Trying to get my head around BI hardware setup

[saltwater]

I'm about to start a house build, I've mapped out where my cameras will go and they all terminate back in the 'comms room'. I'm also wiring (Cat6) to nearly every room in the house, multiple points in common areas.

Ok, I understand that a dedicated computer should be used that runs BI. If I have 8 cameras, I understand an 8 port switch is required connected to the dedicated computer. For my network then, if using BI, I would effectively have two switches, one for BI and the other for my data points & tv. Could I get away with using only one switch (24 or 48 port)?

 

[Walrus]

Yes, but you'd want it to be a managed switch then, so you can separate the camera ports from the regular data ports, to keeps the cams off the internet. Or, in your router you can block the camera's MAC addresses from accessing the internet.

You need a POE switch to power the cams. You don't need POE for regular data/TV. A 24 or 48 port POE switch is probably going to be noisy. Also, what if it fails in the future? Then everything is down. I'd do a separate 16 port POE switch (if you are thinking you'll have 8 cams, it'll leave you room for more), and a separate regular switch (non-POE) for your data network.

 

[mikeynags]

Take a look at the Ubiquiti line of switching gear. They are decent switches with good support. Also, look into protecting those switches with a good size UPS. When I lose power my cameras and network don't go down.

 

[th182]

Take a look at the Ubiquiti line of switching gear. They are decent switches with good support. Also, look into protecting those switches with a good size UPS. When I lose power my cameras and network don't go down.

Ditto on the UPS! I have a separate one for BI and it's switch. Idea being I want that to be the last device to go down during power outages. My network is also protected by UPS units. Lately it seems like our power goes out whenever a cloud appears in the sky!

If you go the managed 24/48 port switch route they can be noisy. I bought one off eBay and replaced the fans which helped a little but not much (old ones were failing and making all kinds of noises). Mine lives in a network rack cabinet tucked away in a storage room so I don't hear it.


Sent from my iPhone using Tapatalk

 

[SouthernYankee]

-------------------------------------------------
1) It is recommended that you drop two ethernet cables for each location.
2) verify camera placement use the calculator... IPVM Camera Calculator V3 do three cameras at a time free.
3) More cameras are better
4) mount cameras no higher than 8ft if you plan on identifying the person.
5) if you are planning on parking in the driveway than two cameras one on each side of the garage, no higher than the top of the garage door.
6) set up the BI computer to use two NICs, one to the home network and the other to the camera network. It is recommended to NOT mix the cameras and home internet on the same subnet.
-------------------------------------------------

My standard welcome to the forum message.

Please read the cliff notes and other items in the wiki. The wiki is in the blue bar at the top of the page.

Read How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk in the wiki also.

Quick start
1) If you do not have a wired monitored alarm system, get that first
2) Use Dahua starlight cameras or Hikvision darkfighter cameras or ICPT Night eye cameras (

IP Cameras & Blue Iris - IP Cam Talk Store

IP Cameras, Blue Iris Software, NVR's, CCTV installation tools & more. Uniview, Dahua & Amcrest at discounted rates, with warranty!

store.ipcamtalk.com

) if you need good low light cameras.
3) use a VPN to access home network (openVPN)
4) Do not use wifi cameras.
5) Do not use cloud storage
6) Do Not use uPNP, P2P, QR, do not open ports,
7) More megapixel is not necessarily better.
8) Avoid chinese hacked cameras (most ebay, amazon, aliexpress cameras(not all, but most))
9) Do not use reolink, ring, nest cameras (they are junk)
10) If possible use a turret camera , bullet collect spiders, dome collect dirt and reflect light (IR)
11) Use only solid copper, AWG 23 or 24 ethernet wire. , no CCA (Copper Clad Aluminum)
12) use a test mount to verify the camera mount location. My test rig: rev.2
13) (Looney2ns)If you want to be able to ID faces, don't mount cams higher than 8ft. You want to know who did it, not just what happened.
14) Use a router that has openVPN built in (Most ASUS, Some NetGear....)
15) camera placement use the calculator... IPVM Camera Calculator V3

Cameras to look at
IPC-HDW2231R-ZS Review-Dahua IPC-HDW2231RP-ZS Starlight Camera-Varifocal
IPC-HDW5231-ZE Review-Dahua Starlight IPC-HDW5231R-ZE 800 meter capable ePOE
IPC-HFW4239T-ASE IPC-HFW4239T-ASE
IPC-T5442TM-AS Review IPC-T5442TM-AS-LED (Full Color, Starlight+)
IPCT-HDW5431RE-I Review - IP Cam Talk 4 MP IR Fixed Turret Network Camera
DS-2CD2325FWD-I
IPC-T5442TM-AS Review-OEM 4mp AI Cam IPC-T5442TM-AS Starlight+ - 4MP starlight+

