Links to new set-up from scratch?

[TomHo]

Morning all,

Looks like a wealth of information here on this forum, so hoping to get some guidance as to a good set-up. I've just finished a 2nd storey addition to our house. We live in a pretty safe area - been there for 11 years and no issue despite our rear detached garage opening on to a sportsfield. Wife has even left the door open for a whole weekend without issue. Neighbours generally leave their rear door unlocked at all times.

However, got a fair few things in the garage (tools, bikes etc) and feel the need for some better monitoring / deterrence. When I got the 2nd storey done I got some Cat6 cable run for POE cameras. I've got one cable near the back (which I need to dig a trench with new power supply for the garage as it's shorted somewhere in the backyard), which I was going to run 2 cameras from (one pointing to lane way and one inside garage). Then I think there's at least another 3 cables in the roof. All cables end up in an area under the stairs. Originally I was looking at a off the shelf NVR system, however after spending time searching it appears that a security type PC with BI would be a better and more fun solution.

So currently I have pretty much nothing. I've bought (but not yet installed) a new wi-fi set-up with TP Link Omada stuff - router, 2 x wi-fi 6 POE access points (upstairs / downstairs), a few switches. Plenty of info here on cameras - great wiki pages. Also seen the wiki on PC's, so can get a I7 6700 for $200. But then starting to get in to some detail about dual NIC vs other options (VPN's). In my mind I was just going to buy the PC and a switch for the cameras. Then plug the PC into the TP Link router. But then I started reading about the dual NIC etc and was not sure whether this was relevant. Probably also as well I will need to add a wireless doorbell camera - unlikely to be able to run a cat6 cable to this one, but then the security PC won't have wireless as this is on the normal network.

Can you point me to some good threads about a set-up from scratch or relevant network schematic?

Cheers,

Tom

 

[wittaj]

Welcome,

The wiki is a little dated on computers and cameras. It would be best to purchase an i5-8500 or newer so that you can update to Win11 if/when needed. A 6th gen cannot not.

See this thread for the latest camera recommendations.

Cameras connected to Wifi routers (whether the camera is wifi or wired) are problematic for surveillance cameras because they are always streaming and passing data. And the data demands go up with motion and then you lose signal. A lost packet and it has to resend. It can bring the whole network down if trying to send cameras through a wifi router. At the very least it can slow down your entire system.

Unlike Netflix and other streaming services that buffer a movie, these cameras do not buffer up part of the video, so drop outs are frequent, especially once you start adding distance. You would be amazed how much streaming services buffer - don't believe me, start watching something and unplug your router and watch how much longer you can watch NetFlix before it freezes - mine goes 45 seconds. Now do the same with a camera connected to a router and it is fairly instantaneous (within the latency of the stream itself)...

The same issue applies even with the hard-wired cameras trying to send all this non-buffer video stream through a router. Most consumer grade wifi routers are not designed to pass the constant video stream data of cameras, and since they do not buffer, you get these issues. The consumer routers are just not designed for this kind of traffic, even a GB speed router.

So the more cameras you add, the bigger the potential for issues.

Plus you want to prevent the cameras from phoning home. Too many backdoor vulnerabilities where someone can get into your camera, not to watch your video feed, but to use your ISP as a DDoS BOT attack or to get into your other computers to find banking info.

Dual NIC is the easiest and cheapest way to do this. For less than $20 you can add another NIC to the computer and put all the cameras on that NIC and then the internet on the other NIC.

Or a VLAN switch, but that takes some programming and what not.

 

[samplenhold]

Here are a few Network maps that use unmanaged switches.

This one is probably what most new folks are running, but it does not isolate the cams from the internet.


This one will isolate the cams from the internet by using a second NIC in your BI server. This is typically what most home modem/router combinations are from an ISP.


This one is the same as the one above, but contains a WIFI access point to include cams if you REALLY need a WIFI cam, like your doorbell cam.


This one is similar to the second one but has a switch hung off of the IPS provided gear.


Finally this one incorporates a separate VPN capable router.


Now you really do not need a doorbell cam if you already have a doorbell. Just mount a cam or two at your front door. I have six covering my front door from different angles. But some would say it is overkill and I am obsessed. But I just say I am dedicated.

Four around the door.


One facing back towards door.


And one across the porch.

 

[TomHo]

Excellent thanks, appreciate the replies. In the TP Link set-up I have an ER605 router, with two POE access points for wifi. Router is obviously then connected to internet box via ethernet cable. Assuming the internet box works like another pass through router, as you plug it in, the lights flash, gradually then you get more lights turning solid to establish the connection. All user configuration is held in my current combinet wifi / router (a Fritzbox). So assuming that means I am more like the last diagram with a VPN capable router with my new set-up?

 

[TomHo]

And sorry - just to be clear - plugged into the TPLink router are the two WAP, the connection from the BI computer and a switch for everything else (NAS, TV, Yamaha). The cameras would then be plugged into another switch plugged into the security PC.

 

[saltwater]

I'm more interested in your TP-Link Omada system. I'm in the Ubiquity eco-system but from all my research on Omada, the software and hardware setup is similar to the Unifi way. I'm researching Omada because I'm setting up a system for my daughter and the Omada is more attractively priced.

With your Omada you will be able to create a VLAN and segregate your cameras. It will require some reading if you haven't done it before, but when you've got the basics it's straightforward.

EDIT: If you prefer the dual NIC method, there is nothing wrong with that.

 

[samplenhold]

The path from the cameras to the BI PC must not pass through a router. That will degrade the performance. There is no reason to pass the video through the router.

 

[TomHo]

Yes, I decided on going with TP-Link as with the OC hardware controller and TP-Link switches / WAP I should be able to get good visibility of everything on the network. I am expecting some pain in getting it up and running, but the good news is that I can run my existing set-up until I have the time to play around.

 

[Ri22o]

This is my network map. I have 3 ethernet connections at my BI PC; a dual NIC and the onboard connection. One port on the dual NIC connects to my regular network for internet access and the other is set for the IP cam subnet. This segregates the cameras via hardware from being able to reach the internet. The onboard connection runs to a small POE switch on the Dahua .1.XX subnet just to make it easier to work on new cameras without needing to switch things around.