DDM: Unenrolling Dante Devices When DDM Is No Longer Available (Lonely Reset)
For devices that have been enrolled into a DDM domain but can no longer access the DDM instance, the Dante Controller provides a tool to clear the Domain credentials which is considered a ‘lonely reset’.
A Dante device is deemed lonely if it can no longer see the DDM (if enrolled) and cannot see other devices (not receiving PTP traffic).
There may be occasions where multiple Dante devices require a lonely reset. For example, if the DDM instance has become inaccessible due to a forgotten password and Recovery Code, the hardware/virtual environment DDM is running on has failed or a failure of the DDM instance itself.
Lonely resetting each device could be time consuming in larger Dante environments when each device has to be reset individually. This article offers a way of lonely resetting all devices without the need to isolate the device, by blocking communication between devices using ACLs on a switch.
In this example, we are using a single Cisco SG300 and configuring this using a computer running Windows 10.
Note. Switch configuration varies across switches from different vendors. Refer to the user manual for your switch for the equivalent instructions for your specific switch model.
· Creating a port based VLAN
· Configuring and attaching an ACL to the VLAN
· Lonely Resetting Devices in the Dante Controller
1. Creating a port based VLAN
Connecting to the switch
To access the switch web interface set your computer’s IP address within the same range as the switch. The default IP address for an SG300 is 192.168.1.254, so set the machine to 192.168.1.X with the subnet mask 255.255.255.0.
Creating a VLAN
Open a web browser and type in the IP address of the switch. You will be asked to enter in the username: cisco, and the password: cisco.
Navigate to VLAN Management > VLAN Settings. VLAN 1 exists by default. We’re going to create a new VLAN by selecting Add and then entering in the VLAN ID and the VLAN name. In this example we have called it VLAN 2 and given it the name ‘Lonely Reset’:
Changing the Port Mode
We want to change the mode that our ports are running in. By default, the ports on this switch are set as ‘Trunk’ ports. A trunk port is used carry traffic from multiple VLAN’s between switches, which isn’t necessary for our configuration. The ports connecting the Dante devices should be set as ‘Access’ ports, so that these ports will transport traffic on the specified VLAN.
To change the port mode, go to Interface Settings and select the port to change, choose Edit which will open a tab where you can select the Access port option. Then Apply this setting for each port. In the example below we have set ports 2 – 10 as Access ports and left port 1 as a Trunk port:
Note. You can also copy the settings from one port to multiple by using the Copy Settings option.
Assigning Ports to VLAN’s
The last stage is to assign the ports connecting our computer and devices to the Lonely Reset VLAN. Go to the Port VLAN Membership tab, select the port that is going to be assigned to VLAN 2 and then select Join VLAN. Here we want to move the port from VLAN 1 first and then move it to VLAN 2. Set tagging to Untagged. After configuration the port should be assigned to Administrative VLAN 2UP:
2. Configuring and attaching an ACL to the VLAN
The next step is to create an ACL. ACLs are rules used to filter network traffic. Navigate to Access Control > IPv4-Based ACL and select Add. Add an ACL called Lonely Reset.
Then navigate to IPv4-Based ACE and select Add. Enter the settings as show below:
Binding the ACL to the VLAN
To bind the ACL to the VLAN, navigate to ACL Binding (VLAN) and enter the settings as shown in the image.
To initiate the lonely reset process, you need to disconnect and reconnect the network interface on each Dante Device. If the devices are not accessible, you can also achieve this by toggling the network port attached to this device via the switches web interface. To toggle a network port:
Go to Port Management > Port Settings, select the port that the Dante Device is connected to and click edit. Then toggle the port Down > Apply, then Up > Apply:
3. Lonely Resetting Devices in Dante Controller
Devices that have previously been enrolled in a domain that can no longer see the DDM will appear in the Dante Controller in grey. You may need to use the Show Hidden Devices option found under the View tab.
If the device doesn’t appear in the Dante Controller, unplug the device for a few seconds and plug it back in (Alternatively toggle the network port).
If the switch has been successfully configured all devices in the Lonely Reset VLAN should appear as PTP Leader in the Dante Controller.
We can now use the Clear Domain Credentials feature through Dante Controller to unenroll each device by going to Device View > Device > Clear Domain Credentials:
Note. If clearing the credentials has been successful, you will see this message.
Once all devices have been reset, they will appear in Blue in the Dante Controller. This means that they are no longer enrolled in a domain.
You can now disable the ACL on the switch and return to your normal network configuration.
Note: if you do not complete this within 15 minutes the following error may appear. Restart the devices (Or toggle the ports) and try again.