Other dahua 4MP starlight Dahua 4MP Starlight Lineup

My preferred indoor cameras
DS-2CD2442FWD-IW
IPC-K35A Review-Dahua IPC-K35A 3mp Cube Camera

If interested in Blue Iris and other setup items see the following post
https://ipcamtalk.com/threads/newbie-starter-guide-to-ip-cam-system-–-vpn-setup-–-computer-hardware-–-blue-iris-–-dahua-cameras.42278/

 

[cage771]

I'm about to start a house build, I've mapped out where my cameras will go and they all terminate back in the 'comms room'. I'm also wiring (Cat6) to nearly every room in the house, multiple points in common areas.

Ok, I understand that a dedicated computer should be used that runs BI. If I have 8 cameras, I understand an 8 port switch is required connected to the dedicated computer. For my network then, if using BI, I would effectively have two switches, one for BI and the other for my data points & tv. Could I get away with using only one switch (24 or 48 port)?

You could get away with one switch......but you are just waiting for an issue when it fails. Since you are building from scratch, here is my suggestion.

1 - do it right with a proper rack and patch panels.
2 - each floor/area gets its own patch panel and switch.
3 - cameras on their own patch panel and switch
4 - label everything and color code your jumpers (red for POE devices and yellow for pure data for example). Buy the premade jumpers....not worth the headache.
5 - put network jacks in the wall at any location that you think that you might want a tv, computer, camera, or any other network attached device
6 - one is none and two is one. Run more drops than you think that you will need.
7 - make every drop live
8 - buy a real router. Each switch gets it's own port. This allows for easy VLAN setup if you don't go with managed switches.
9 - not necessary, but put in real wireless access points. Don't rely upon the signal from an off the shelf wireless router setup.
10 - when it comes to buying patch panels, jumpers, keystone jacks, etc, you don't have to go with Commscope or Panduit. I've had great luck with the the less expensive stuff from Amazon. Don't waste money on the gold plated stuff unless you live in an area with high salinity in the air (near the ocean for example). No need for that inside the house either.
11 - For patch panels, keystone jacks are not really universal. Buy the keystone jacks from the same company that makes your patch panels or wall plates to ensure a proper fit.
12 - leave slack on both ends for service. For your headend, build it in such a way that you can get back into it as needed. Trust me, you are going to get everything ran, dressed out, and terminated only to find that some port in the middle of a patch panel mounted between two switches doesn't test out. Ease of access will serve you well down the road.
13 - buy an inexpensive CAT5/6 MAP tester on Amazon and test/verify every drop BEFORE buttoning everything up
14 - Did I mention labeling?? Every drop should have a label at both ends. Label the wall plates. Label the switches and patch panels. Make it so that anyone that can read and has a little bit of common sense can figure out what you did. For example, U13 is a jack on the wall next to my desk on the second floor. I go to my rack and locate the U patch panel. Port 13 has a yellow jumper that goes to port 13 on switch U. I can look at the rack and tell you that the yellow denotes a non POE data only connection and that it is on the second floor.

I have a 100 year old 2 story farm house....with an attic and basement. I've ran all of the CAT6 connections here so I'm speaking from experience. All of my plates are setup for 4 ports. TV locations has one RG6 connection (or HDMI) with 3 CAT6. Standard locations are 4 CAT6. Might be overkill, but it aids in troubleshooting and prevents from having to have another switch. You have the opportunity to do this right and pretty much future proof. So spend the extra time and a bit more money.

Sorry for the rant.....just sharing my proffessional and personal experience.

Oh.....and have a full 200 amp service ran to the house....20 amps per room is nice to have. And don't forget to add power and network drops to the garage or other places that YOU might not think about. The only rooms that do not have network drops are the bathrooms....although.....that might be cool to have for a panel PC mounted for various reason (to do list, weather, camera viewer, stock ticker, etc).

 

[saltwater]

Ditto on the UPS! I have a separate one for BI and it's switch. Idea being I want that to be the last device to go down during power outages. My network is also protected by UPS units. Lately it seems like our power goes out whenever a cloud appears in the sky!

If you go the managed 24/48 port switch route they can be noisy. I bought one off eBay and replaced the fans which helped a little but not much (old ones were failing and making all kinds of noises). Mine lives in a network rack cabinet tucked away in a storage room so I don't hear it.
Sent from my iPhone using Tapatalk

Everything will be set up in a room under the stairs, so noise should not be an issue, or we shouldn't hear it in living areas and bedrooms. A separate switch makes sense; this is the approach I will take.

