Skip to main content
Biamp Cornerstone

Modena Hub network integration

This article describes the different network integration options available for Modena Hub/Hub+ systems, as well as how these options can be customized to meet local network infrastructure and security needs.

Wired connection

In this configuration, the Modena Hub/Hub+ base unit is connected to the company LAN via its Network port (standard RJ45, gigabit Ethernet port). Users connect to Modena via their devices that are connected to the corporate LAN. These devices may be connected to the corporate LAN wirelessly or via Ethernet connection. Guest access to Modena can be provided by providing guest access to the corporate LAN.

Access to Modena and any of its specific features will depend upon permissions granted to the user.Network integration - Enterprise 2021-4-30.jpg

Setting up a wired connection

  1. Connect Modena's Network port to the corporate LAN.
    • Ensure that Modena has both a pathway and access to an active DHCP server on the network. By default, Modena is set to DHCP and will need to obtain an IP address from DHCP server. It does not support Link Local.
  2. Connect Modena's power supply to power the unit on.
    • If power is already connected and the unit is powered off, press and release the Power button on the front of the unit to turn it back on.
  3. Obtain Modena's IP address. This can be done two ways:
    • Connect a display to Modena's HDMI port. The device's IP address will be displayed on the "Welcome" screen.
    • Use a network tool to discover what IP address has been assigned to the device.
  4. Type the device's IP address into the URL field of a web browser to access Modena's web admin console.

Configuring a wired connection

From the web admin console, Modena's wired connection parameters can be set to one of the following options:

  • DHCP mode
    • This is the default mode.
    • The device's IP address will be assigned by a DHCP server on the connected corporate LAN.
    • If "DNS from DHCP" is enabled, the device's Domain Name System (DNS) address will be assigned by the DHCP server.
    • If "DNS from DHCP" is disabled, the device's DNS address must be filled in manually in the network settings.
  • Static mode
    • The device will not obtain an IP address from the DHCP server.
    • All network parameters (IP, Netmask, Gateway, DNS) must be filled in manually in the network settings.
  • Disabled (Modena Hub+ only)
    • This disables the wired network. The device will not have network access or be accessible via its Network port.
    • It is not possible to disable both the wired and wireless network, so the device will still be accessible via its built-in WiFi network.

Stand-alone mode (Modena Hub+ only)

Modena can be configured to function in a stand-alone mode. In this mode, the wired Network interface port that would normally connect to the corporate LAN is disabled. This will also mean Modena has no connection to the internet.

In this mode, users can only connect to the system by connecting their device to the wireless access point that comes built-in to Modena Hub+ models. They will be able to present to the display device that is physically connected to Modena's HDMI port, as well as to the device screens of any other users that are connected to the same Modena system via WiFi.

The advantage of Modena's stand-alone mode is a secure presentation system that is totally isolated from both the corporate LAN and the internet. Bear in mind that this will mean users do not have access to resources hosted on the corporate network or in a cloud server while connected to the Modena system. Any presentation materials required must be accessible on the user's local device.
 

Network integration - Stand alone 2021-4-15.jpg

Setting up a wireless connection

  1. Ensure that Modena's Network port is not plugged into a network.
  2. Connect Modena's power supply to power the unit on.
    • If power is already connected and the unit is powered off, press and release the Power button on the front of the unit to turn it back on.
  3. On the computer with which Modena will be configured, open the wireless network settings and connect to the Modena Hub+ network. Its factory default settings are as follows:
    • SSID: modenahub
    • Security: WPA2
    • Password: modenahub
  4. Obtain Modena's IP address on its wireless network. By default, this will be 10.3.2.1. If this setting has changed, the current IP address can be found in two ways:
    • Connect a display to Modena's HDMI port. The device's IP address will be displayed on the "Welcome" screen.
    • Use a network tool to discover what IP address has been assigned to the device.
  5. Type the device's IP address into the URL field of a web browser to access Modena's web admin console.

