Ah, bummer, he's never going to buy into spending any of his giant budget on networking that we've been giving him for free. And we can't afford to buy separate switches just for AV. That's why this stuff was supposed to move to a dedicated VLAN (and VRF, and firewall security zone). Also he has needs for connectivity into it via our VPN.Geiginni wrote: Wed Aug 09, 2023 8:10 pmI have very serious conversations early on with the IT infrastructure, IT systems, and IT-Sec team members, along with AV.biscuitdough wrote: Wed Aug 09, 2023 7:44 pm As the campus firewall engineer, how do I convince a donkey of an AV guy to spend time migrating his Extron stuff to the dedicated network for it, rather than forcing me to deal with it on my user networks? He is now trying to buy a bunch of Dante shit.
Not everyone should be putting their AV on the Enterprise. In fact, most client orgs should NOT be putting their AV on the enterprise. The number of moves/adds/changes and updates that occur on the enterprise do not bode well for stable AV systems. Trying to smash AV onto the enterprise usually results in pissed-off users and AV and IT teams that can't figure out what's going on and just spending time pointing the finger at each other.
We specify a lot of Netgear M4250 and M4300 switch hardware to alleviate the enterprise IT guys from having to set up and program (and maintain) standardized switches to run the protocols we require, along with figuring out VLAN allocations that will maintain port-to-port bandwidth and backplane requirements. It shouldn't fall on you guys to have to figure out where the IGMP querier should be, what multicast ports need to subscribe to which endpoints, or why your Dante, control and AV-over-IP networks shouldn't be converged on the same hardware.
The only shit that needs to touch the enterprise are the OOB ports on the AV switches that need to pass thru remote monitoring/management functions. In fact most Extron shit has air-gapped NICs for precisely this function (using GVE and GCP), and services that need access to the guest Wi-Fi for things like assistive listening (anyone not using Wi-Fi based ALS is living in the past), wireless presentation and collaboration, and Port 80 (amongst some others) to allow user-access to services outside the firewall.
We typically specify three separate stand-alone (or VLANed) AV networks in our projects: AV-over-IP, on smaller 1G PoE++ stackable switches with 10 or 40 GB SFPs to serve time-critical video and AV signal routing/transport; and larger 1GBE PoE+ switches with 10 GB SFPs to serve Dante VLAN and a separate Control VLAN. Switches get OOB ports that go to the enterprise (along with the aforementioned ALS, wireless presentation, and any other cloud-dependent user services).
We like to keep AV-over-IP and Dante separate as there are management pieces and tech-user flexibility that allows things to remain easier to manage if they're not operating alongside other network traffic (things like Dante Controller and Dante Domain Mgr, Extron NAVigator, Crestron NVX Director,etc...).
The ease of programming and friendly query driven WYSIWYG fo the Netgear M4250 and M4300 stuff should give your AV Donkey peace of mind that these are things they can handle, and should prefer to handle themselves. Giving them the budget to do so (assuming you have to buy the ports no matter who they come from), and providing sensible infrastructure convergence (providing the rackspace, patching and backbone where most practical) should help.
Thanks for your thoughtful reply, though.