What would be a good 4k poe camera?

danieldbird · Mar 20, 2019

Thanks guys, all sorted. So I'm going to set up my previous i7 PC to be the blue iris server. To separate it from my main network, so the camera data does not clog bandwidth on the regular lan.

Do I need a managed switch and a vlan?

Long story short I want to separate video traffic from family traffic / Netflix etc.

Getting a bit confused, any resources, insight or notes would be greatly appreciated.

Thanks a lot guys, this site has been really helpful and informative.

IAmATeaf · Mar 20, 2019

What I'm planning on doing is adding an extra LAN card to my BI server so 1 card connected to my home network, the other to the POE switch with the cams. This will allow you to have 2 separate networks being bridged by the BI server. You then don't set a default gateway on the cams connected to the POE switch which will mean that they won't be able to access your home network and vice versa.

Having said all the above both my main home network switch and the POE switch I've purchased are managed but that was more by chance, got them second hand at a good price, than a requirement of mine.

Walrus · Mar 20, 2019

danieldbird said:
Thanks guys, all sorted. So I'm going to set up my previous i7 PC to be the blue iris server. To separate it from my main network, so the camera data does not clog bandwidth on the regular lan.

Do I need a managed switch and a vlan?

Long story short I want to separate video traffic from family traffic / Netflix etc.

Getting a bit confused, any resources, insight or notes would be greatly appreciated.

Thanks a lot guys, this site has been really helpful and informative.

How new is the i7 PC you are going to use? Does it have two network ports on the back already? If so, I wouldn't bother with a managed switch.

catcamstar · Mar 20, 2019

All depends on what you want to achieve with your network. I personally like to access the cams directly, so they reside in a vlan which is accessible (through selective firewalling) by specific IPs in my OpenVPN tunnel ending vlan, nothing more, nothing less. Having a second NIC to isolate the cams directly to a PC/NVR is a (physically) secure way, however you have to either run openVPN on that pc to "jumpstart" into that (physical)LAN (pLAN), or alternatively, work with (static?) port forwards on that pc to the individual web services pages of these cams. Off course, if the use case of reaching these cams is not applicable for you, then you're fine. Everybody's wish list is different, as are the possible implementation plans

Hope this helps,
CC

danieldbird · Mar 20, 2019

Walrus said:
How new is the i7 PC you are going to use? Does it have two network ports on the back already? If so, I wouldn't bother with a managed switch.

It is an i7 870, on an Asus P7H55-M mobo. Only the single network port on the back.
Edit: 4 x 2MP starlight cameras.

danieldbird · Mar 20, 2019

IAmATeaf said:
What I'm planning on doing is adding an extra LAN card to my BI server so 1 card connected to my home network, the other to the POE switch with the cams. This will allow you to have 2 separate networks being bridged by the BI server. You then don't set a default gateway on the cams connected to the POE switch which will mean that they won't be able to access your home network and vice versa.

Having said all the above both my main home network switch and the POE switch I've purchased are managed but that was more by chance, got them second hand at a good price, than a requirement of mine.

This is a new (older) home, so I am also in the process of running ethernet throughout. So will also need a switch where the home lan points terminate, so im thinking just a single 24 port managed switched will solve all of my problems and provide me the greatest flexibility. What do you think?

danieldbird · Mar 20, 2019

catcamstar said:
All depends on what you want to achieve with your network. I personally like to access the cams directly, so they reside in a vlan which is accessible (through selective firewalling) by specific IPs in my OpenVPN tunnel ending vlan, nothing more, nothing less. Having a second NIC to isolate the cams directly to a PC/NVR is a (physically) secure way, however you have to either run openVPN on that pc to "jumpstart" into that (physical)LAN (pLAN), or alternatively, work with (static?) port forwards on that pc to the individual web services pages of these cams. Off course, if the use case of reaching these cams is not applicable for you, then you're fine. Everybody's wish list is different, as are the possible implementation plans
Hope this helps,
CC

What I would like to achieve is:

I have all cam ethernet cables terminating into my server closet.
I have all the room ethernet cables terminating into my server closet.
I have an i7 pc on a server rack in the server closet.
I would like cam traffic isolated from other network traffic for speed / bandwidth (if my thinking is correct).
Access the cams remotely while away from home.
Access the cams locally either via my desktop or home tv.
Have BI server send webhooks on alerts via the internet to enable some smart home features like turning on a light etc.

