In the single IT VLAN approach, all the BAS access switches and all the network engine s (if the network engine s need to be visible from the IT network) are located in a single IT VLAN/subnetwork. If the VLAN and associated subnetwork are dedicated exclusively to the BAS network by IT, the BAS traffic will be isolated from the rest of the IT traffic. Alternatively, if the VLAN and the associated subnetwork are not dedicated exclusively to the BAS network, the network engine s will be exposed to the traffic from the other devices in the VLAN; likewise the other devices in the VLAN will be exposed to the traffic from the network engine s. In either case, the single VLAN needs to be propagated across IT network switches. Within the single IT VLAN approach, there are two options for connecting the BAS access switches to the IT network - by way of trunks or by way of access ports.
Note: In a segmented architecture where all the network engine
s reside in the same IT VLAN and subnet, only one of the
network engine
s is configured as a
BBMD. Directed broadcasts and Access Control Lists (ACL's) configured on the BAS
access switches are used to limit BACnet broadcasts from an network engine
to the subnet(s) in which the IP
controllers the network engine
supervises
reside and between IP controllers in the same subnet. Therefore this design is not
suitable for sites with BACnet routing enabled, or where cross VLAN/subnet
controller-to-controller communication (for example, peer references) is desired,
unless BBMDs are placed in the BAS private subnets with the IP controllers.