What type of switch/router for my needs

P

piperpilot12w

n3wb
Jul 5, 2017
17
2
What type of switch/router for my needs

Putting together a home network that will include about 8-12 security cameras with a computer dedicated to Blue Iris. Also, plan to have about 25 Ethernet drops throughout the house and wireless access points. I rent out a room in the house to someone, so I want to restrict them from access to the network and only allow them internet access.

I want to be able to access the security cams and have access to the network when I'm gone from home. I've read a little about VLAN and Dual Nic, but don't have a good understanding of what would be suitable and not overly complicated to setup. Been looking at Ubiquiti and NetGear but I need some direction.


1) Should I go with a separate switch for the security cams or 1 switch for everything?

2) Do I need a managed switch?

3) Does the router need VLAN capability?

Low power consumption is important to me
 
You want to keep your cameras off the rest of the network. Dual NIC is the easiest - add a $20ish dollar ethernet card in the BI computer and have all the cameras go to a POE switch that nothing but the BI computer and cameras are connected to. Then have the ethernet port that came with the computer connect to your home network.

With the dual NIC you don't need a managed switch. A managed switch is for a VLAN.

Do not get ubiquity for the POE switches as they are proprietary power to run their cameras.

Go with a dual NIC and no VLAN needed in the router.

Give the renter a guest wifi access that only allows them to see the internet and not the rest of your network.

To access the cameras when away from home use OpenVPN if it is native to the router, otherwise use something like ZeroTier or Wireguard or Tailscale.
 
You are going to need basic understanding of subnetting, VLAN, wifi, etc...

If I was doing this and only wanted to give them wifi access to the internet and no access to the rest of the LAN, then Id setup a dedicated AP just for them on a different VLAN/subnet than your home network. So VLAN 10 with an IP address space of 192.168.10.0/24 for their SSID and VLAN 1 with an IP address space of 192.168.1.0/24 for your SSID/VLAN. You may be able to get away with 1 AP depending on how large the home is and how much data you two will use and simply broadcast both SSIDs from the same AP. Honestly, I'd rather give them a dedicated AP (on a non-overlapping channel) just for their own bedroom so they can stream to their hearts content and it wouldn't interfere with your own wifi.

Their dedicated AP would plug directly into your router. That router port would be setup on the VLAN10 with an IP of 192.168.10.1. Then you would setup firewall rules in the router so that anything on VLAN 10 only has access to the WAN and nothing internal.

I use Peplink routers exclusively because I have to run all my routers with cell data backup which they offer. Honestly, just about any router can so simple stuff like this. I also only use Aruba Instant On APs now as well. I've gave up on Ubiquity except for their point to point solutions. I just don't like their controller or APs.
 
Used small business switches are great deals on ebay. I'm using a 28 port cisco managed POE switch. You just have to read specs before deciding to make sure you're getting what you need. Some are only 15 watt POE, some have POE+, some can connect to a fiber link, some have easier to use UI, etc.
 
The room with the tenant in it will have Cat6 run to 3 jacks. 1 of them will be supplying the tv/Roku box for a wired connection. Is there a way to set those jacks on the guest network and will that effect the above suggestion for switch/router setup to keep the tenant from access to other parts of the network?

Someday I may choose not to rent out the room so I will run the Cat6 to it now. Also, the reliability of a wired connection for tv would be preferable.
 
piperpilot12w said:
The room with the tenant in it will have Cat6 run to 3 jacks. 1 of them will be supplying the tv/Roku box for a wired connection. Is there a way to set those jacks on the guest network and will that effect the above suggestion for switch/router setup to keep the tenant from access to other parts of the network?

Someday I may choose not to rent out the room so I will run the Cat6 to it now. Also, the reliability of a wired connection for tv would be preferable.
Click to expand...
Yes. Those jacks would plug into the switch ports that you have configured as VLAN 10 (in my example earlier). Any data entering those switch ports are automatically tagged as VLAN 10 and the firewall rules apply accordingly. You could do this all with one very large switch and configure 3 of the ports to VLAN 10 and the rest of the ports as VLAN 1. Make sure the uplink port to your router from the switch is configured to a trunk port. That means it carries all VLAN traffic.
 
looktall said:
Are you sure about that?
Click to expand...

Not all of them are, but standard POE is 48v and ubiquity typically provides 24v passive.

Many posts here over the years of someone saying their new cameras was DOA and come to find out it was ubiquity POE switch they were using.
 
Maybe some of their old kit, but I reckon all current unifi poe switches are compliant with the standards as well as providing passive poe.
Their access points on the other hand are not all compliant.

But even so, saying to stay away from them because some might not do what you want is like saying to stay away from all dahua cameras because some of them can't see IR.
 
You must log in or register to reply here.
Top Bottom