Is what I am trying to achieve possible, or are some of the items mutually exclusive?

Would a single managed switch solve all my problems?

What would you guys suggest?

IAmATeaf · Mar 20, 2019

You can do that on a single managed switch using vlans but you’ll still need to route the traffic between the vlans won’t you? Unless the managed switch can also route? My managed switch can’t route so I’d need another device to route between the networks.

danieldbird · Mar 20, 2019

I am looking at this switch:
Buy the NETGEAR ProSAFE JGS516PE 16-Port Gigabit Web Managed PoE Switch with 8... ( JGS516PE-100AJS ) online - PBTech.co.nz

IAmATeaf · Mar 20, 2019

I’m not an expert but if you wanted to do it all with one switch it would need to be layer 3 switch which are bloody expensive.

danieldbird · Mar 20, 2019

Okay so i just had a look around and I found 2 spare routers.
Netcom N300 Modem / Router.
Belkin N600 Modem / Router.
Could one of these be used in some way to separate the traffic?

IAmATeaf · Mar 20, 2019

If they are just household modem/router for home broadband then I don’t think they can be used to route between different networks.

danieldbird · Mar 20, 2019

Im reading around here:
https://community.ubnt.com/t5/EdgeRouter/VLAN-or-second-router-double-NAT-need-suggestions/td-p/1954832

It looks like others are achieving what I require with firewall rules and a regular (dumb) switch.

Apologies, this is not my area of expertise.

Ford · Mar 21, 2019

danieldbird said:
Hey all so this specific seller and link is the lowest cost, including shipping to me.
Is there anything suspicious or worrying about buying this from AliExpress or is it legitimate?
The two identical photos of the product with and without the Dahua logo worries me somewhat. Also is the front glass missing? Or is there just no reflection from that angle.
Any advice would be greatly appreciated. Cheers.

US $140.0 |Original Dahua logo IPC HDW5231R ZE 2MP WDR IR Eyeball Network Camera 2.7mm 13.5mm lens Starlight Network Camera with micphone-in Surveillance Cameras from Security & Protection on Aliexpress.com | Alibaba Group

I order from AliExpress all the time. (I placed another order today). I have never received 'hacked', China-version, or counterfeit hardware. I have always received exactly what what was described. All hardware that has had updated firmware released have been successfully updated with the official Dahua firmware.

I always stick with ePacket when ordering through AliExpress. ePacket takes about 10-12 working days to arrive and the tracking is not super granular, but it works and is delivered right to my door (which beats DHL in my area).

My last 6 or 7 orders all came branded with the Dahua logo, even though most were advertised as coming no-logo.

I always use a credit card with strong consumer protection, but so far it has not been needed (AliExpress uses MasterPass).

I can find the models I need in stock when I need them, and I save about 15 -20% compared to sellers often mentioned in these forums.

catcamstar · Mar 21, 2019

danieldbird said:
Im reading around here:
Ubiquiti Networks Community

It looks like others are achieving what I require with firewall rules and a regular (dumb) switch.

Apologies, this is not my area of expertise.

