Ah. Making headway. All IP cameras on their own subnet/VLAN along with Blue Iris server. Able to still use UI3 through subnets.

reflection · May 14, 2020

ACLs are good and they will provide stateless protection. Make sure you also include ports/protocols in your ACLs. i.e. only allow RTSP (TCP/UDP port 554) from your camera to BI (assuming you are using RTSP). Block everything else from camera to BI. If your camera is pulling time from NTP, then let it do that (useful if your camera overlays the time in the video). Preferably you have a local NTP server that the camera can reach and you can lock down (as oppose to an NTP on the internet).

Personally I use a stateful firewall in front of BI just because it's super easy (the way I have things set up). Prevents any spoofing of RTSP. I just noticed today that BI "calls home". Probably to check for updates or verify the license. I'll try blocking that to see if anything breaks. Just want the minimal needed ports for it to work.

AP514 · May 15, 2020

Hammerhead786 said:
Check out the attached pdf of my set up. It may give you some guidance. Feel free to ask me any questions and provide the configuration of your network including the models of each device you are using.

Good info in that PDF..Just did a quick look.
I also have a L3 Switch GS728TPPv2 I sniped off Ebay for $53. Here is the thread on it...Got this POE+ Switch-Want to Test- Ideas

sdkid · May 16, 2020

Hammerhead786 said:
If your managed switch is a layer 3 switch, you can set up inter-vlan routing. I have a Procurve 26260 set up with 3 vlans. Cams on one vlan, BI pc on another and home network on the third. An access list prevents the cams talking to anything other than the BI pc. BI pc can access the internet and I can access the cams remotely using Openvpn. Home network can't access the cams directly, but can access the BI pc.

like this one for $40?

HP ProCurve (J9624A#ABA) Rack-Mountable Ethernet Switch for sale online | eBay

Find many great new & used options and get the best deals for HP ProCurve (J9624A#ABA) Rack-Mountable Ethernet Switch at the best online prices at eBay! Free shipping for many products!

www.ebay.com

EDIT:
Question: is it LOUD??

I am going to run out of POE ports, so I am looking at replacing the old switch I have been using. Researching this is aggravating!! :/ I looked up specs on the j9624a, and it seems to be pretty efficient for power usage-- just wondering about fan noise.

Hammerhead786 · May 16, 2020

sdkid said:
like this one for $40?

HP ProCurve (J9624A#ABA) Rack-Mountable Ethernet Switch for sale online | eBay

Find many great new & used options and get the best deals for HP ProCurve (J9624A#ABA) Rack-Mountable Ethernet Switch at the best online prices at eBay! Free shipping for many products!

www.ebay.com

EDIT:
Question: is it LOUD??

I am going to run out of POE ports, so I am looking at replacing the old switch I have been using. Researching this is aggravating!! :/ I looked up specs on the j9624a, and it seems to be pretty efficient for power usage-- just wondering about fan noise.

Yes that's the exact one. I have it in the laundry room and with the door closed I don't hear it. My laundry room is right next to the kitchen and dining area. I do not find it to be loud and I particularly am sensitive to noises. Don't forget hat this has 12 PoE ports, the other 12 are not PoE.

sdkid · May 16, 2020

Hammerhead786 said:
Yes that's the exact one. I have it in the laundry room and with the door closed I don't hear it. My laundry room is right next to the kitchen and dining area. I do not find it to be loud and I particularly am sensitive to noises. Don't forget hat this has 12 PoE ports, the other 12 are not PoE.

So-- I get why these older Cisco and HP switches are popping up for so cheap-- they are only 10/100 switches in a world that wants gigabit. So--- is the lack of gigabit ports that big of a deal? Does a home camera system of 8 or 10 or so cams face data bottlenecks using 10/100 ports? (EDIT-- going to a BI server)

Hammerhead786 · May 16, 2020

sdkid said:
So-- I get why these older Cisco and HP switches are popping up for so cheap-- they are only 10/100 switches in a world that wants gigabit. So--- is the lack of gigabit ports that big of a deal? Does a home camera system of 8 or 10 or so cams face data bottlenecks using 10/100 ports? (EDIT-- going to a BI server)

The 10/100 Mbps isn't going to be an issue. The 2620 has 2 x gigabit uplink ports so if you're going to connect the switch to your router, use those ports. The cams will be fine on the 10/100 ports.

sdkid · May 16, 2020

Hammerhead786 said:
The 10/100 Mbps isn't going to be an issue. The 2620 has 2 x gigabit uplink ports so if you're going to connect the switch to your router, use those ports. The cams will be fine on the 10/100 ports.

