Help setting up a managed poe switch

[camarolt1guy]

I am slowly changing from BNC DVR system to a POE IP camera system with the end goal of running it off a pc and blue iris but at the moment i have a 16ch Dahua NVR.
The networking part gets somewhat confusing so I'm hoping someone can point me in the right direction. i've read about Vlans and dual nic cards and various ways to do it but i get lost in the subnets, gateways and all that talk.

Here's what i currently have.
Cable Modem then it goes to a asus rt-ax11000 on 192.168.50.1. gateway is 192.168.50.1 then a wired backhaul to a asus rt-68p in access point mode. The switch is a Trendnet TPE-2840ws running the latest firmware and its currently on a LAN port of the AX-11000 with a static ip from the router, but it can do DHCP if needed, vlan and all that stuff. its original ip was 192.168.10.200. I dont know if i should change it back or leave it alone. the DHCP is currently enabled but nothing is hooked up to it and its not powered on until i can learn some more about how it works.

Anyway
The only cameras that are currently hooked up to the NVR are Reolink doorbells. They are wireless at the moment but have the lines for POE when its ready. I need to permanently mount the POE switch still but want to get it all figured out before i do. I also have 4 lorex E841ca cameras that i have been messing with, mainly just to help me get familiar with all this.
My problem is the switch doesn't have many how to or youtube videos i can follow along with. it does have a emulator site that shows what it can do here

https://www.trendnet.com/emulators/TPE-2840WS_v2.5R/index.html

.

I would like to just add the switch to the current network like it is but dont know the best way to go about that without changing the wrong setting or bottlenecking the router. right now it just has a line from the router to the switch and it works fine but theres also nothing on it right now. The switch can do layer 3 switching for vlans but i have no idea on how i set up all that lol. Ive found some youtube videos on that but everything else kinda gets me lost. This switch will be used mostly for security cameras but might get other devices in the future.
Sorry for the long post and thanks for any and all help, its greatly appreciated

 

[Lawrence_SoCal]

I love my VLAN setup at home. but I've working in IT Infrastructure departments at large, international companies for decades.
If subnets, gateways, etc is confusing... either commit to becoming MUCH more network tech savvy, or just skip the VLANs. I won't do without them, but I know my way around all of the networking

And, apologies as I'm new here, and not familiar with that NVR.
I thought it was relatively common to have the NVR connected to your LAN (subnet A... or you main/home network, 192.168.50.x network, )

• I'm assuming a likely /24 so 192.168.10.x is a separate network (vs super-netting where .50.x & .10.x could be same network... but often not with consumer gear.
• And that NVR, is it PoE? from a simplicity standpoint, a PoE NVR makes sense, as then you can plug PoE cameras straight into NVR.
• And then, if NVR is any good, you could have cameras on separate IP address space (network) ... assuming watching video from NVR, not connecting direct to camera, NVR isn't routing traffic... it is simply dual-homed. The complication is when you do need to IP connect direct to camera (but there are ways to deal with this)

If NVR isn't PoE, and you can't return/replace it, such that you want/need to make due with the gear you have...
1. I wouldn't use TrendNET (or TP-link, etc)... way too much experience over the decades... for those flaky, unsupported, PoS devices ... but that's me
2. That Trendnet TPE-2840ws is a (simple, web only) managed switch (if I caught that correctly)
For security reasons, I'd much prefer cameras to NOT have Internet access (same for mfg branded NVR, but that may conflict with your desired usage pattern).
The question is whether the NVR has 1 or more Ethernet ports. If the NVR supports a local LAN connection and a separate network connection for cameras, then cameras can be on separate VLAN/network. But, you'll have to be careful of bandwidth depending on # of cameras (presuming a single 1GbE/1000T connection from PoE switch camera VLAN to NVR) and bandwidth from each camera
How many cameras do you have now, and have planned? and any of them 4K color?

You won't 'bottleneck the router', but you could easily prevent traffic from getting to it and out to the Internet

Personally (with my networking background),

• I'd get a better firewall, but you could keep the rt-ax11000? and move all client connections to TrendNET managed switch
• Yes, I'd log into TrendNET document/backup up its config, then do a factory reset on it.

I would change it a static IP address, probably KISS by using 192.168.50.2 (presuming no conflict with that IP being statically assigned elsewhere)
- Then move RT-68p in AP mode to port on managed switch (TPE-2840ws)
Personally, I have a handful on VLANs on my wireless AP (enterprise class switch and AP from a different mfg) and then set up security (ACL) rules accordingly
This gets messy when dealing with stupid 'smart' devices programmed for lowest common denominator of flat home network... Ex Roku, Sonos, Apple, etc all 'break' when on separate network, which I then configured network devices, and ACLs to work-around... but messy, and probably not within typical unsophisticated consumer ability... doable with patience and attention to detail, but can get tricky quickly

So, bottom line... typical home flat network is insecure... and there is good reason to NOT trust certain vendors/mfg from a security standpoint.. but you have to balance your risk tolerance... vs interest/ability to manage/maintain a more secure (complex) setup

 

[TonyR]

....but I've working in IT Infrastructure departments at large, international companies for decades.
....but I know my way around all of the networking
.... way too much experience over the decades...
......Personally (with my networking background),

 

[Teken]

 

[MTL4]

I am slowly changing from BNC DVR system to a POE IP camera system with the end goal of running it off a pc and blue iris but at the moment i have a 16ch Dahua NVR.
The networking part gets somewhat confusing so I'm hoping someone can point me in the right direction. i've read about Vlans and dual nic cards and various ways to do it but i get lost in the subnets, gateways and all that talk.

Not sure if you already got this sorted out but unless you're really good at netowrking then VLANs are far more complicated than you likely need. Yes VLANs are powerful but most folks just need something easy to setup. The dual NIC setup on your Blue Iris PC (in bold below) is MUCH simpler and ensures the cameras can't call home at all while still allowing you to do all the maintenance on them.

Simple flow chart: cameras > POE switch > expansion NIC > Blue Iris PC > onboard NIC > router > modem/internet