Configuring stand-alone mode

In the web admin console, perform these steps:

  1. Click on Network in the left-hand menu.
  2. Make sure the Wired tab is selected.
  3. Select Disabled.
  4. Click on Apply to save the setting.

Modena - Stand-alone mode network settings.png

Stand-alone mode with a dual Wi-Fi interface

A different implementation of the Stand-alone mode can be obtained when the user laptop is equipped with a second network interface, like in the picture below. With this solution, the usual network connection provides LAN and internet access, while an optional second network interface (for example a WiFi dongle) connects the laptop to the Modena Hub+ integrated AP and to the related services, like Wireless Sharing and Wireless USB. The advantage of this connection over the simple Stand-alone mode is the availability of the full set of features from Modena Hub+ and the isolation with the corporate network at the same time. On the other hand, being the Modena Hub+ isolated from the internet, internal clock sync, automatic firmware update and URL background on Welcome Screen won’t be available. The security level of this connection is the same as the one granted by the laptop.   

 

Network integration - Dual WiFi 2021-4-30.jpg

Dual-network mode (Modena Hub+ only)

When configured for dual-network mode, both the wired Network interface port and the built-in wireless access point will be functional. The purpose of this is to allow for corporate users to connect to Modena seamlessly from their devices' regular corporate network connection, while guests can still access Modena via WiFi without needing to be given access to the corporate network.

This mode offers some degree of flexibility and can be configured for a more isolated, secure system or a more open, accessible system. These configuration options are described in more detail below.

Total isolation

To configure a Modena Hub+ for total isolation:

  1. Go to the wireless network settings in the web admin console.
  2. Set Share mode to None.
  3. Check the option for Client isolation.
  4. Click Apply to save the settings.

When the "Share mode" is configured in this manner, the wireless access point and wired Network interface port will both be active and accessible to users, but they will be mutually isolated from one another. This means that guests can be provided access to Modena without being given any access to the local corporate LAN or the internet. Company users can still access their corporate network resources during presentations by connecting to Modena via the corporate LAN.

When "Client isolation" is checked, client devices connected to the Modena Hub+ wireless access point will be prevented from accessing other client devices connected to that same wireless access point. It is recommended that this remain checked.

Partial or no isolation

Through these configuration options, it is possible for guests to access the Modena Hub+ system as well as the internet, while still offering a degree of security and isolation between guests and the corporate LAN. If configured so that Modena's built-in wireless access point for presentations becomes an access point to the greater corporate LAN, the same security rules should be enforced for wireless connections to Modena as are enforced for all other access points to the corporate LAN.

To configure a Modena Hub+ for partial isolation:

  1. Go to the wireless network settings in the web admin console.
  2. Set Share mode to one of the following settings, depending on the degree of isolation preferred:
    • Routing + NAT: Modena Hub+ handles NAT between client devices on its wireless network and the wired Network interface port connected to the corporate LAN. This allows devices connected to Modena's wireless access point to access resources on the corporate LAN, as well as the internet. There is no firewall between the wireless and wired subnets in this configuration.
    • Routing: Modena Hub+ routes traffic between devices on its wireless network and the wired Network interface port connected to the corporate LAN, but it does not provide any NAT services. There is no firewall between the wireless and wired subnets in this configuration. Traffic between the two subnets is handled by the corporate LAN's routing tables.
  3. It is recommended that the "Block access to private network addresses" option remain checked for either of the above Share modes. This will prevent client devices connected to Modena's wireless network from accessing private IPv4 addresses, defined as the following ranges:
    • 10.0.0.0-10.255.255.255
    • 172.16.0.0-172.31.255.255
    • 192.168.0.0-192.168.255.255
  4. It is recommended that the "Client isolation" option remain checked. This will ensure client devices connected to the Modena Hub+ wireless access point are prevented from accessing other client devices connected to that same wireless access point.

