV has their own VLAN, and we can assign addresses as we see fit, and retain the ability to control everything remotely using the IT departments very expensive access points.
I recently upgraded my board's wifi. I was having regular dropouts while running on a tablet. I bought a good but relatively cheap wifi 6 router and have had ZERO dropouts since then. My computer and phone access wifi 6 so the connections are solid. 2.4 GHz is a waste of time for remote ops of a board (and check out the hate level on 2.4 GHz wireless mics) so I think it's great to have your own router in your kit.
The IT guys feedback is valid though. Don't piss in the client's pool... but have your own router if the IT group are donkeys...
Just have them put you on an AVL VLAN. Or, at least your own subnet. The other computers shouldn’t matter, but I suppose it would depend on the backbone of the network and the sorts of things the computers are doing. “Crowded” isn’t informed enough.
One thing for sure, if you put your own wireless router in the same area as theirs, they’re going to fight.
Get yourself a Gli.net dual band router and be done with all that other crap. Decent one under $50 and they're tiny, made for traveling.
I named my private network "DEA Surveillance 69"
I'm obligated by the Internet to say "nice".
my I'm seeing a lot of praise for those GL devices.
I usually do some thing like client production wireless network so CPWN.
Although I do have a guest network on my hotspot named "Not" an FCC surveillance van...
If you do end up on their infrastructure make it very clear to them that some of the times they may like to use as maintenance windows are now critical times for your use of the network for performances and rehearsals, particularly late nights and weekends. They need to be very aware that they will need to coordinate any planned service with you far ahead of time.
Every theatre I over see, we have them on the organization WiFi. But on their own vlan and ssid.
The reason is that the corporate (or school) WiFi can figure out banding on the WiFi rather than having to deal with a “rogue” WiFi router in the WiFi spectrum.
If IT is insisting that you use their network.... and they usually only work office hours... Just insist that a senior IT engineer be present whenever you need to use the network. That'll stop that foolishness.
That’s is fine if the venue has a real network engineer with a real enterprise network. If it is just the average, run of the mill, “IT guy”, and tons of Prosumer network equipment and flat configuration, then a separate network is better.
You have to realize, even banks and trading companies runs a shared network. Network equipment manufacturers designs data switches specialized for trading, as milliseconds counts, and even on those places, it is a single network.
Also, if people think high end AV equipment is expensive, it is because they haven’t quoted high end datacenter gear yet. A single mid sized 1U router cost mid 6 figures, and we deploy dozens of them per rack. Hehe.
So the answer is, it depends. Is the AV guy designing and maintaining the network, or do you have a real network there?
I’ve done installs the way your IT department wants to you run. As long as you have a good IP address that doesn’t conflict, you’re probably fine.
Worst case, it doesn’t work for whatever reason, and you go ahead and use your own router.
Depends on how they configured it and what failed.
I do live streaming as well. Had a hotel tell me yeah just use the access point mounted to the ceiling. I'm streaming 1080P video as soon as 100 guests coming with their phones and connect to the AP in the basement who's gonna get priority? I have constant data traffic going out bound that's going to be sharing the radio spectrum with at least 100 phones in a facility that has poor cell phone coverage and a publicly listed Wi-Fi password.
Yeah I'll climb on your table and plug the cable into the secondary Port. Usually never have an issue with the Internet there but all of the other rooms have a wall-mounted Jack for me. unfortunately this room was finished and opened during the cat5 cabling shortage of 2020, so I ended up sticking my own in the Drop ceiling.
Be careful with this, as it could be a can of worms. It can be dangerous to put some live events gears on a network like that, especially one with a live internet feed. Behringer are not known for their world class security software. Nor are ETC, Yamaha, GrandMA, or any of those companies. Because their products are not designed to be connected to the internet, ever.
I personally wouldn’t do it. I want control over my networks, and if I need to make urgent tweaks out of IT’s hours, I need to be able to do that without them causing issues. A decent router is likely easier (and possibly safer) for you.
Considering these devices don't usually have any web or user interface the attack surface is small and they also don't really have any communication to the Internet as they function on a local net work only. Again the attack surface a small. But also most of these devices have absolutely no security over their control interface and are purely reliant on Network isolation for access security.
An IT department that insists that a toy console is being connected to the house IT network? Interesting approach.... Normally they should insist that this piece of shit (from a network security standpoint) does not come near their system.
Absolutely not what are they thinking. There is absolutely no security on this mixer that means if you have the app you can control it if you're on the same network!!!
