Optimum Network setup

[mdfb42]

Hey all, I'm in the process of getting my camera system up and running with BI. My question relates to how I should set it up on my network to isolate for security.

I currently have a Nighthawk R7000 and also have VyprVPN.

I didn't know if I should look to upgrade to something like the nighthawk X6S, or if there's something else I should be looking at? A very tech savvy friend mentioned something about possibly getting the cams on their own network? I like that idea, but I wasn't following how to execute and if it'd be necessary.

I tried to search the forum before posting, but if this is a duplicate, please let the beheading begin. Otherwise, thanks in advance for any advice.

 

[awsum140]

Get a managed, PoE, network switch and set up a separate VLAN, subnet, for the cameras. Alternately, add a second network card to the BI PC, a non-managd PoE switch for that card and attach your camera to that switch using a different subnet.

 

[SouthernYankee]

I use the two NIC in the BI. Have a separate sub net for the cameras into BI. I have an Asus router that has openVPN running on. I access bi via the andrAnd app or UI3.

 

[mdfb42]

To elaborate a bit more, I have a BV-Tech 8 port poe switch and I bought a double nic. It appears as though I need to do some research into the execution of a subnet as I know almost nothing about it. I guess my only outstanding concern rn is a friend gave me some free wireless cams that aren't poe so I will also need to get a wireless nic or something to have my BI machine accept their signals. Thanks for the info to help steer me in the right direction.

 

[fenderman]

To elaborate a bit more, I have a BV-Tech 8 port poe switch and I bought a double nic. It appears as though I need to do some research into the execution of a subnet as I know almost nothing about it. I guess my only outstanding concern rn is a friend gave me some free wireless cams that aren't poe so I will also need to get a wireless nic or something to have my BI machine accept their signals. Thanks for the info to help steer me in the right direction.

take the wireless cameras and toss them in the trash....he is no friend....

 

[mdfb42]

take the wireless cameras and toss them in the trash....he is no friend....

Haha. I should have known that would be coming soon enough. I agree, and I wouldn't spend money on a wifi cam, but with them able to provide simple deterrence and minimal visibility in otherwise dead areas, I will have to wait until my budget reaches the point of poe replacements. If it's a network hassle, I'm still fine keeping them as literal dummy cams in the meantime.

 

[fenderman]

Haha. I should have known that would be coming soon enough. I agree, and I wouldn't spend money on a wifi cam, but with them able to provide simple deterrence and minimal visibility in otherwise dead areas, I will have to wait until my budget reaches the point of poe replacements. If it's a network hassle, I'm still fine keeping them as literal dummy cams in the meantime.

i dont understand, are they wifi only? if not you can use ethernet

 

[mdfb42]

i dont understand, are they wifi only? if not you can use ethernet

No. I have power and Ethernet to 1 of the 2. Just need to run Ethernet to the other one. Referring to them as wifi considering the rf interference they are creating in my garage, which is irrelevant to this topic

 

[SouthernYankee]

The second NIC, switch will need to have a access point added to allow the wireless cameras to connect, to the second subnet. Make sure that you are using a different wireless channel in the access point for the cameras, then you are using on the home network.

As the second subnet does not have a router, use static IP address for all devices

 

[mdfb42]

The second NIC, switch will need to have a access point added to allow the wireless cameras to connect, to the second subnet. Make sure that you are using a different wireless channel in the access point for the cameras, then you are using on the home network.

As the second subnet does not have a router, use static IP address for all devices

Sorry I'm struggling here. I was going to pick up another wireless router on top of my current nighthawk. I was thinking that would be all I needed to create the subnet and put the wireless cams on that subnet?

 

[mdfb42]

I'm trying ( I really am) to get this, but apparently it's not my first language. I attempted to make a illustration of my network setup here. I'm still slightly confused on how I would create the subnet, but I'm trying one step at a time. Is the illustration correct on how it should be set up? Also, I am right in assuming by having a double NIC installed on my machine I can essentially create the subnet using it?

 

[SouthernYankee]

Let us say the there are two subnets. Your main home network has an IP of 192.168.1.xxx. your camera subnet is 192.168.2.xxx. the blue iris PC has two network interface card (nic). One connected to each subnet. There are no devices connected both subnets other than the BI machine.

Assume that the router that connects to the internet via a modem has an IP address 192.168.1.1. The router can support both 5 GHz and 2.4 GHz wifi. This wifi set up should not be used by you cameras. Assume that the 2.4 wifi is on channel 6 and named mdfb_home.

The second subnet 192.168.2.x from the BI machine connect to a switch. Connected to the switch is a router that s set up as an access point, it is not set up as a router. Assume the IP of the access point is 192.168.2.1. The wifi on the access point is on channel 11 , it's name is mdfb_camera. The access point does not need to have 5ghz. Almost all cameras only support 2.4 GHz. You can use an older router as a wired access point. All ip address on the second subnet need to be static.

 

[Matt Redz]

Sorry to highjack the thread but in the process of setting up my network and thought I would add a diagram for thought. This is what I intend to commission on top of my UNIFI network so I can keep the IP Camera traffic separate from my own LAN traffic.

 

[SouthernYankee]

Redz... Good looking layout.

I would turn the ISP router into pass thru, modem only. Then add an ASUS router or a router that supports openVPN. So you can access BI from the internet.

Not familiar with unifi.

 

[Matt Redz]

The unifi stuff is great but the USG (their Gateway/Firewall) is pretty poor (as a firewall). I have been looking into building a Pfsense.