Advice on implementation using 2 x cisco 300

[zerowaitstate]

Seeking advice on execution.

I am looking to isolate NDI traffic as i see that as fairly heavy and has potential to slow other control protocols, its use to push generated video to the media server.

Currently DHCP is from the modem, and pases through the to the cisco i feel this would be better if its handled by the Cisco's as if the modem craps out all is lost. if dhcp was through cisco's and the modem fails only thing lost is internet ... not the end of the world.

PC's have access to the interent, i would preffer to have them to be isolated, unless i need to allow access specificly (software updates)

im not sure if i have the concept of VLAN vs subnet masking to manage what can see each other

The colours in table and the physical set up is still to be locked down ...i have:
3 video projectors - White
2 laser projectors Yellow >> FB4's
lighting desk (arnet ) Green ?
Wing CAT 5 to console or USB usb to laptop
2 x universe from wing RED

video projectors are purely for control of source and a shutter to protect lens etc via a web or madmapper software
Beyond sits in this road case and is internally plumbed to the switch

this is a small touring rig but i am wanting it to be able to scale







Any help or advise appreciated ... happy to set up a remotes seeeion to get in to the nity gritty, also pay to pay a medest fee

 

[turbobonus-5]

Hi, So is this your current design that you are having problems with or something new you want to implement?
What is the exact model of your switches?
Are they running in L2 or L3 mode?
How many of your devices have their IP & mask statically configured vs using DHCP?
When touring, is it a requirement that you have Internet access or is it just a nice to have when the rig is at home?
If you want to use the 3rd octet of the 10.0.0.0/8 range to specify your subnets as it looks like you're doing, then your subnet mask needs to be 255.255.255.0 for each network. You have 255.255.0.0 for VLAN 1 in the spreadsheet.

If you are currently using or want to use a multi VLAN/subnet design, I think ideally your devices would use the Cisco switches as their DHCP server and therefore their default gateway, and you would then have a single port that would connect to a router and act as a DHCP client on that port to get an IP from any router/modem it's plugged into that could then provide internet access to all the other devices. You wouldn’t be able to do that with these switches as you'd need to be able to configure NAT on them which you can't do on switches generally, hence my question about whether it's a requirement or a nice to have. If you need it then you'd need to add a router/firewall device of some sort into the design, which isn’t the end of the world, a Raspberry Pi can do that perfectly well and is cheap as chips.
The reason you'd need NAT is because if your Cisco switches get an IP address of 192.168.1.87 for example from the router, and then your FB4s need Internet connectivity to update firmware, the source IP will be something on the 10.1.1.0 network, and the router/modem won't have a route to that network so the traffic will be dropped. All routers NAT all the traffic on the inside/LAN side to the outside/WAN interface IP address, so the traffic looks like it's coming from a directly connected network and so can work.

Going back to your original statement about isolation, it's not a problem having your FB4s and your video traffic on the same subnet/VLAN, even if the video traffic is using a lot of bandwidth, it's not going to have a detrimental affect on your FB4 traffic, as long as there is enough bandwidth, which I think there should be. In general the only traffic that hits all devices on the same VLAN is broadcasts, which under normal operating conditions should be really low and nothing to worry about.

Happy to help you with it over a remote screenshare session if it gets to that stage, but my general advice would be to keep it as simple as possible and only add additional subnets/VLANs if you specifically need or want them.
Is there an existing problem with the setup that you're trying to fix? Don't introduce complexity unless you need to

Sorry there's a lot of info there but it's important for me to know what your requirements are to be able to offer the right advice

 

[zerowaitstate]

Hi, So is this your current design that you are having problems with or something new you want to implement?
What is the exact model of your switches?
Are they running in L2 or L3 mode?
How many of your devices have their IP & mask statically configured vs using DHCP?
When touring, is it a requirement that you have Internet access or is it just a nice to have when the rig is at home?
If you want to use the 3rd octet of the 10.0.0.0/8 range to specify your subnets as it looks like you're doing, then your subnet mask needs to be 255.255.255.0 for each network. You have 255.255.0.0 for VLAN 1 in the spreadsheet.

If you are currently using or want to use a multi VLAN/subnet design, I think ideally your devices would use the Cisco switches as their DHCP server and therefore their default gateway, and you would then have a single port that would connect to a router and act as a DHCP client on that port to get an IP from any router/modem it's plugged into that could then provide internet access to all the other devices. You wouldn’t be able to do that with these switches as you'd need to be able to configure NAT on them which you can't do on switches generally, hence my question about whether it's a requirement or a nice to have. If you need it then you'd need to add a router/firewall device of some sort into the design, which isn’t the end of the world, a Raspberry Pi can do that perfectly well and is cheap as chips.
The reason you'd need NAT is because if your Cisco switches get an IP address of 192.168.1.87 for example from the router, and then your FB4s need Internet connectivity to update firmware, the source IP will be something on the 10.1.1.0 network, and the router/modem won't have a route to that network so the traffic will be dropped. All routers NAT all the traffic on the inside/LAN side to the outside/WAN interface IP address, so the traffic looks like it's coming from a directly connected network and so can work.

