Planned setup when My BI pc arrives

R

ray-zin

Young grasshopper
Aug 25, 2017
45
11
Hi All. Hoping for some comments and suggestions. I'm still learning here and fairly new to networking and totally new to IP cams etc. (but am learning fast thanks to all the info on these forums.)

Here is my planned setup when I get BI up and running in the next few weeks.

From what I've been reading I need to keep BI and cameras separate from the rest of my home network.

So I was thinking of the below configuration. (I have 1 x 8 port poe switch. (should have gone bigger. Whoops.) and 4 poe cams for now but will be adding another 6 shortly as funds allow. I will also soon have a dedicated BI refurb.)

upload_2019-7-15_21-20-45.png

Would this configuration work?
thanks in advance.
 
  • Like
Reactions: mat200
That's a 4-port switch, not 5. You're counting the uplink port, if you have 3 APs, PS4 and TV... you'll need a different switch or let the PS4 or TV connect via WiFi.
 
Thanks. The AP's - Mesh devices connect to each other so only 1 is wired to the router. The other 2 either wired to each other or wifi connected to each other.

In terms of the POE switch connecting BI server and ip cams to the router... Would this work nicely or do I have to get a 2nd NCI or USB to Ethernet connector to the BI machine? - to keep the cameras "behind" the bi server instead of connected to the router? - or does the switch as above essentially do the same thing?
 
Well... from what I've read on here... the camera's should not have direct "Access" to the internet. So BI server should be between the camera's and the internet connection right?
 
ray-zin said:
Well... from what I've read on here... the camera's should not have direct "Access" to the internet. So BI server should be between the camera's and the internet connection right?
Click to expand...

I see what you're saying. I have read on here people installing another NIC on their BI server. I didn't go as far as installing another NIC though. My cameras aren't in a private area they are only observing the outside. I use Dahua cameras I bought from a vendor here so I hope they aren't trying to "phone home". I have a firewall setup on my router but if it's established/related connection I guess the camera can "phone home". I just use this method here using VPN at the following link.

How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk
 
  • Like
Reactions: Scotto2323 and JNDATHP
A better option would be to use managed PoE switches on which you can set up a separate VLAN for the cameras. That way you can limit them from accessing WAN from the wirewall and also limit access from LAN to cameras to only allowed devices (if any).
BI PC can either have normal LAN IP and access camera VLAN through the router/firewall or directly with a virtual IP on the VLAN or a secondary NIC.

Another option, when looking at your image and if your router supports it and your PoE switch isn't managed: don't join the LAN ports on the router all together, but separate one of them for the camera network and only allow BI PC to access the internet. Also only allow access to BI PC from LAN/WAN.

But your other option of just installing a secondary NIC on BI and starting camera network from there (private without access to LAN) is also a good option.
 
Last edited:
  • Like
Reactions: iseeker
My PoE switch is unmanaged. So for now I'll keep BI disconnected like so from the router until I add another NIC.
upload_2019-7-18_14-51-47.png
 
@ray-zin, so your BI computer won’t access the internet at all?
 
For now... yes. - Until I learn a whole lot more about how to connect it safely ;-) - the more I read here... the less I seem know!
 
If your router/firewall supports it, you can block in- and out- bound connections to the cameras by IP.
I have all my cameras assigned static IP addresses in a range and in my firewall (pfsense) that range is then disallowed from any internet/WAN connections, only LAN connections are allowed.
The BI PC does connect to the internet and I am able to view all my cameras remotely via OpenVPN and UI3.
It is secure and not all that difficult (as long as your router/firewall supports it).
 
  • Like
Reactions: Jaxon and ray-zin
Edcfish said:
If your router/firewall supports it, you can block in- and out- bound connections to the cameras by IP.
I have all my cameras assigned static IP addresses in a range and in my firewall (pfsense) that range is then disallowed from any internet/WAN connections, only LAN connections are allowed.
The BI PC does connect to the internet and I am able to view all my cameras remotely via OpenVPN and UI3.
It is secure and not all that difficult (as long as your router/firewall supports it).
Click to expand...
Thanks... this gives me something else to look into. I'll check my router settings/options etc. and see what I can do around this. - One thing I do know is that I can't run DD-WRT etc on my particular router which limits me quite a bit.
 
You must log in or register to reply here.
Top Bottom