I used to have a (well appraised) ASUS router, with OpenVPN capabilities and a little bit of vlan capability (eg for IPTV passthrough). However, it lacked an "open" firewall mechanism (the root cause of my model was a dual chipset for the wired ports, causing duality rules in vlanning).
So I've thrown over my networking setup: my WAN comes in into an Edgerouter from ubiquity (you can have one from as $50). In that, I have defined all my required vlans with gigibit uplinks to a managed switch. I could have done vlan tagging, but each vlan got its proper own untagged uplink to that switch. All cams, NVR, NAS, television, servers have their dedicated ports. And the good old ASUS? He's also on one port, serving wifi as he used to do

Could this be your ideal setup? Might be

Good luck!
CC

danieldbird · Mar 21, 2019

catcamstar said:
I used to have a (well appraised) ASUS router, with OpenVPN capabilities and a little bit of vlan capability (eg for IPTV passthrough). However, it lacked an "open" firewall mechanism (the root cause of my model was a dual chipset for the wired ports, causing duality rules in vlanning).
So I've thrown over my networking setup: my WAN comes in into an Edgerouter from ubiquity (you can have one from as $50). In that, I have defined all my required vlans with gigibit uplinks to a managed switch. I could have done vlan tagging, but each vlan got its proper own untagged uplink to that switch. All cams, NVR, NAS, television, servers have their dedicated ports. And the good old ASUS? He's also on one port, serving wifi as he used to do

Could this be your ideal setup? Might be

Good luck!
CC

I am so confused now I don't know anymore. I am thinking of just getting a second NIC card and doing it that way. I tried to set up a subnet by plugging a router into my primary router, but couldn't get it to work.
My modem / router has a really unintuitive ui. And now im deterred by it and just want a simpler solution. I will try to replicate the attached image minus the extra router on the BI side.

IAmATeaf · Mar 21, 2019

danieldbird said:
Im reading around here:
Ubiquiti Networks Community

It looks like others are achieving what I require with firewall rules and a regular (dumb) switch.

Apologies, this is not my area of expertise.

The way they are achieving routing is that the ERLITE-3 is a dedicated router, so each port on that device connects to a separate network and the device performs the configured routing.

IAmATeaf · Mar 21, 2019

In terms of the diagram, I’m not too sure what function the extra router on the cam side performs except maybe access to the cams direct via a WiFi access point on that router?

Looking at the rest of the diagram, everything remote accesses the BI server via VPN?

catcamstar · Mar 21, 2019

IAmATeaf said:
In terms of the diagram, I’m not too sure what function the extra router on the cam side performs except maybe access to the cams direct via a WiFi access point on that router?

Looking at the rest of the diagram, everything remote accesses the BI server via VPN?

I suspect that they use that secondary router for DHCP (for cams?) and wifi access (who uses wifi cams anyhow). To me, having to acquire and maintain 2 routers, plus that managed switch without having any (VPN-)direct access to the cams, makes this design not very practical. At least dump the second router, make everything on fixed IPs, and have your BI pc "route" between your home-LAN (and VPN accessible network). But do take into account you are fully dependant on the BI pc: your cams cannot send out emails (eg on video blind) or push notifications (eg IVS push notifications towards your cell phone on Dahua systems) - you'll have to do that in BI and BI only.

@danielbird: there is no ideal/optimal network solution. With that BI pc in the middle, you are already 90% more secure than the average IP camera-user. So no worries there. But if you want to have additional granularity in your network, vlans is the next step, additional firewalls (pfsense to name one), and you are entering the enterprise grade of networking technology. They do carry a certain cost, but also learning curve. All depending on what YOU want / can do / willing to do.

Hope this helps!
CC

IAmATeaf · Mar 21, 2019

Plus a 2nd lan card is so much cheaper even it turns out that there are additional things that you need not much money lost with the purchase.

Also if you are having all the wiring terminate to a closet with a patch panel then that leaves you free to swap and change as and when as all you'd need to do is re-patch if and when you decide that you need additional hardware.

What would be a good 4k poe camera?

n3wb

Known around here

Getting comfortable

Known around here

n3wb

n3wb

n3wb

Known around here

n3wb

Known around here

n3wb

Known around here

n3wb

Getting the hang of it

Known around here

n3wb

Attachments

Known around here

Known around here

Known around here

Known around here