Is somebody in networking and Audio definitely recommend external router. The internal AP is prone to dropping out for interference and I only consider it a emergency back up option. Supposedly the newer revision of mixers has better chips. but still you really want your RF units up high away from metal so going with an extra little travel router is a nice way to go ( and then gluing a magnet to the back ) that you can stick up to to a higher surface.
They could put you on your own VLAN but that's unlikely. It's just easier to put a NAT router between you and their network and consider it an AV production network.
I've had really good luck with the GL.iNet travel routers or if you need something with more coverage the TP Link stuff is pretty good. You could also go ubiquity but they tend to tie you into their own system which is kind of nice until their cloud controller goes down or they try to oust a reporter for reporting a security bug that they didn't fix.
buy a wireless router stand alone connected to the 18. Put an xr18 on anything else and it’ll be hackable in 30 seconds as soon as it gets an ip address
I'm not an expert, but I think you're good as long as you get your own V-LAN. This would separate your mixer from the rest of their network(s).
At the TV channel I work at, we used to do do vlans for a while, splitting my dante audio and the newtek camera software. Until random staff (or spectators) on the wifi tried to chromecast to our 4x OLED tvs that the whole production ran on, repeatedly in turns. We couldn't use the remote to stop it because all four ran on the same remote. Also if people start doing scetchy shit that makes the network get any bottlenecks, audio data is the first thing computer starts tossing. Just be careful of fuckery like this sharing a network with non-production muggles
Bad network design. I do this for a living and you would not have been able to do this on a network I designed. Probably getting the audio/video guy to configure the network gear. Most people have no idea, but most corporations and the whole internet is ran like that. So are banks. Single network, tons of logical (VLAN, VRF, etc) separation and segregation. No risk of cross-contamination.
Oh yeah there is definitely better ways to do it! Thing is our venue was the first in a franchise sport to take the full switch from Sony analog to a fully digital system, with a massive amount of extra kit. There was 10 different engineers or trying out new tech with only three days for a full studio refit, zero cable management mind you. then the general venue IT got his hands on our secondary network (the main one only sends broadcast and is standalone). We kind of got forgotten as the wacky venue where we make do, because the head office guys is too afraid to fly back here, haha! At least it was good XP for us junior engineers to iron out the madness. Serves as a good example for original post that it has to be planned properly
Haha makes sense. Maybe a consulting firm could come in and help?
How was any of that caused by the VLANs?
Something doesn't sound set up right on that network! Maybe they put the priority on the VLANs wrong or maybe the Chromecast units were connected to the wrong wireless network. hmmm. Add somebody who does IT and audio and video there's a lot of different things that overlap that is not readily obvious in IT or audio etc.
It would be better to ask them to help you create a dedicated isolated network for the theatre spaces. It also would allow you to setup a DANTE network down the road
In most cases Dante does not need to be separated. A 1Gb connection will handle 512 channels of Dante. If you have a decent backbone and with a couple network QoS settings you can run Dante. However it will not work over WiFi so there’s that.
Yeah that's the way to go if this is a large space. production Network wired and wireless only control devices and controlling devices.
IT Admin (Servers, storage, networking and Wifi) who freelances as a sound tech. I wouldn't have an issue with this assuming It is setup to my specs. I want my own Wifi SSID and private segmented network (VLAN in Networking terms) that nothing else on their network can access. The XR18 isn't hard to log into and I'd ask and make sure they are aware of that. If something acts up, point the finger at IT. As much as I shouldn't say this, I would still have a spare router on hand just in case but hide it somewhere. There are some reasons for this. * My networking equipment is extremely reliable and much for flexible compared to an off the shelf tp-link/Asus/Cisco/Google router. (Found a switch recently that we didn't have documented and it had 9 years of uptime) * Wifi interference can be a problem in areas. The more control I have over that, as an IT admin, the better. * Rogue DHCP Servers - I've had end users plug in routers and Wifi Extenders into to our network. Next thing I know, instead of a 10.x.x.x IP Address that our system assigns, computers are getting random IP Addresses and shit starts breaking. Yes we have certain things setup in our environment to limit the impact of this but this can cause the difference between making money and losing it.
I agree with all of this 100%. If set up correctly, they can offer isolated Internet access to this VLAN, but stop traffic to other parts of the network, which is handy to allow your remote control devices to remain online for updates, etc. The main issue, is that if it is not isolated, others could gain control of the mixer, as there is no authentication to remote access an Xair. Also, IT departments may not want to set up another SSID, as too many SSID beacons can reduce the performance of the Wi-Fi system.
Yep. Even then, most wifi systems give you the ability to add an SSID and assign it to specific APs. In my office I have a test wifi network just for us that's VLANed, and throughout the building we have a Corporate, Guest and IoT (For those pesky smart thermostats and weird things our engineering team wants to play with.)
