Experts Please Review/Comment - Home Network + PoE Security Network

Joined
Apr 26, 2016
Messages
1,090
Reaction score
852
Location
Colorado
All.

New here but would appreciate expert commentary to make sure I don't go off rails in the wrong direction.

Just focusing on the network portion of my home security setup. While I thought I knew what software I was looking at, that is probably going to change, but the hardware is starting to showup and I want to set it up properly so I can test out BlueIris, Bluecherry, Zeoma or similar. I had hoped to avoid another Windows PC to patch/virus-protect (6 already), but am also new to Linux (only 1 so far).

I have RT-N66U Wireless Consumer Router - hooked directly to cable modem. If I read correctly elsewhere, this router supports VLAN tagging/setups but I may need to install different firmware.

I have a Consumer D-Link DGS-1016D (16 port gigabit unmanaged switch) where all my home network computers are connected, as well as Western Digital TV, NAS etc etc. This is connected to port 1 of RT-N66U.

I have ordered HP1910-8G-PoE+ Managed Switch, as it was recommended as a robust way to power cameras and seemed like a better option than buying a bunch of PoE injectors. I would like to set this switch up as a separate VLAN/security camera network. I would like to completely block internet access from anything connected to that switch, and instead only allow NVR server to reach these cameras. Because of the limited number of ports on the PoE switch I am hoping the NVR server could be connected to the DLink Switch (or another port on N66U if that will work, although I have read VLAN support might limit N66U to 2 ports), ideally as part of the same VLAN or a separate VLAN which can reach the private security VLAN. I would then like access from 1-2 of the computers on the home network (and possibly a TV) to the NVR server video feed, or alternatively a dedicated video screen in one room and Android access.

At the end of the day I want the security camera network separated, and I want to put a video display on the wall which shows the camera feeds from the NVR server (or possibly as another input to a 36" TV). I work from home but would like to keep an eye out for deliveries or any goings-on outside without having to constantly check.

Please let me know of any mistakes I've already made. I'm hoping if expansion is needed for camera network I could add another 8-16 port PoE connected by fiber between HP switches, but if I have to upgrade instead in 1-2 years I'll cope with that. I am currently planning on 4-6 fixed cameras to get me started, but would like to grow with a couple internal entryway cameras, and more to watch outside (rear yard, garage, LPR etc). As I mentioned in my introduction, I would like to keep an eye on properties to both sides which are unoccupied, but would re-purpose those cameras if someone moves in.

Thanks.
R
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
if you put all your cameras on a branch switch with the NVR, you really dont need the vlan unless your router does not have another network port for it.

you have a good plan, use your router allow other subnets or a whitelist of trusted hosts only access to the NVR.. and block everything else, no need for a 3rd lan in the middle.
 
Joined
Apr 26, 2016
Messages
1,090
Reaction score
852
Location
Colorado
Thanks nayr, if I am understanding what you are saying (not a network engineer):

1. Hook Home Network Switch (D-Link DGS-1016D) to port 1 of RT-N66U, setup on one subnet
2. Hook Security Network PoE Switch (HP1910-8G-PoE+) to port 2 of RT-N66U, setup on a different subnet
3. Setup limited routing from Home -> Security
4. Configure mostly unlimited routing from Home -> Internet
5. Limit routing from Security -> Home
6. Prohibit routing from Security -> Internet & Internet -> Security (I don't want any cameras phoning home or exposing camera interface on the web by accident)

R
I've never divided my home network, but if I can find an idiot guide to subnets and follow instructions on how to change from /24 to /27 or something similar.

If that's right, I will explore how to do that for my router, if you never hear from me again it's because I've bricked it and cannot reconnect to the internet. :)
 
Last edited by a moderator:

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
Perfecto! Thats exactly it.

Once you set all this up and have 2 subnets and a router, with a system you researched and designed on your own.. you'll be a network engineer, at least as good as most I encounter, if not a lil better because your already paranoid about security.
 
Top