 

[saltwater]

You could get away with one switch......but you are just waiting for an issue when it fails. Since you are building from scratch, here is my suggestion.

...snip...

8 - buy a real router. Each switch gets it's own port. This allows for easy VLAN setup if you don't go with managed switches.

...snip...

Sorry for the rant.....just sharing my proffessional and personal experience

...snip...

Thank you, everyone, for your input.

Cage771, it wasn't a rant and many of your points I had already considered and want to implement. Was wondering if you could, or somebody, please expand on point 8, real router, and switch in its port.

 

[Mikk36]

"Real router" is a bit of a questionable term.
You basically have two options:

1. a router with multiple LAN ports and software ability to map different networks to different LAN ports
2. use VLANs and managed switches and a router that supports VLANs

Neither option supports the cheapest options available, but I personally would rather prefer VLAN route, which gives you more freedom with network deployment.

If you like nice user interfaces and easy setup, then one option is to go Ubiquity Unifi line.
Unifi Security Gateway is not a requirement, if you already have a router that can handle VLANs.
Cloud Key is not required, if you can run the Unifi Controller software on another computer somewhere (it's free to run on your own hardware, you only pay for the devices). It's also not required to keep it running all the time, you can shut it down after setup.

 

[th182]

"Real router" is a bit of a questionable term.
You basically have two options:

1. a router with multiple LAN ports and software ability to map different networks to different LAN ports
2. use VLANs and managed switches and a router that supports VLANs

Neither option supports the cheapest options available, but I personally would rather prefer VLAN route, which gives you more freedom with network deployment.

If you like nice user interfaces and easy setup, then one option is to go Ubiquity Unifi line.
Unifi Security Gateway is not a requirement, if you already have a router that can handle VLANs.
Cloud Key is not required, if you can run the Unifi Controller software on another computer somewhere (it's free to run on your own hardware, you only pay for the devices). It's also not required to keep it running all the time, you can shut it down after setup.

+1 for UniFi APs! I have the Ac-Lite and it’s been flawless for 3 years! I’m on a 1/4 acre standard lot and get WiFi coverage on my entire property. Controller software makes configuration easy.

Also agree that gateway and key are not necessary. I used an EdgeRouterX for the longest time and just switched to pfSense as I like its interface and options for extensions. I have several VLANs to keep my computers and such separate from cameras and IoT devices that could be hacked/flawed.


Sent from my iPhone using Tapatalk

 

[cage771]

Thank you, everyone, for your input.

Cage771, it wasn't a rant and many of your points I had already considered and want to implement. Was wondering if you could, or somebody, please expand on point 8, real router, and switch in its port.

I worded that incorrectly when I said "real". What I was referring to would be more of an Enterprise level router rather than some of the shelf unit that you can buy at Walmart. Will that Walmart unit work? Sure. But will it provide the ability to VLAN and get deeper into the weeds if needed? I'm happy with the Ubiquiti gear that I have....and that's considered the low end of Enterprise to some people. Key thing is management. For example, easy VLAN setups or, in my case, being able to deny access based upon MAC address to certain devices on a schedule (kids and computers). Yes, you can do this with the lower end consumer grade stuff, but for just a bit more you can get something nicer. A dedicated router will also offer more protection than if you were to daisy chain your switches directly into the modem router.

As for the ports, in my setup, each switch connects to its own port on the router....instead of daisy chaining switches. Can I notice a speed or lag difference....probably not considering they are all 1G ports. But by doing this, I have bandaids built in just in case of a failure. It makes implementing VLANS easier via the router while not spending more money on managed switches. My home network is somewhere between residential and enterprise in that I VLAN on the router to keep the camera dedicated switch away from the standard data switches.

Ask me any questions that you want.....I don't know everything but I can speak from a bit of experience in planing and building out networks like this.

 

[cage771]

"Real router" is a bit of a questionable term.
You basically have two options:

1. a router with multiple LAN ports and software ability to map different networks to different LAN ports
2. use VLANs and managed switches and a router that supports VLANs

Neither option supports the cheapest options available, but I personally would rather prefer VLAN route, which gives you more freedom with network deployment.

True, my usage of "real router" is rather questionable. I was referring to something better than a standard off the shelf WiFi router. I should have worded that better.

Nothing wrong with those units for basic uses. But for me and my home network, stepping into a "more" Enterprise class router provided more options and control for just a bit more money.

BTW, your option 1 is the way I am currently setup. Cameras are on a dedicated switch and the VLANs are controlled by by the router.