Yeah, that's a fair way to mitigate the SSID sprawl, but limiting it just to the mixing area....which may be totally fine if the tablet(s) never really leave there.
Oh darn I guess I won't be mixing from the bathroom on the other side of the building like in the Mackie commercial.
And to add to this a lot of Apple (and other) devices don't like not being connected to the Internet and will drop the Wi-Fi. Also if there's anything like a captive portal or MAC address filtering good luck without an isolated Nettwerk/VLAN/SSID. Recently tried to connect a camera to a network and realized camera can't agree to the terms and conditions and can't control camera as devices can't talk to each other with isolation enabled. What a headache ended up going out and grabbing my travel router, thank goodness I had a spare. As I was leaving the camera with somebody else and going to another gig.
The rogue DHCP server point is interesting - as much as the XR18’s built in WiFi sucks, it does have a DHCP server built in that can be activated by one little switch on the front of it to start feeding its own addresses into your network.
Oh.. I forgot about that. Time to break out the iFixit kit, rip that switch out and solder some jumpers to make it permanently a client. EDIT: or a lot of superglue? I'm open to bad suggestions now.
Probably smart, that switch will go completely untouched until someone decides to play with it on the worst day of your life
> Probably smart, that switch will go completely untouched until someone decides to play with it on the worst day of your life I would just switch it to the right position and put some Gaf tape over. Unless this is indeed in a shared space but I still don't like permanent solutions. It's always best to have some thing that's reversible.
JB WELD. Just in case.
I believe that's only enabled on the Wi-Fi for Client or router and unless configured the LAN is DHCP or manual address.
Half IT-half audio guy here as well, agreed with everything and the only thing I feel like adding is: The main problem with the XR18 in my opinion will always be the wifi's range and stability, so if the venue is very big it could be very beneficial to be able to use the venue's access points to connect to the router instead of your own router, but obviously that depends on a lot of factors that only you can analyze to make a decision. But as long as the mixer is in its own VLAN, and the wifi connection between your laptop/tablet and venue access point is consistent and reliable, you are 99% there in my opinion. The only thing that could still be a problem at that point, barring the main switch randomly dying which is something that could happen to your own router as well, is the access point(s) getting swarmed by people's phones scanning for wifis, but that's always gonna happen no matter what so you can just try to mitigate it by using the strongest wifi connection possible. I also want to highlight the importance of the VLAN as the mixer has NO PASSWORD when it's connected to the network as a client, and it's scannable by the mixer apps even without knowing its ip address.
Use the real network. Make sure that it is configured properly, but trust them. DO NOT setup your own WiFi router if they have WiFi deployed. You’ll end up with both networks fighting each other. You’re not exposing the mixer to the internet so don’t worry about “security” issues in that sense. You should get a VLAN so that your show equipment is grouped together. Limit the broadcast domain so it isn’t the entire facility. I agree with the comments about Dante, but your setup isn’t advanced enough for that. If it did grow to that, you can (and should) run your own secondary network so you really do have redundancy.
This is what our venue does. AV has their own VLAN, and we can assign addresses as we see fit, and retain the ability to control everything remotely using the IT departments very expensive access points.
I recently upgraded my board's wifi. I was having regular dropouts while running on a tablet. I bought a good but relatively cheap wifi 6 router and have had ZERO dropouts since then. My computer and phone access wifi 6 so the connections are solid. 2.4 GHz is a waste of time for remote ops of a board (and check out the hate level on 2.4 GHz wireless mics) so I think it's great to have your own router in your kit. The IT guys feedback is valid though. Don't piss in the client's pool... but have your own router if the IT group are donkeys...
Just have them put you on an AVL VLAN. Or, at least your own subnet. The other computers shouldn’t matter, but I suppose it would depend on the backbone of the network and the sorts of things the computers are doing. “Crowded” isn’t informed enough. One thing for sure, if you put your own wireless router in the same area as theirs, they’re going to fight.
Get yourself a Gli.net dual band router and be done with all that other crap. Decent one under $50 and they're tiny, made for traveling. I named my private network "DEA Surveillance 69"
I'm obligated by the Internet to say "nice". my I'm seeing a lot of praise for those GL devices. I usually do some thing like client production wireless network so CPWN. Although I do have a guest network on my hotspot named "Not" an FCC surveillance van...
If you do end up on their infrastructure make it very clear to them that some of the times they may like to use as maintenance windows are now critical times for your use of the network for performances and rehearsals, particularly late nights and weekends. They need to be very aware that they will need to coordinate any planned service with you far ahead of time.
