Commercial Location PoE Installation - Ethernet Switch

Movick711 · Sep 26, 2017

Hello all,

I am installing an 8 camera 1080p PoE system at a commercial property; all Cat6 home runs. The property has a small network which includes a rack mountable Ethernet switch. Currently the property owner has multiple devices coming out of the switch including the dedicated router for the PoE system.

This set-up has 2 routers total: the one feeding the Ethernet switch from the cable modem and the one coming out of the switch, which will be dedicated to the PoE.

Will having 2 routers as described above present dynamic IP address issues over time? If so, does anyone have a suggestion to supply the current Ethernet switch and the PoE router to preclude conflicts / IP change issues?

Thanks a mil in advance!!

Mov

Mike A. · Sep 26, 2017

Is the POE device a router or a switch? The latter would be more common.

In either case, it shouldn't cause conflicts if you set it up right. How you do that will depend on exactly what you want to do and how it's set up. Assuming that it's a switch, then you probably won't have to deal with IP assignment on it other than making sure that the switch isn't also acting as a DHCP server (unless you want it to for some reason). Assuming that it's a router, you could do anything from simply bridging it to setting up a completely separate routed network. Neither will present a problem in and of itself.

Movick711 · Sep 26, 2017

Mike,

Thanks for answering. I am still a bit unclear however.

"Is the POE device a router or a switch?"

I'm not sure if that is a rhetorical question or not. To clarify if you were asking me: The PoE consists of an NVR, hard-wired cameras, a mouse and monitor for the NVR and a router to permit remove viewing of the property on PC or mobile.

How may I ask would I determine whether the system is used as a DHCP?

Are there any strings addressing properly setting up a situation such as this?

Thanks!

Mov

Mike A. · Sep 26, 2017

Sorry, I misread what you were saying earlier. Doesn't change the end result though.

So you have:

Internet - Cable Modem - Main Router - Switch - Router for POE - POE Switch - Devices?

If so, then you can assign addresses in a variety of ways that won't conflict.

You could, for example, make the main router operate with a 192.168.1.x internal range and the second with a 192.168.0.x internal range with addresses assigned/set for either independently. You'd need to take care of the routing between the two networks and there can be various complications from having the second router double-NATted, but the addressing itself will be OK.

You also could just bridge across the second router but I'm assuming that it's there for a reason in order to segregate the POE network, so you wouldn't want to do that in that case.

c hris527 · Sep 26, 2017

Movick711 said:
Hello all,

I am installing an 8 camera 1080p PoE system at a commercial property; all Cat6 home runs. The property has a small network which includes a rack mountable Ethernet switch. Currently the property owner has multiple devices coming out of the switch including the dedicated router for the PoE system.

This set-up has 2 routers total: the one feeding the Ethernet switch from the cable modem and the one coming out of the switch, which will be dedicated to the PoE.

Will having 2 routers as described above present dynamic IP address issues over time? If so, does anyone have a suggestion to supply the current Ethernet switch and the PoE router to preclude conflicts / IP change issues?

Thanks a mil in advance!!

Mov

What kind of NVR are you using? Some NVR already contain POE and act as a router for the traffic from the cams. Any idea of your hardware yet? Are you sure they are both routers? I looked at your diagram, If your NVR is powering the cams and doing the routing than just plug it into the switch and get rid of the second router or switch, you do not need it. How is the owner going to view the cams? If he wants to see it on his local lan than your NVR needs to be on the same subnet with his computers.

Mike A. · Sep 26, 2017

Movick711 said:
Dropbox - dia2.jpg

OK. That was what I thought that you were saying. To answer your specific question, no, that won't necessarily present problems with dynamic addressing in and of itself. As I said, you'll have what are effectively separate private networks behind each of the routers. Each will do its own NAT with whatever address space you assign (both dynamic and static). The NVR also can assign addresses to the cams using whatever address space you assign to be used. Really depends on how you want it to work. The second router does complicate things since you'll need to set up the routing in order to get traffic through it to the NVR and/or restrict things however you want. As chris says above, if you can do away with that then it would make it more simple but I don't know whether there's some specific reason for it (e.g., to segregate the entire POE network).

Movick711 · Sep 26, 2017

"I don't know whether there's some specific reason for it (e.g., to segregate the entire POE network)."

I personally have no reason for it per se; the customer had a low-end wireless system going to the "2nd router" when he called me. I moved him into a PoE system as it better suits his application. I've not yet installed a PoE system to a network like this; I've always used a dedicated router for the purpose of remote viewing.

Now that I think about it, the "second router" may indeed be unnecessary. Will I need to do any configuring after I plug into the switch / the existing network?

By the way - thanks guys for enlightening me - tremendously appreciated!!

c hris527 · Sep 26, 2017

If the first router is feeding the switch, than the ONLY function of the second router is to give the NVR a different segement? and If you are here asking if this is OK to do then you will be in for peril trying to get the second router to work...You are wasting your time doing it like that. Hope this helps.

