An unfortunate incident - sACN and Nomad

Hi! I had a bit of a problem today. I was working on installing LED's onto scenery in our workshop. I was running Nomad on my MacBook Pro, connected via my handy Gadget II to the LED controller. Works great! I had been working for around 8 hours and was about to go home, disconnected my USB Dongle and Gadget II, closed my MacBook and put it in my bag.

Moments later, I got a call from an operator friend of mine working on the stage next to the workshop, asking me to come help diagnose weird behaviour in his desk. Channels were flashing that weren't even patched. I go and take a look, and just as I enter the control room the channels were fading out. We start troubleshooting and soon I start to suspect my laptop having something to do with this. Long story short and a quick experiment later, we find out that at some point during my packing up in the workshop the laptop must have sent sACN data to the addresses not owned by the Eos on the stage. The fading out is caused by the Sensor racks Data Loss timeout 180 seconds later, or just as I entered the control room.

When I booted up earlier in the day, my MacBook was connected to Wifi, to the in-house internet. We have Wifi for the lighting on the stage, for the remote app. My laptop has connected to it before and so it has most likely automatically joined it as it might have been in range. 

After careful thought and self loathing since realising this, I understand there are things I could have done differently to prevent this. E.g. tell my MacBook to never join the lighting Wifi automatically. But, given that most if not all consumer OS's will default to always join Wifi's automatically; allowing any unsuspecting tech running sACNview or Nomad on a Wireless NIC to accidentally send sACN data if his laptop decides to join a lighting Wifi - how can I protect my lighting networks and shows from these kinds of accidental sACN streams?

Should I start blocking traffic on the switches to only allow my Eos, Paradigm, Hippo and DMX nodes to send sACN (the usual ones we have sending data as part of a show)?

Or is this maybe something that could be handled by Nomad better? I feel like it shouldn't just hop between SSID's so seamlessly, is that something anyone actually would like to happen without any kind of notification?

I am usually very careful but after seeing how easily this accidental error occurred, I feel like this was bound to happen sometime. This was during showtime.

Thanks, and sorry to the lumen gods.

  • You can switch off the sACN output of the Wifi network adapter in Setup/Devices/Network. You find it in the last manual at page 227.

  • Thanks, I’m less worried about my own machine sending data as this is one of many ways I could have averted this particular issue. I’m thinking more about how could my lighting network have protected itself from this. How can I make sure this never happens again, regardless of who might be working with sACN on a wifi connected laptop that has previously been used on the lighting wifi? 

  • You can block the sACN port 5568 on the switch site. Use the ACL function of the designated hardware port where your Wifi router is attached. Your switch manual will give you the answer how to do.

  • I assume the WiFi is password-protected? That should prevent random devices automatically connecting to it. In my theater i have also configured the router to not broadcast the SSID. That means you have to manually connect to the network. And when i do that on my windows machine I also uncheck the option to connect automatically. That should stop random devices autoamtically connecting as well.
    Last of all, you could disable DHCP on the router. That way you onlly devices in the right IP-range to be able to connect. 

  • I was confused up until I noticed the bit at the end where you said this happened DURING A SHOW.

    100% not your fault as the end user in my opinion. Eos should default to not transmit sACN over WLAN unless user enables WLAN sACN output. For exactly this reason. WLAN sACN transmission should only be used in very specific situations where the user specifically opts in and knows the risks. I'm not an IT guy, but I'm sure there's a way for Eos to know if a network connection is LAN or WLAN and decide accordingly. Automatically send to LAN since that's probably intentional by user but don't automatically send over WLAN unless WLAN has been enabled by user inside that show. Ideally there would be a confirm request in the cmd line as well if WLAN is enabled.

  • We have settled on disabling sACN on our wifi traffic. That would lessen the risk in our case. But yeah, sACN on wireless being opt-in, if technically possible, would be a great default setting on Nomad.

Related