To configure a Modena Hub+ for no isolation:

  1. Go to the wireless network settings in the web admin console.
  2. Set Share mode to Bridge.
    • In this mode, Modena will configure its WiFi access point as an extension of the corporate LAN, utilizing the same IP address and subnet information as the wired Network interface port. Client devices connecting to Modena's wireless access point will be virtually connecting to the corporate LAN. Wireless network settings are managed by adjusting the wired network settings.
  3. It is recommended that the "Client isolation" option remain checked. This will ensure client devices connected to the Modena Hub+ wireless access point are prevented from accessing other client devices connected to that same wireless access point.

Network integration - Dual Network 2021-4-30.jpg

Advanced integration

DMZ network connection

DMZ stands for “Demilitarized zone” and is the area between external and internal network. An additional layer of security can be achieved by connecting the Modena device to the network DMZ, like in the picture below. In this way the firewall keeps the corporate network isolated and the security level of the network isn’t affected by the Modena Hub. The network ports required by the Modena Hub services need to be opened in the outbound configuration.Network integration - DMZ 2021-4-30.jpg

Isolated room network

A completely isolated environment can be created with a room dedicated network. In this scenario, the meeting room has its own network, separated from the corporate network. The users leave the corporate network and connect to the room network to use the Wireless Sharing and Wireless USB services provided by the Modena Hub.

Network integration - Isolated 2021-4-30.jpg

Network Ports

Some communication ports might be locked by default, typically for security reasons in routed or restricted network segments such as public wireless access for guests. For optimal operation of Modena Hub, ports in the table that follows should be open and without restriction. 

LAN traffic

Port TCP/UDP Usage Traffic direction Required?
53 UDP - DNS Outbound No, optional
67 UDP - DHCP Outbound No, optional
80 TCP - Traffic between Modena Hub and Server for welcome page custom background

- Welcome page for Android Room mode

- Internal URL background on Welcome page, if HTTP (disabled by default)

- Log download
Outbound,
also Inbound for Modena Server
Yes
123 UDP - NTP traffic with internal NTP server Outbound No, optional
443 TCP - Browser traffic with Modena units web interface

- Internal updates (pushed from Modena Server)

- Internal URL background on Welcome page, if HTTPS (disabled by default)
Outbound,
also Inbound for Modena Server
Yes
5353 UDP - Bonjour service (to connect the browser using ModenaHubName.local) Inbound No, optional
8443 TCP - Communication from Modena Hub and Server to apps and drivers Inbound If using desktop apps
8445 TCP - Communication from Modena Hubs to Modena Server Outbound,
also Inbound for Modena Server
If using Modena Server
6000 UDP - Manual unit discovery

- Automatic units discovery (subnet only, UDP broadcast must be enabled)
Inbound If using desktop apps
7000:7199 TCP - Streaming when using the Modena apps Inbound If using desktop apps
7200:7319 TCP - Streaming when using the Modena apps with Server rooms 2-7 Inbound If using desktop apps with Server rooms 2-7
20000:40000 UDP - Streaming when using the web app (webRTC) Inbound If using web app

Internet traffic

Port TCP/UDP Description Traffic direction Required?
53 UDP - DNS Outbound No, optional
80 TCP - External URL background on Welcome page, if HTTP (disabled by default) Outbound No, optional
123 UDP - NTP traffic with external NTP server Outbound No, optional
443 TCP - Weather widget

- Automatic updates

- External URL background on Welcome page, if HTTPS (disabled by default)
Outbound No, optional

802.1x

IEEE standard 802.1x is a network protocol that enables security authentication to protect corporate LAN and WLAN. Modena Hub supports this standard and acts as a trusted supplicant when connecting to a network authentication server. Supported protocols are:

  • EAP-MD5
  • EAP-TLS
  • EAP-PEAP/MSCHAPv2
  • EAP-FAST
  • EAP-TTLS/EAP-MSCHAPv2

Please refer to the Modena Hub network parameters page for information on how to configure 802.1x in Modena.

Further reading

  • Was this article helpful?