Network switch not allowing cams to operate at 1gbps
- Thread starter Corvus85
- Start date
Yes you can--- and your whole network will be better for it.
Look on Ebay for a used enterprise class business switch. You can buy a switch that was originally $800 to $1,200 for under $100...
here is a good one-- 10/100 with a gigabit port to your router and 12 POE ports. under $40 A gigabit version of would be under $100 and all 24 ports would be POE
HP ProCurve (J9624A#ABA) Rack-Mountable Ethernet Switch for sale online | eBay
Find many great new & used options and get the best deals for HP ProCurve (J9624A#ABA) Rack-Mountable Ethernet Switch at the best online prices at eBay! Free shipping for many products!
www.ebay.com
As an eBay Associate IPCamTalk earns from qualifying purchases.
Again, the problem is also that it's physically impossible to run CAT6 cable from that location to where the switch is directly.
fenderman
Staff member
- Mar 9, 2014
- 36,892
- 21,408
You dont need a 16 port switch, you need a 4 port poe switch to connect to the 8 port. Otherwise try using the router, for one cam it should be ok.
No, that room with the 8 port PoE switch is also where my router is. From my router, there's CAT6 running to the other side of the house, where it terminates in another 8 port gigabit switch. Connected to that switch (apart from the additional camera) is my NAS, a gaming computer, and an nVidia Shield. The cables were run when the house was built, and due to brickwork being in the way, additional cable runs between these rooms is impossible.
So as you can see, I can't meaningfully isolate that camera from the rest of the traffic on that side of the house because there's only one CAT6 cable connecting the router and the switch in that room.
It's going to require having the right network equipment.
Mainly managed switches.
I'm sure there's some detailed posts on here somewhere explaining how to do it but I'm on mobile so it's not easy to search.
Essentially you can configure your switches to treat certain ports as one network and other ports as a different network and the traffic is completely separate despite being on the same physical equipment.
That depends on how your cameras are set-up now compared to your non-camera network. Do the cameras currently have a different IP scheme/range than everything else? If cameras are on the same IP scheme as everything else, then they will need to be re-configured.
Edit: Regardless of your physical network layout. Best practice is to have the cameras on a different subnet
And if you can't do that, firewall them from reaching the internet.
I have two cameras recording on my NVR which are on the main network, not the NVRs Poe network.
My router is configured to block all but one service port to those two cameras.
The only port that is open for those cameras is 587 so they can send out email alerts.
You are preventing the camera from talking to the internet by firewalling, not the BI computer, so direct to wire in UI3 would still work...
So it turns out both my smart switches have VLAN capability (as does my router).
If I put all of my cameras (and also my BI machine I'm assuming?) on the same VLAN, how would I access it from my regular LAN?
For example, how would I remote into the server? Also how would I access UI3? What about my various camera feed integrations in Home Assistant?
If I put all of my cameras (and also my BI machine I'm assuming?) on the same VLAN, how would I access it from my regular LAN?
For example, how would I remote into the server? Also how would I access UI3? What about my various camera feed integrations in Home Assistant?
Does your bi server have two network cards?
Network card 1 is on your main network (vlan1).
Network card 2 is on your camera network (vlan 2).
You can then run camera traffic and your home network traffic over the one copper cable that runs from one side of your house to the other and they will be completely separated.
Your bi server will still be accessible as per normal via vlan 1.
Normally people can do this without using vlans but it would require running a second cable which you're unable to do.
Network card 1 is on your main network (vlan1).
Network card 2 is on your camera network (vlan 2).
You can then run camera traffic and your home network traffic over the one copper cable that runs from one side of your house to the other and they will be completely separated.
Your bi server will still be accessible as per normal via vlan 1.
Normally people can do this without using vlans but it would require running a second cable which you're unable to do.
VLANs can be hard to understand at first - or at least they don't operate how most beginners think they do. Most beginners (including myself) hear about VLANs and how the isolate and segment their network and assume the devices can never communicate between VLANs. This isn't how they work however. What really happens is that devices on a VLAN can't initiate contact with devices outside of their VLAN (unless specifically set up to do so), but they can always respond to requests from devices outside of their VLAN.
What this means is that you can isolate your cameras on their own VLAN and lock it down so they cannot initiate communication with devices outside of their camera VLAN (let's call it the CameraVLAN). However if you have the rest of your network set up on another VLAN (let's call it the MainVLAN) and you want to pull up the GUI of your BI/NVR machine (which is located in CameraVLAN) from a computer/phone/tablet/etc that is located on the MainVLAN, that won't be a problem if you have set the MainVLAN to be able to communicate with the CameraVLAN.
In that case, devices on the MainVLAN can "see" and communicate with ALL devices on the network including those on the CameraVLAN. However the devices on the CameraVLAN can only "see" the devices on the CameraVLAN and are "blind" to everything else. But just like a blind person can respond to someone speaking to them, the devices on the CameraVLAN can communicate with devices on the MainVLAN when the MainVLAN device starts the "conversation". But the devices on the CamaraVLAN are always "blind" to devices on MainVLAN, so as soon as the MainVLAN devices stops communicating with the CameraVLAN device, the CameraVLAN device doesn't even know the MainVLAN device exists anymore and can't communicate with it until something on the MainVLAN starts another conversation. Hopefully that makes sense.
In your case, as long as you set it up so that your MainVLAN can initiate communication with your CameraVLAN, all those devices you mentioned would work normally with regard to how they interact with the camera server. It would just "work". But the devices on the Camera VLAN would be isolated from the rest of your network and couldn't contact any of them or connect to the internet (assuming everything is set up correctly). This is why adding a VPN connection is the next step in the process too. So that once you have your VLANs set up, you can also set up a method to securely access your network while remote. Once connected to the VPN, you should have access to all your devices, including your cameras (assuming that is what you want and you set the VPN to access that VLAN. By default it's normal that the VPN would only allow communication with the MainVLAN, so you would need to add the CameraVLAN to the allowable connections over VPN).
This is a very basic explanation of how VLANs work (and it's probably wrong at a technical level), but it's how I began to understand it myself when I was first learning about it.
Last edited:
Dual NIC setup on your Blue Iris Machine
In making your system more secure this is a great option to eliminate your cameras calling home / connecting to the internet This is a great place to start to setup a bit more secure network and learn more about IP/Subnets etc. before adding dual NICs: Router Security - Subnets and IP addresses...