Yeah---- I went ahead and spent $42 on that switch.

I may try to emulate what so many here are doing with VLANS. Right now, I am doing port forwarding--- though it is redirected. I have some random ports redirected by my dd-wrt netgear router to the specific IP's and ports of 3 internal devices. Will use VPN instead and set up my cams on a separate VLAN. This forum + COVID19 downtime is causing me to learn things and spend money..... LOL I want to rewire my whole house with new network cable. Gahhhhh--- where does it end???

Hammerhead786 · May 16, 2020

sdkid said:
Yeah---- I went ahead and spent $42 on that switch. I may try to emulate what so many here are doing with VLANS. Right now, I am doing port forwarding--- though it is redirected. I have some random ports redirected by my dd-wrt netgear router to the specific IP's and ports of 3 internal devices. Will use VPN instead and set up my cams on a separate VLAN. This forum + COVID19 downtime is causing me to learn things and spend money..... LOL I want to rewire my whole house with new network cable. Gahhhhh--- where does it end???

Update the OS on the switch to the latest. You can get it from here: My Networking | HPE® Official Site. It was last updated June 2018. Unlike Cisco, HP aren't charging for the updates.

I actually prefer Cisco gear, but in this case I....

a) bought the switch used without lining the pockets of HP - I will not purchase anything new from HP for the shitty way they treated me.
b) got it for a bargain basement price
c) updated the OS for free

As long you have your routes set up correctly, everything should be straightforward.

sdkid · May 16, 2020

Hammerhead786 said:
Update the OS on the switch to the latest. You can get it from here: My Networking | HPE® Official Site. It was last updated June 2018. Unlike Cisco, HP aren't charging for the updates.

I actually prefer Cisco gear, but in this case I....
...

I should have it in a week to 10 days or so.

I was strongly considering the Cisco 2960 24 port poe, but they use about double the power just at standby, and others have said the fans are loud-- thus my cooling question. For about $40, the only way it could be a bad deal is if it is DOA. It will probably run for many years with nothing needed after setup. All those ports make me want to pull a bunch of cables into my attic to send all over the house!! I built in '99, and did some minimal runs to some rooms, but I had no idea how many more network lines I would want. I really prefer wired over wifi wherever I can-- so I will probably get some runs going to where I have TV's at a minimum. Such a pain now compared to when all the studs were open!

Holbs · May 16, 2020

I ran a Adtran 24 port 10/100 POE switch (i think it was a 7200 series so it was actually a router, voip phone system, voicemail, and 24 port poe switch in one) before I acquired this Ubiquiti 48 port POE switch. Served it's purpose for a long time til I donated it to someone here on IPCT

Slugger · Jun 11, 2020

Holbs said:
I ran a Adtran 24 port 10/100 POE switch (i think it was a 7200 series so it was actually a router, voip phone system, voicemail, and 24 port poe switch in one) before I acquired this Ubiquiti 48 port POE switch. Served it's purpose for a long time til I donated it to someone here on IPCT

I am trying to make the decision between a used enterprise 48 port switch like the Cisco 3560x OR something pro-consumer like the Ubiquity US-48 PoE. Or I might go with the Ubiquity US-24 PoE and another cheap PoE switch dedicated to my IPcams.

Since you have had both enterprise and Ubiquity what are you thoughts? When you switched to Ubiquity what was the driving factor? Are you much happier?

For reference and info about me I have a recent intro post. Feel free to answer there: Old Telecom guy here... Care to help me choose gear?

SouthernYankee · Jun 11, 2020

I use multiple small switched. If all your cameras are on a single switch and it fails you are in big trouble. I try to design in reliability in the network

Search

Search

Ah. Making headway. All IP cameras on their own subnet/VLAN along with Blue Iris server. Able to still use UI3 through subnets.

reflection

Getting comfortable

AP514

Pulling my weight

sdkid

HP ProCurve (J9624A#ABA) Rack-Mountable Ethernet Switch for sale online | eBay

Hammerhead786

Pulling my weight

HP ProCurve (J9624A#ABA) Rack-Mountable Ethernet Switch for sale online | eBay

sdkid

Hammerhead786

Pulling my weight

sdkid

Hammerhead786

Pulling my weight

sdkid

Holbs

Slugger

Getting the hang of it

SouthernYankee