FNG looking for some network advice

jgarc091

n3wb
Joined
Nov 28, 2017
Messages
8
Reaction score
10
Hello everyone, I'm coming out of the shadows and asking for some network setup advice. I have been reading the forum on and off since last year when I almost bought a camera system at BJ's. I found this forum before making a purchase and have done tons of research ever since. Thanks to the wealth of information found here, I have purchased a pc from ebay to run Blue Iris, 6x Dahua starlights from Andy, an Asus router to run OpenVPN, 16-port PoE Switch, 1000' of Cat6 from monoprice, RJ45 connectors, crimpers, etc..

I found a great website (www.draw.io) to create a diagram of my network as it is currently running and also what is planned. Instead of writing a lengthy explanation, I hope I have included enough info on the diagram to show what I would like to do. I will continue to update it as the network evolves and think it will serve as a great reference for future troubleshooting and hopefully will help someone else in their own network setup. I welcome critiques to the diagram; if something is drawn incorrectly or doesn't make sense, please let me know.

Before connecting and setting up the cameras, I would like to know that I am setting up my network correctly and making it secure. My goals are as follows:
1. Use the Unifi AP as the only wireless access point in the house. It is currently setup and working. Wireless on the Pace and Asus are turned off.
2. Setup the PC to run Blue Iris, record full time and receive alerts to phone.
3. Setup OpenVPN on Asus to view video.

Does my network setup look correct? I drew a dotted line around the pc and cameras to indicate that they need to be secured but this is where I get confused. Is setting up the vpn sufficient or do I need to look into a VLAN?

Would it be better to connect Envisalink and Unifi AP directly to the Asus and thus only use the switch for the PC and cameras?

Thanks in advance for any help!

Home Network 06232018.jpg
 

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
13,668
Reaction score
22,771
Welcome @jgarc091

Congratulations, it is looking good.

I concur w/ GaryFunk - separate subnet would be good.
 

jgarc091

n3wb
Joined
Nov 28, 2017
Messages
8
Reaction score
10
@mat200 @GaryFunk Thanks for your replies.

I have done a lot more reading but unfortunately I just can't figure out how to setup a separate subnet on the Asus. I thought I would be able to manually set the IP address but I can only set one range of lan ip which right now is 192.168.2.2 to 254. Do I need to move Envisalink and Unifi AP to Pace LAN ports and leave PC and cameras alone on the switch? The Netgear managed switch has VLAN capability in which case I could just leave the ip addresses the way they are and assign them to separate VLANS correct?

Can anyone prod me in the direction?
 

GaryFunk

Getting the hang of it
Joined
Jun 6, 2018
Messages
51
Reaction score
49
Location
Denver, Colorado
@mat200 @GaryFunk Thanks for your replies.

I have done a lot more reading but unfortunately I just can't figure out how to setup a separate subnet on the Asus. I thought I would be able to manually set the IP address but I can only set one range of lan ip which right now is 192.168.2.2 to 254. Do I need to move Envisalink and Unifi AP to Pace LAN ports and leave PC and cameras alone on the switch? The Netgear managed switch has VLAN capability in which case I could just leave the ip addresses the way they are and assign them to separate VLANS correct?

Can anyone prod me in the direction?
The easiest way is to set up a separate router using 192.168.3.x then set it to connect to 192.168.2.1. That keeps all your cameras and video recorder on 192 168.3.x and allows you to connect to the server which will capture the feeds from the cameras.
 

jgarc091

n3wb
Joined
Nov 28, 2017
Messages
8
Reaction score
10
Ok that makes more sense. I will connect the envisalink and Unifi AP on the Pace which should put them in 192.168.1.x and the Asus which connect to switch, pc, and cameras and assign them to 192.168.2.x. Sorry if this should be basic networking knowledge but I was under the impression that the Asus could assign clients to separate subnets and route the traffic.
 

Aengus4h

Getting the hang of it
Joined
Mar 12, 2018
Messages
242
Reaction score
98
Location
UK
the router's LAN ports would all be on the same subnet unless you have vpn configured and then can assign different LAN's and IP subnets to each VPN. Not all routers can support this, no idea on the acer. Simplest way as indicated is to use 2 routers and have each manage a different subnet. Also if your switch isn't managed and vlan capable you'd need to separate any devices that belong to a different subnet onto another switch or onto the router as you suggest.

Worth dedicating the switch to the CCTV in any case so you've nothing else sapping the bandwidth it can support on the backplane, things like TV and streaming can be fairly demanding.
 

Aengus4h

Getting the hang of it
Joined
Mar 12, 2018
Messages
242
Reaction score
98
Location
UK
are you going to be including a UPS for the NVR & POE switch?

Just had a 30 min power outage here, whole area went down apparently. Luckily I've UPS's so didn't even notice other than status alerts from the UPS's. I use EoP to trunk between locations so links to cameras went out till power came back. The critical ones have local UPS and internal SD so no great worry as the NVR plays catch-up when the network comes back, as designed :)
 

jgarc091

n3wb
Joined
Nov 28, 2017
Messages
8
Reaction score
10
@Aengus4h Yes I plan to purchase a UPS for this system. Probably a cyberpower or APC active pfc unit based on good reviews here. I have also been looking into a 4U or 6U rack or cabinet to organize things but the only rack mountable equipment I have right now is the switch. Everything else would be sitting on a shelf or two.
 
Top