BTW OP, the Ubiquiti gear is solid. I have an Edge router and use their wireless access points. It's less expensive than the "big players" in the industry and is better than the typical off the shelf stuff.

 

[Mikk36]

You don't even need VLANs, if you separate the networks directly on the router. You can just set them up as different networks (subnets) and control traffic between them with firewall rules.

 

[Edcfish]

I strongly agree that a non-consumer (entry level enterprise) set-up is well worth the extra cost for the manageability alone, and the added reliability is another big plus.
I use a pfsense box (4 NIC micro PC with pfsense installed) for my router, a 24 port dlink smart/managed switch (managed w/VLAN capabilities was a must), a UniFi AP, and a separate 8 port POE switch (it is a BVTech I picked up for under $60 and is un-managed but that is changing soon to a 16 or 24 port smart/managed POE switch....currently 7 POE IP cameras and my AP are connected...and I decided that a couple more cameras would be beneficial)..
It has all been rock solid, and once the initial learning curve during setup was done easy to add to and to maintain.

 

[saltwater]

Thanks everyone for your input, invaluable. Prior to arriving at this forum, I was tending towards the UniFi world of things except for their CCTV components. As of now, I'm settled on Blue Iris. All I have to do now is wire up my house accordingly, that won't be until early next year (2020). I still have a heap more questions regarding HTMI cables and remote monitors etc. but, I'll post those in separate threads.

 

[SouthernYankee]

Start slow and keep it simple. Just set up a BI standalone PC and hook up one or two cameras.

My first initial start was with two cameras and a very old windows 7 laptop and a POE switch. After figuring thing out, I went to a PC tower desktop, and added more cameras. I had junk cameras to start , they have since gone into the junk bin. My laptop was not on the internet so i did not worry about security.

Keep it very simple to start.

 

[cage771]

Thanks everyone for your input, invaluable. Prior to arriving at this forum, I was tending towards the UniFi world of things except for their CCTV components. As of now, I'm settled on Blue Iris. All I have to do now is wire up my house accordingly, that won't be until early next year (2020). I still have a heap more questions regarding HTMI cables and remote monitors etc. but, I'll post those in separate threads.

For HDMI cables and remote monitors, I am currently running a pretty cool active HDMI over Ethernet adapter to send A/V to the other side of a room from a Blu Ray player. Comes with an IR blaster that I don't use. At this point, I would recommend this setup for remote view client PCs.....or anywhere you need to extend HDMI. Have to look but the setup wasn't that expensive.

 

[TL1096r]

Thanks everyone for your input, invaluable. Prior to arriving at this forum, I was tending towards the UniFi world of things except for their CCTV components. As of now, I'm settled on Blue Iris. All I have to do now is wire up my house accordingly, that won't be until early next year (2020). I still have a heap more questions regarding HTMI cables and remote monitors etc. but, I'll post those in separate threads.

This can really help get you started:
Newbie Starter Guide to IP Cam System – VPN setup – Computer Hardware – Blue Iris – Dahua Cameras

Go through it and let us know what questions you have.

A HDMI cable has a 50 feet limit. If you need more you must use an extender:
https://www.amazon.com/gp/product/B007NHHLA0

You can use a HDMI splitter and mirror your Blue Iris Server. I was lucky that a few places was less than 50ft but everywhere else I needed a HDMI extender.

 

[FelixDKat]

Thanks everyone for your input, invaluable. Prior to arriving at this forum, I was tending towards the UniFi world of things except for their CCTV components. As of now, I'm settled on Blue Iris. All I have to do now is wire up my house accordingly, that won't be until early next year (2020). I still have a heap more questions regarding HTMI cables and remote monitors etc. but, I'll post those in separate threads.

CONDUIT.... run conduit. things change and if you have run conduit you can easily change if things change in the future .... this was advice from a electrical engineer friend 35 years ago. back when networks were all BNC connectors on coax cable... prophetic at the time.

 

[iseeker]

"Real router" is a bit of a questionable term.
You basically have two options:

1. a router with multiple LAN ports and software ability to map different networks to different LAN ports
2. use VLANs and managed switches and a router that supports VLANs

Neither option supports the cheapest options available, but I personally would rather prefer VLAN route, which gives you more freedom with network deployment.

If you like nice user interfaces and easy setup, then one option is to go Ubiquity Unifi line.
Unifi Security Gateway is not a requirement, if you already have a router that can handle VLANs.
Cloud Key is not required, if you can run the Unifi Controller software on another computer somewhere (it's free to run on your own hardware, you only pay for the devices). It's also not required to keep it running all the time, you can shut it down after setup.

Do you know if the rt2600ac router from synology supports vlan? I have a ubiquiti us-16-150w switch