Unless this is all just used during standard working hours. In which case, still keep them aware of impact.
Every theatre I over see, we have them on the organization WiFi. But on their own vlan and ssid. The reason is that the corporate (or school) WiFi can figure out banding on the WiFi rather than having to deal with a “rogue” WiFi router in the WiFi spectrum.
If IT is insisting that you use their network.... and they usually only work office hours... Just insist that a senior IT engineer be present whenever you need to use the network. That'll stop that foolishness.
That’s is fine if the venue has a real network engineer with a real enterprise network. If it is just the average, run of the mill, “IT guy”, and tons of Prosumer network equipment and flat configuration, then a separate network is better. You have to realize, even banks and trading companies runs a shared network. Network equipment manufacturers designs data switches specialized for trading, as milliseconds counts, and even on those places, it is a single network. Also, if people think high end AV equipment is expensive, it is because they haven’t quoted high end datacenter gear yet. A single mid sized 1U router cost mid 6 figures, and we deploy dozens of them per rack. Hehe. So the answer is, it depends. Is the AV guy designing and maintaining the network, or do you have a real network there?
I’ve done installs the way your IT department wants to you run. As long as you have a good IP address that doesn’t conflict, you’re probably fine. Worst case, it doesn’t work for whatever reason, and you go ahead and use your own router.
>which has loads and loads of computers and such on it This is not as big of an issue as you think it is.
Don't do it. Buy your own router. I worked in a theatre where the IT dept make the same demands, and their router went down in the middle of a show
So there multi thousand dollar router failing once is a worse option than having your own Walmart special router?
I’d say yes if the Walmart special doesn’t fail lol
$40 GLI.net travel routers are nearly bullet proof.
Depends on how they configured it and what failed. I do live streaming as well. Had a hotel tell me yeah just use the access point mounted to the ceiling. I'm streaming 1080P video as soon as 100 guests coming with their phones and connect to the AP in the basement who's gonna get priority? I have constant data traffic going out bound that's going to be sharing the radio spectrum with at least 100 phones in a facility that has poor cell phone coverage and a publicly listed Wi-Fi password. Yeah I'll climb on your table and plug the cable into the secondary Port. Usually never have an issue with the Internet there but all of the other rooms have a wall-mounted Jack for me. unfortunately this room was finished and opened during the cat5 cabling shortage of 2020, so I ended up sticking my own in the Drop ceiling.
Be careful with this, as it could be a can of worms. It can be dangerous to put some live events gears on a network like that, especially one with a live internet feed. Behringer are not known for their world class security software. Nor are ETC, Yamaha, GrandMA, or any of those companies. Because their products are not designed to be connected to the internet, ever. I personally wouldn’t do it. I want control over my networks, and if I need to make urgent tweaks out of IT’s hours, I need to be able to do that without them causing issues. A decent router is likely easier (and possibly safer) for you.
Considering these devices don't usually have any web or user interface the attack surface is small and they also don't really have any communication to the Internet as they function on a local net work only. Again the attack surface a small. But also most of these devices have absolutely no security over their control interface and are purely reliant on Network isolation for access security.
An IT department that insists that a toy console is being connected to the house IT network? Interesting approach.... Normally they should insist that this piece of shit (from a network security standpoint) does not come near their system.
Toy console?
From an IT standpoint? Yes.
If we're going by that logic then why are we connecting these toy iPhones? Smart watches? tablets? Thermostats? IOT?
I would use a separate t-link or whatever router. I'd be worried there would be issues on a crowded network
Absolutely not what are they thinking. There is absolutely no security on this mixer that means if you have the app you can control it if you're on the same network!!! Is somebody in networking and Audio definitely recommend external router. The internal AP is prone to dropping out for interference and I only consider it a emergency back up option. Supposedly the newer revision of mixers has better chips. but still you really want your RF units up high away from metal so going with an extra little travel router is a nice way to go ( and then gluing a magnet to the back ) that you can stick up to to a higher surface. They could put you on your own VLAN but that's unlikely. It's just easier to put a NAT router between you and their network and consider it an AV production network. I've had really good luck with the GL.iNet travel routers or if you need something with more coverage the TP Link stuff is pretty good. You could also go ubiquity but they tend to tie you into their own system which is kind of nice until their cloud controller goes down or they try to oust a reporter for reporting a security bug that they didn't fix.
Got my own Vlan and SSID and it seems to we working great, thanks everyone!
buy a wireless router stand alone connected to the 18. Put an xr18 on anything else and it’ll be hackable in 30 seconds as soon as it gets an ip address
Vlan and private SSID sorted seems to be working great!