Qt X Networking
Configuring QT X networks
Systems controlled by Qt X controllers can be configured using either the browser-based web user interface loaded on each controller (web UI) or the Qt X systems management software (Qt X software). Some settings may also be edited on the controller front panel using the display and buttons there.
- The Qt X platform provides virtualized architectural zoning through a flexible media and control network topology.
- Multiple supported network topologies can be used to maximize design capabilities into many control and media network topologies.
Network connections
All Qt X controllers come with dual RJ45 Gigabit Ethernet port connectors that support control and media network audio. These ports can be configured to support multiple network topologies.
Note: Control port 1 on the Qt X 800s and 800D controllers supports Power over Internet to the controller.
MAC addresses
Each Qt X controller has 3 device MAC addresses. These are viewable under the Network tab in both the Qt X Software and Web UI as well as the front panel display.
When a controller is in single cable mode, all MAC addresses are visible on the Port 1 LAN connection. When in dual cable mode, the AVB and Dante MAC address will be visible on port 1 while the Control MAC address will be visible on port 2.
The MAC addresses will be sequential, appearing as shown here:
- Dante (media) - active when Dante selected as media type
- Control (control)
- AVB (media) - active when AVB selected as media type
Note: The controller may only have a single media type present in a configuration, so the displayed Media MAC address on front panel, web UI or software will correspond to the selected media on the controller. The Control MAC address will be present with either media type.
AVB only hardware models will also ave a Dante MAC address present but in an inactive state.
Network settings overview
The Network Settings tab in both the Web UI and QT X systems software allows users to:
- Modify the primary DNS
- Add or modify the secondary DNS
- Configure the control and media ports
- Switch between single and dual cable modes
- The media type can only be changed to Dante if a Dante-enabled device is connected.
Addressing options
DHCP is checked by default for automatic assignment of an IP by the server. The device network settings can be configured if Static IP is selected. Qt X controllers also support automatic automatic private IP addressing (APIPA) or auto-IP.
- Qt X controllers may also be connected to a network with a DHCP server for initial discovery
- mDNS discovery is limited to a single subnet
Note: If changing IP addressing options between DHCP and Static on devices in running configuration, it is recommended to reboot the controller(s) after changes to clear any inter-device communication faults.
- Devices will show 0.0.0.0 IP address if no network cable is connected.
Control and media network addresses
Control and media network address settings can be set on a controller's front panel as well as by using the Qt X Software or Web UI. However, the front panel will not display any information related to the network cable mode or media type setting. These settings must be viewed or changed from the software or web UI.
Cable modes overview
Qt X controllers support single-cable mode by default, allowing users to connect to devices with a single cable from the media ports.
In Single Cable mode, one port handles all control and media communications. Selecting Dual Cable mode separates the control and media communications. This choice is based on user preference and system design requirements.
Single Cable Mode
This is the default mode for Qt X controllers.
- LAN Port 1 – Control and media combined
- LAN Port 2 – Disabled
Note: The selected media type MAC address will be the displayed and active MAC in the configured system.
Dual Cable Mode
-
LAN Port 1 – Media network
- LAN Port 2 – Control network
Note: The selected media type MAC address will be the displayed and active MAC in the configured system.
Media Modes (Dante Qt Xs)
Dante-enabled Qt x D controllers ship with Dante media mode enabled by default. In an unconfigured state, the controller may be switched from Dante to AVB media mode .
Note: Qt X hardware does not support AVB and Dante in mixed network modes.
Control and media network options
Cable mode settings are located under the Networks Settings tab in both the Qt X systems software and the onboard web UI.
Single-cable mode details
Both control and media IP addresses are active in single cable mode and may be addressed uniquely. While in single cable mode both Control and Media MAC addresses are viewable behind the single LAN port.
In single cable mode, all control data, AVB or Dante media is transmitted and received from the Qt X controller over Port 1. This allows all Qt X web-based management software, Qt X control software, SageVue management and 3rd party control to connect to a common switch with the audio media network.
The Web UI may be accessed via either Control or Media IP address in single cable mode.
Qt X Software View Qt X Web UI View
The single-cable carries both control and AVB or Dante media and connects to a common converged control plus media network.
Note: When in single cable mode, the media network IP address is still active and may be addressed separately from the control LAN. This is the address a Dante Qt X D controller uses to discover the device and route Dante audio flows. The address must be in the same range as other Dante devices routed to the Qt X hardware.
Dual Cable mode for separated networks
Dual cable mode supports isolating AVB or Dante media from control data on two physically separated networks. This allows media networks to be isolated from building WAN or system control networks. Qt X controllers support the use of an individual uplink from the control and AVB or Dante media ports to the respective separated networks.
