Unifi managed network switch

[Donald]

So I had setup a Unifi managed network at church with managed switches and WIFI access points. I separated stuff onto 8 VLANs and used VLAN tagging on a port to push some wire down and then devices to specific VLANs.

The church hired a company that does network, video, sound and theater lighting to upgrade some video equipment. The video equipment connects to the network.

This company replaced a Unifi managed switch as they needed more switch ports. So many devices ended up in a default VLAN rather than the intended VLAN. Since no VLAN tagging on a port.

My feeling is any company that knows anything about networking should have realized they should not replace a managed switch with an unmanaged switch. Assume the managed switch is doing more than just plain network switching.

And probably a bad idea to make changes after a rehearsal so any surprises will show up during the Sunday service.

I work for a large corporation in IT and we have a lot of rules about system changes, most are annoying but there are reasons why you coordinate and test changes and have a blackout plan.

I am kind of expecting the in-ear monitors for the musicians not to work on Sunday.

I emailed people saying the company messed up the network. I guess they don't understand as no one has replied.

Call me FRUSTRATED.

 

[Rand]

Half-way done job.. about the normal in today's world.

ps half-way is replacing the word I would normally use.

Most people don't appreciate the work you do to make everything work and keep it working..
since its nearly invisible to them.

 

[tburke]

As the one who built the network, the church should've involved you with the AV company's implementation to ensure all is good from a network standpoint, instead of just mindlessly swapping out equipment...

 

[OVERKILL]

So I had setup a Unifi managed network at church with managed switches and WIFI access points. I separated stuff onto 8 VLANs and used VLAN tagging on a port to push some wire down and then devices to specific VLANs.

The church hired a company that does network, video, sound and theater lighting to upgrade some video equipment. The video equipment connects to the network.

This company replaced a Unifi managed switch as they needed more switch ports. So many devices ended up in a default VLAN rather than the intended VLAN. Since no VLAN tagging on a port.

My feeling is any company that knows anything about networking should have realized they should not replace a managed switch with an unmanaged switch. Assume the managed switch is doing more than just plain network switching.

And probably a bad idea to make changes after a rehearsal so any surprises will show up during the Sunday service.

I work for a large corporation in IT and we have a lot of rules about system changes, most are annoying but there are reasons why you coordinate and test changes and have a blackout plan.

I am kind of expecting the in-ear monitors for the musicians not to work on Sunday.

I emailed people saying the company messed up the network. I guess they don't understand as no one has replied.

Call me FRUSTRATED.

Unfortunately, often the "video/sound/lighting" is the real focus in these operations and "network" means they can run cable and plug in some unmanaged switches or consumer-grade gateways from one of their video/sound/lighting vendors like Luxul or similar. I do some side work periodically for a local outfit that's in that space and thankfully they are smart enough to know their limitations and sub-out. They'd have involved you in this setup, but I'm not surprised that the company in this case didn't.

From your description, it sounds like this may be a "lessons learned" opportunity for your church who will know to ensure that you are engaged on anything like this in the future.

 

[wwillson]

My feeling is any company that knows anything about networking should have realized they should not replace a managed switch with an unmanaged switch.

That's simply unprofessional. For them to assume they could replace a switch with any other switch is ignorance and not inquiring is laziness at best. Why wouldn't they order another Ubiquiti switch and stack them?

What are you going to do now?

 

[Donald]

Unfortunately, often the "video/sound/lighting" is the real focus in these operations and "network" means they can run cable and plug in some unmanaged switches or consumer-grade gateways from one of their video/sound/lighting vendors like Luxul or similar. I do some side work periodically for a local outfit that's in that space and thankfully they are smart enough to know their limitations and sub-out. They'd have involved you in this setup, but I'm not surprised that the company in this case didn't.

From your description, it sounds like this may be a "lessons learned" opportunity for your church who will know to ensure that you are engaged on anything like this in the future.

Well with a new hardware encoder and whatever else they installed they were unable to show any pre-recorded videos, or graphics. The stream froze a few times and ended in the middle of a song. So much worse than when they did everything in an iMac.

Not sure they will learn any lessons. They need to hire someone who understands video production part time. The graphics person is trying to handle video production but is over their head.

The church is top down leadership style. (Not a fan of that but that's a whole other story). I am a member & volunteer running the soundboard one or two Sundays a month. I just happen to have a few (49) years of large systems computer and networking experience.

And the company that did all the work is all into audio & video and lighting. Their website does not mention networking. When they ran prior CAT6 cable they used my Fluke cable analyzer. They don't have one. They have a $50 network cable tester.

 

[Pew]

I don't know how a church operates as far as operations go but why didn't they coordinate with you about this? If a switch needed to be replaced I would hope that company would get ahold of you first and lay out the initial and revision plans.

 

[OVERKILL]

I don't know how a church operates as far as operations go but why didn't they coordinate with you about this? If a switch needed to be replaced I would hope that company would get ahold of you first and lay out the initial and revision plans.