Movick711 · Sep 26, 2017

Peril? Wow...point taken! I will reaffirm the network configuration when I return there in a couple of days to final measure. Heeding your advice and plugging into said E. switch, need I do any configuration such as DHCP IP address reservation, etc?

Mike A. · Sep 26, 2017

Movick711 said:
Peril? Wow...point taken! I will reaffirm the network configuration when I return there in a couple of days to final measure. Heeding your advice and plugging into said E. switch, need I do any configuration such as DHCP IP address reservation, etc?

If the second router isn't necessary for some specific purpose related to the camera system then just go straight to the switch with the NVR. You'll probably want to set up a static address for it and/or reserve it in the first router. If address assignment/translation for the cams is done within the NVR then you'll need to set that side of it up within the NVR. If not, then set static addresses for the cams and reserve that space.

c hris527 · Sep 26, 2017

Movick711 said:
Peril? Wow...point taken! I will reaffirm the network configuration when I return there in a couple of days to final measure. Heeding your advice and plugging into said E. switch, need I do any configuration such as DHCP IP address reservation, etc?

Best I can figure, by default the Lorax NVR should be plug and play on the camera side of it, it should do all of your networking for you or with little configuration. The only thing you will have to do is set the management port on the NVR and I think it is set up as a DHCP client so it should pick up a IP address from your router, once it does, their should be a check box to make it static. I have not used lorax products but most of those systems are pretty easy to set up. Some advise, IF your client is planning on doing any remote viewing, then make sure its locked down with a VPN. Their is a LOT of good reading on security here on the form.

Movick711 · Sep 26, 2017

Why the VPN?

c hris527 · Sep 26, 2017

Movick711 said:
Why the VPN?

VPN Primer for Noobs
Please read To Port Forward or Not To Port Forward?

Good info here, I think the Flir secure app needs port forwarding.

Movick711 · Sep 27, 2017

Having done some research, I am wondering if a second router might be a solution after all; however NOT back into the network through the switch. The VPN primer post you'd linked made some very good points about the importance of network security. As such I don't think it wise in this instance to link the NVR system to the client's network through the switch.

What about a second router coming out of the 1st router (bypassing the E.switch) which is configured to be strictly VPN - setting up with a service like IPVanish? The 2nd router (VPN) would connect to the NVR for remote viewing.

I am almost certain that the client wouldn't want his entire network to be VPN due to transfer speed concerns. As well, I won't have to take responsibility for having modified his network - this set-up would be a separate entity.

Any thoughts are appreciated.

Also, I don't believe the Flir app requires port forwarding - at least according to the documentation.

suddenstop · Sep 27, 2017

There's a lot of really good help and info in this thread. What are the capabilities of the routers that you have? What are the makes and models? I tried the dropbox link but it did not work for me.

If it was me, and I have configured networks for many years - what you described plugging the second router into the first - sounds very reasonable. I would segment and firewall the ip cams. Note as said above it may take some learning on configuration to get it to work right.

If the first router is capable, plugging directly into that is a good bet.

Note that you are plugging the cams into the dvr, and then connecting the dvr to the network - so it's really not so bad to have the dvr into the switch. It's not like folks on the client network can see the cams.

There's multiple options that will work, and it's not a case of better or worse, just a question of what you want to do. There may also be a value to you of touching the existing stuff as little as possible, and that could factor in as well.

c hris527 · Sep 27, 2017

QUOTE:
Also, I don't believe the Flir app requires port forwarding - at least according to the documentation.

Lorax Flir: Lorex Easy Connect is a software application that automates port forwarding, turning a
formerly complicated process into something you can do in a few easy steps. This allows you to quickly and easily setup your Lorex system for remote viewing, so you can view live video from your security cameras from any PC, smart phone, or tablet from anywhere in the world!

LINK:Easy Connect Wizard - Auto Port Forwarding your Router | Lorex

Mike A. · Sep 27, 2017

Movick711 said:
What about a second router coming out of the 1st router (bypassing the E.switch) which is configured to be strictly VPN - setting up with a service like IPVanish? The 2nd router (VPN) would connect to the NVR for remote viewing...

That's not the type of VPN that you need in this case. It's intended for outward-looking use to encrypt traffic and to obscure origin FROM the network/devices through their servers to elsewhere on the Internet.

You'd want to set up a VPN server of your own, usually on the main router/firewall, to provide protected access and encryption for INCOMING traffic to the network.

Search

Commercial Location PoE Installation - Ethernet Switch

Movick711

n3wb

Mike A.

Known around here

Movick711

n3wb

Mike A.

Known around here

c hris527

Known around here

Mike A.

Known around here

Movick711

n3wb

c hris527

Known around here

Movick711

n3wb

Mike A.

Known around here

c hris527

Known around here

Movick711

n3wb

c hris527

Known around here

Movick711

n3wb

suddenstop

Getting the hang of it

c hris527

Known around here

Mike A.

Known around here