Menu
What's new

Networking Help

T

Tengu

Young grasshopper
Joined
Mar 24, 2018
Messages
37
Reaction score
13
Location
Australia
Hi,
I recently purchased a NVR5416-4KS2 V2.0 and some Dahua IP cameras from Andy.

I also have a Cisco SG200-26P Smart Switch to power the cameras.
I don't intend on connecting that switch to my network or internet until I get the NBN (HFC) some time next year (thanks Malcolm).

When upgraded I will be using either a ASUS Router or Pfsense router/firewall to connect to the internet (using a VPN).

I plan on using a Cisco SG100-24 unmanaged switch to connect computers to the router.

So it should look something like:

/-SG200-26P - NVR5416-4KS2 - IP Cam#1, IPCam#2, IP Cam #3.......
Router
\-SG100-24 - Computer#1, Computer#2, Computer#3

Now the big question, should everything be on the same network or subnet? E.g. 10.20.10.x

.........OR have them on different subnets?

For example, have the cameras on 172.20.10.x and the home network (computers and router) on 10.20.10.x with the subnet mask for both being 255.255.255.0

Will this make it harder for someone one a computer on the home network to access the camera network?

Will this stop the cameras from accessing the internet and me accessing the cameras remotely?

What do people recommend?

Also, when installing the hard drives in the NVR5416-4KS2 V2.0 I noticed 2 internal USB 3.0 ports on the motherboard. Does anyone use them for storage? Or is there another use for them?

Any help is appreciated
 
Frankenscript

Frankenscript

Known around here
Joined
Dec 21, 2017
Messages
1,288
Reaction score
1,197
Question: I'm not expert on that NVR, but shouldn't the SGT200-26P PoE switch go between the NVR and the cameras?

So:
Router --> NVR (via NIC 1) | NVR (via NIC 2) --> SGT200 --> Cameras

I took a quick look at the router specs; it appears to have two NICs built in, allowing the cameras to be on a different subnet from the LAN.

Again, I'm not expert in this NVR. But most NVRs I've seen have two NIC interfaces (and often, one of them supplies PoE to cameras), so that one can face the LAN and the other faces the cameras.
 
T

Tengu

Young grasshopper
Joined
Mar 24, 2018
Messages
37
Reaction score
13
Location
Australia
Hey @Frankenscript and thanks for your help

Hmmm Ok? I never thought of doing that with the two NICs

And yeah Router--NVR--Poe Switch-- Cameras......?
 
Last edited:
looney2ns

looney2ns

IPCT Contributor
Joined
Sep 25, 2016
Messages
15,606
Reaction score
22,833
Location
Evansville, In. USA
Tengu said:
Hi,
I recently purchased a NVR5416-4KS2 V2.0 and some Dahua IP cameras from Andy.

I also have a Cisco SG200-26P Smart Switch to power the cameras.
I don't intend on connecting that switch to my network or internet until I get the NBN (HFC) some time next year (thanks Malcolm).

When upgraded I will be using either a ASUS Router or Pfsense router/firewall to connect to the internet (using a VPN).

I plan on using a Cisco SG100-24 unmanaged switch to connect computers to the router.

So it should look something like:

/-SG200-26P - NVR5416-4KS2 - IP Cam#1, IPCam#2, IP Cam #3.......
Router
\-SG100-24 - Computer#1, Computer#2, Computer#3

Now the big question, should everything be on the same network or subnet? E.g. 10.20.10.x

.........OR have them on different subnets?

For example, have the cameras on 172.20.10.x and the home network (computers and router) on 10.20.10.x with the subnet mask for both being 255.255.255.0

Will this make it harder for someone one a computer on the home network to access the camera network?

Will this stop the cameras from accessing the internet and me accessing the cameras remotely?

What do people recommend?

Also, when installing the hard drives in the NVR5416-4KS2 V2.0 I noticed 2 internal USB 3.0 ports on the motherboard. Does anyone use them for storage? Or is there another use for them?

Any help is appreciated
Click to expand...
Wiki at top of this page, read how to secure your network.
 
Last edited:
T

Tengu

Young grasshopper
Joined
Mar 24, 2018
Messages
37
Reaction score
13
Location
Australia
Thanks @looney2ns, I've done that....was just after some confirmation

So to secure the network

  • Turn off UPnP - Turn it off in your router. Turn it off in your modem. Turn it off in your NVR and in your IP cameras. Turn off UPnP wherever you find it
  • Don't open any ports
  • Use a VPN
  • Block the camera IP / MAC address in your router firewall rules
  • The cameras should only communicate with the local LAN and/or the VPN LAN
  • A PoE NVR will automatically create a separate network (subnet) for your IP cameras, which is a good security practice
  • To temporarily disable the internet connection in the camera UI, set a false gateway IP address in Setup > Network > TCP/IP. Attempting to leave the field blank will cause an error message when trying to save, so enter an IP address outside the DHCP range to avoid IP conflicts. This should only be a temporary situation until the proper firewall rules are established to limit / prevent camera access to your LAN and internet.
Have I missed anything?

Point 6 suggest I should put the cameras on a different subnet to my modem/router. Will this stop them from accessing the internet if I have the "correct" gateway address set??? Do you need to have the "correct gateway address set if you plan on using a VPN Tunnel to remote access???
 
Last edited:
You must log in or register to reply here.
Top