This is not surprising unfortunately. "Hey, we had Fred from Berber Light and Sound in and he added a new amp and said he had to replace the network switch and now none of our phones work." Fred removes a $10K Cisco L3 switch and replaces it with a $50 D-Link from Best Buy because his equipment wouldn't work on the random port he plugged it into that happened to be on the printer VLAN.

 

[Donald]

This is not surprising unfortunately. "Hey, we had Fred from Berber Light and Sound in and he added a new amp and said he had to replace the network switch and now none of our phones work." Fred removes a $10K Cisco L3 switch and replaces it with a $50 D-Link from Best Buy because his equipment wouldn't work on the random port he plugged it into that happened to be on the printer VLAN.

That's close.

 

[Donald]

Having a unmanaged switch in the network is also annoying in the many displays on the Unifi management software don't show accurate information.

 

[mk378]

Generally you give them one port as the bridge between Their Stuff and The Rest Of the World, and firewall the snot out of that network.

 

[OVERKILL]

That's close.

It's like I've been in your shoes before

 

[OVERKILL]

Generally you give them one port as the bridge between Their Stuff and The Rest Of the World, and firewall the snot out of that network.

Yup, toss them on their own isolated VLAN and lock that *bleep* down.

 

[TumblrDucks]

So I'm still a newbiw learning CCNA, wondering what vlan setting is on soho all-in-one devices?
If I did anything mentioned in posts above I will get fired in no time lol.

 

[OVERKILL]

So I'm still a newbiw learning CCNA, wondering what vlan setting is on soho all-in-one devices?
If I did anything mentioned in posts above I will get fired in no time lol.

Depends on who wrote the firmware. Busybox (which is what most of those run) definitely has support for VLAN's, but the manufacturer may have decided not to include that in the UI.

 

[Donald]

Generally you give them one port as the bridge between Their Stuff and The Rest Of the World, and firewall the snot out of that network.

I think there are 4 or 5 devices connected to a unmanaged switch which is connected to Unifi switch.

If I display all the clients on the Unifi management software one says it's connected to the Unifi switch port the rest show active but no indication of how they are connected.

 

[Donald]

So I swapped in a spare Unifi 8 port switch. Setup the VLAN tagging. The video switching console was not powered up. The company that installed the new video equipment decided to use a POE unmanaged switch. Unsure why. The video switch console had a detachable AC power cord that they never plugged in even though an outlet was 2 feet away. So they charged the church for a unmanaged POE switch. Rather than a cheaper non-POE unmanaged switch and plugging in the AC power cord of the video switcher.

Obviously what they really needed to do was install a Unifi managed switch.

The people at church overseeing this project don't understand my concerns.

I may be viewed as a difficult person to work with as I want things done right rather than just get them to work.

 

[tburke]

So I swapped in a spare Unifi 8 port switch. Setup the VLAN tagging. The video switching console was not powered up. The company that installed the new video equipment decided to use a POE unmanaged switch. Unsure why. The video switch console had a detachable AC power cord that they never plugged in even though an outlet was 2 feet away. So they charged the church for a unmanaged POE switch. Rather than a cheaper non-POE unmanaged switch and plugging in the AC power cord of the video switcher.

Obviously what they really needed to do was install a Unifi managed switch.

The people at church overseeing this project don't understand my concerns.

I may be viewed as a difficult person to work with as I want things done right rather than just get them to work.

Very likely that the POE unmanaged switch is what Joe-Bob's Video, Sound, and Cash Extraction had "extra" on the van. Easy sell, no extra effort required.

What they really needed to do (both the AVL company, and the church staff) was reach out to you, the person running/maintaining the church network, and ask "hey, we need X number of ports, as the church's network guy, how can you help us accomplish this requirement?"

If they are unwilling to include you in the process, IMO it is time to consider whether you feel your time and effort is worth the headache induced by a group that does not value your time and effort.

 

[Donald]

I also think it might not have been a good idea to ask the Audio/Video company to recommend what they need to upgrade the video system and then have them sell them what they recommend.

It seems like the complex light board that no one knows how to run, that the new video system has more capabilities but is more complex than anyone will know how to run.

The people who run all this production audio and video are volunteers who run a sound or video system once a month.

The powers that be approve the purchase based upon what was recommended then the volunteers are stuck running it. And they end up using 10% of the capabilities of the new equipment.

I half blame the top down church style of leadership.

 

[Donald]

So what do companies charge to manage the networks of small companies? It it a monthly fee of ?? Or an hourly fee when called that there is something wrong?

The church has said that they want to eliminate a single point of failure (me). And have a company be available to help if I was not available. Or maybe eliminate me and have a company handle it period.

I cannot see a company too interested if all they are hired to do is to look at the network if I was not available. But more likely to just charge a monthly monitoring fee plus hourly to install new hardware they supply at a markup.

The thanks for setting everything up and donating 1/3 the hardware

So what do companies charge to monitor the network of small companies?