In separated networks, AVB or Dante media is transmitted and received from the Qt X controller over Port 1, while inter-device communication, Qt X web-based management software, Qt X control software, SageVue management, and 3rd party control are accessed via Port Position 2.
The Web UI may be accessed via either Control or Media IP address in dual cable mode.
Qt X Software View Qt X Web UI View
The media network traffic resides on a logically separated switch from control traffic. This topology allow for control traffic to reside on an enterprise building network with all media traffic on an isolated switch.
AVB Media Network Requirements
- AVNU Certified Network Switch w/AVB Active License
- AVB switches will automatically create and use VLAN 2 for all AVB media traffic.
- AVB controller software for routing explicit AVB streams to Qt X hardware. Biamp currently recommends using the Riedel AVB Manager software as the AVB controller. The software is free, but requires registration on Riedel's website. Other notable AVDECC controllers are Hive AVB Controller and Hono AVB Controller.
Dante Media Network Requirements
- QoS Priorities (4 Levels)
- IGMP Snooping (multicast)
- VLAN Support in most instances
- Dante Controller Software for audio routing between Dante devices and QT X hardware.
- Audinate Dante port requirements can be found here https://www.audinate.com/faq/which-network-ports-does-dante-use
- Additional Audinate Dante network requirements can be found at https://www.audinate.com/sites/default/files/PDF/adding-dante-to-your-network-audinate.pdf
- Audinate Dante Domain Manager has additional network requirements which can be reviewed here https://dev.audinate.com/GA/ddm/technical-notes/network-admin/pdf/latest/DDM%20-%20Info%20for%20Network%20Administrators%20v1.9.pdf
802.1X and Certificate Management
The Security Configuration dialog manages security settings such as viewing currently-applied security certificates, the status of 802.1x, and settings associated with the web server.
The standard allows for protecting the 802.1X traffic using varying degrees of encryption to prevent authentication credentials from passing over the wire as clear text. This reduces vulnerability to “man in the middle” attacks that intercept network traffic.
Topologies not supported
Important: The topologies listed below are not supported for 802.1x in Qt X hardware.
- 802.1x is not supported while in single cable mode. There are 2 MAC addresses that are seen behind a single LAN port in this mode. A switch with 802.1x will not authenticate to a device with more than one MAC address.
- A Qt X controller in dual cable mode while set to Dante media mode does not support 802.1x. This is due to 802.1x supporting only Unicast communication while the Qt X controllers are communicating via multicast. Controller must be in AVB mode to use 802.1x on control and media ports.
Managing certificates
Certificate management is only accessible via the Qt X software application.
- The certificates tab is accessed from the Device Information screen - Operations tab.
- Select the Certificate Management button to view and update settings.
The 802.1X Certificates tab allows configuring 802.1X security protocols for the controllers control and media ports. 802.1X. is an IEEE standard for port-based Network Access Control (PNAC) and is part of the IEEE 802.1 group of networking protocols. 802.1X provides an authentication method for connecting devices to a Qt X system.
Security
Integrators and administrators configuring 802.1X and choosing EAP methods should be knowledgeable in network security and know the requirements of the enterprise network Qt X devices are being installed in.
Biamp supports the following security types:
- EAP_NONE - EAP is disabled
- EAP_PEAP/MSCHAPv2 - Server authentication via certificate; client authentication via another EAP method
- EAP_TLS - Certificate-based two-way authentication
802.1X security may be selected for the control or media ports on the selected Qt X sound masking controller. Connected devices must support 802.1X to enable the security protocol:
Users must choose which Mode to apply. Mode establishes the Extensible Authentication Protocol (EAP) by which authentication takes place and is disabled by default (EAP_NONE).
Certificates
Users may select a Root or Client certificate based on the security requirements of the organization. The Qt X comes factory-equipped with a root certificate issued by Biamp (a trusted Certificate Authority (CA).) Users may choose to apply the Biamp Production Root certificate, or supply their own. Clicking 'Select Certificate' will allow the user to browse to available certificates. Users may upload their own certificate via the Certificates Tab.
Root Certificate
Click Apply. The 802.1X Certificate Management window will reflect the applied certificate:
Client Certificate
The Qt X comes factory-equipped with a client certificate used to make authenticated requests to a remote server. Administrators may choose to apply the device client certificate or supply their organization's certificate. Available certificates may be browsed to by clicking on Select Certificate. Certificates may be uploaded on the Certificates Tab.
Click Apply. The 802.1X Certificate Management window will reflect the applied certificate:
External Control / RESTful API
Qt X integrates Representational State Transfer (REST) Application Programming Interface (API), or what's better known as RESTful API. This technology allows end-users to automate the use of Qt X to match the custom needs of an organization. The API will allow external device control of the Qt X system by interfacing through documented commands. The full suite of API information is available via the help document.