Networking Help

Discussion in 'Chit-Chat' started by Tengu, Jun 2, 2018.

Share This Page

  1. Tengu

    Tengu n3wb

    Joined:
    Mar 24, 2018
    Messages:
    21
    Likes Received:
    8
    Location:
    Australia
    Hi,
    I recently purchased a NVR5416-4KS2 V2.0 and some Dahua IP cameras from Andy.

    I also have a Cisco SG200-26P Smart Switch to power the cameras.
    I don't intend on connecting that switch to my network or internet until I get the NBN (HFC) some time next year (thanks Malcolm).

    When upgraded I will be using either a ASUS Router or Pfsense router/firewall to connect to the internet (using a VPN).

    I plan on using a Cisco SG100-24 unmanaged switch to connect computers to the router.

    So it should look something like:

    /-SG200-26P - NVR5416-4KS2 - IP Cam#1, IPCam#2, IP Cam #3.......
    Router
    \-SG100-24 - Computer#1, Computer#2, Computer#3

    Now the big question, should everything be on the same network or subnet? E.g. 10.20.10.x

    .........OR have them on different subnets?

    For example, have the cameras on 172.20.10.x and the home network (computers and router) on 10.20.10.x with the subnet mask for both being 255.255.255.0

    Will this make it harder for someone one a computer on the home network to access the camera network?

    Will this stop the cameras from accessing the internet and me accessing the cameras remotely?

    What do people recommend?

    Also, when installing the hard drives in the NVR5416-4KS2 V2.0 I noticed 2 internal USB 3.0 ports on the motherboard. Does anyone use them for storage? Or is there another use for them?

    Any help is appreciated
     
  2. Frankenscript

    Frankenscript Getting the hang of it

    Joined:
    Dec 21, 2017
    Messages:
    145
    Likes Received:
    76
    Question: I'm not expert on that NVR, but shouldn't the SGT200-26P PoE switch go between the NVR and the cameras?

    So:
    Router --> NVR (via NIC 1) | NVR (via NIC 2) --> SGT200 --> Cameras

    I took a quick look at the router specs; it appears to have two NICs built in, allowing the cameras to be on a different subnet from the LAN.

    Again, I'm not expert in this NVR. But most NVRs I've seen have two NIC interfaces (and often, one of them supplies PoE to cameras), so that one can face the LAN and the other faces the cameras.
     
    Tengu and TonyR like this.
  3. Tengu

    Tengu n3wb

    Joined:
    Mar 24, 2018
    Messages:
    21
    Likes Received:
    8
    Location:
    Australia
    Hey @Frankenscript and thanks for your help

    Hmmm Ok? I never thought of doing that with the two NICs

    And yeah Router--NVR--Poe Switch-- Cameras......?
     
    Last edited: Jun 2, 2018
  4. looney2ns

    looney2ns Known around here

    Joined:
    Sep 25, 2016
    Messages:
    4,893
    Likes Received:
    2,978
    Location:
    Evansville, Indiana
    Wiki at top of this page, read how to secure your network.
     
    Last edited: Jun 3, 2018
  5. Tengu

    Tengu n3wb

    Joined:
    Mar 24, 2018
    Messages:
    21
    Likes Received:
    8
    Location:
    Australia
    Thanks @looney2ns, I've done that....was just after some confirmation

    So to secure the network

    • Turn off UPnP - Turn it off in your router. Turn it off in your modem. Turn it off in your NVR and in your IP cameras. Turn off UPnP wherever you find it
    • Don't open any ports
    • Use a VPN
    • Block the camera IP / MAC address in your router firewall rules
    • The cameras should only communicate with the local LAN and/or the VPN LAN
    • A PoE NVR will automatically create a separate network (subnet) for your IP cameras, which is a good security practice
    • To temporarily disable the internet connection in the camera UI, set a false gateway IP address in Setup > Network > TCP/IP. Attempting to leave the field blank will cause an error message when trying to save, so enter an IP address outside the DHCP range to avoid IP conflicts. This should only be a temporary situation until the proper firewall rules are established to limit / prevent camera access to your LAN and internet.
    Have I missed anything?

    Point 6 suggest I should put the cameras on a different subnet to my modem/router. Will this stop them from accessing the internet if I have the "correct" gateway address set??? Do you need to have the "correct gateway address set if you plan on using a VPN Tunnel to remote access???
     
    Last edited: Jun 3, 2018