Going back to your original statement about isolation, it's not a problem having your FB4s and your video traffic on the same subnet/VLAN, even if the video traffic is using a lot of bandwidth, it's not going to have a detrimental affect on your FB4 traffic, as long as there is enough bandwidth, which I think there should be. In general the only traffic that hits all devices on the same VLAN is broadcasts, which under normal operating conditions should be really low and nothing to worry about.

Happy to help you with it over a remote screenshare session if it gets to that stage, but my general advice would be to keep it as simple as possible and only add additional subnets/VLANs if you specifically need or want them.
Is there an existing problem with the setup that you're trying to fix? Don't introduce complexity unless you need to

Sorry there's a lot of info there but it's important for me to know what your requirements are to be able to offer the right advice

This is my current implementation - Building out over the last 6 months.

Currently DHCP is provided by a Telstra (Australian ISP) modem (sitting on failover to to 5G SIM for internet) in a 192.168.0.x format

The Cisco's are a Cisco SG300-10PP and basicly dumb switches at this point While they are EOL they were effectivly free. I feel confident OLD cisco is better than new domestic switches with higher price tags attached.

https://www.cisco.com/c/en/us/products/collateral/switches/small-business-smart-switches/data_sheet_c78-610061.html

The excel above is asperational and based on the pangolin networking document https://wiki.pangolin.com/doku.php?id=beyond:system_and_networks&s[]=network

If there is some conventions to follow im not against following them

I did feel the NDI needed to on a seperate VLAN but from your advice this may be miguided

What do i really want? :

I Feel the default should be no Internet to be safe from random upgrades or virus, im happy to have it only at home .... but if it easy enough to configure via NAT i have experience stiiting at an event and pulling stuff from pangolin cloud (not common but has happened

I like DHCP so i can just ADD an item to the netowrk

I need video projecotrs to allways be the same IP ( figure this can be DHCP resevation with a MAC address) just plug in the right colour cable to right colourd port (web interface to via http / shortcut on desktop)

I want FB4 just to plug in - again this can be handled by reservation and MAC, beyond is smart enough to just see the FB4 and work

I have a fair bit of software that talks to each other and like to have IP that arnt changing all the time

Onyx Console
Capture visulisation - NDI
Beyond Advanced - laser
Arkaos - media server NDI
Mad mapper - projeciton mapping NDI
Resolume - media server NDI
Next Drop - reactive visuals NDI
Synethsisia - NDI
Light Form - NDI

I will fire up unit tomorrow and establish if its Layer 1 / Layer 2 configuration

Regards NAT i will check the interface and see if it is supported or NOT

Thanks for your feed back

 

[turbobonus-5]

Having thought about this more, if you intend on taking this rig out from your home, then you will almost certainly need to move the DHCP server functionality onto the Cisco else how else will all your devices get an IP in the absence or your Telstra router? FB4s and your Beyond laptop are fine, they find each other without you needing to add any IP info, but your other eqpt I would guess you need to know what the IP address is of at least some of it so in that case I would choose a single subnet (eg 10.1.69.0/24) and create a DHCP pool from for example 100-150 for the last octet, and then use the address space above and below that range for devices that you statically configure the IP/mask on - the point being you can use a combination of DHCP and statically configured devices on the same subnet/network. Or you can do DHCP reservation using MAC addresses but it's easier to just statically IP them

If you don't need the devices to have internet access, configure the Cisco to assign IP and mask, but no gateway. The default would be to configure the Cisco as the default gateway but if it's not going to the internet then any traffic that gets sent to it will be black holed/dropped. The advantage of this is also that your Beyond laptop can talk to everything on your production LAN using the ethernet port but still have internet access via the WiFi. If you use DHCP to configure both your WiFi and Ethernet ports, the default route via the Ethernet port will take precedence by default and if the Cisco was your default gateway you'd have no internet access.

If you do need the devices to have internet access then you'd need to connect a router/firewall device of some sort into an L3 port on the Cisco - Raspberry Pi or any old second hand home broadband router that you can administer will do.

I've looked up NDI traffic, It's all unicast so what I said previously about it being on the same VLAN/subnet and there being no issues still stands. The other thing that would change that would be if you started using any multicast apps. The only reason I mention this is because I was watching this video recently https://www.youtube.com/watch?v=cQj-0S6ZWJE and noticed the destination address for something to do with Depence R3 was multicast so just bear that in mind. If you start using something that uses multicast as a fundamental part of it's functionality, then you may need to reconsider the design.