Newbie network

[HMay]

Hi all,

I've spent a few of days reading many websites and forum posts and can't quite work this one out - could anyone help please?

I'm a relative network noob currently planning how to network a system (PoE cams connected to NVR), and I'm considering the following setup:

Wifi Modem/Router with VPN>Managed Switch(for VLAN)>NVR>Cams

Questions are:
1. To add laptops, phones etc to a second VLAN I'm guessing I would need a switch that can also pick up wireless devices/traffic, or do I need a router that provides capability for this?
3. If laptops etc connect to the router without sitting on a VLAN, could they compromise or be compromised by the stream to the internet from the NVR (via VLAN & VPN)?
3. Have I got this all a bit wrong?! (and do I even need both the VPN and VLAN?)

No tech has been bought yet - only have my ISP router which I'm imagining will be swapped out for sommething ASUS branded.

Thanks in advance.

 

[DG99]

You are better off using a dual nic setup, VLAN will require a router and managed switches that need to be configured. To do VLAN's correctly you would need a layer 3 switch to route vlans and not your router doing the routing,
I suggest you read the dual nic setup and VPN's on the WIKI at top of page.

 

[HMay]

Thanks very much for your reply. I was planning on an NVR box rather than PC, hence thinking about VLANs - I've just read through the Wiki and I take it this would rule out dual NIC (unless there is hardware that can do this)?

 

[sebastiantombs]

Technically, and NVR does have two NICs. One IP range is used for the cameras, typically 10.x.x.x while the other is used to connect to the local LAN and is generally set for DHCP for easy connection and configuration.

 

[SouthernYankee]

The ISP router normally is both a router and a Modem. Not sure about the UK setup. But you more than likely will need to keep the ISP Modem/router. You will disable its router capability by put it into Bridge / pass thru / by pass mode. This will make it a modem only, then it will connect to an ASUS modem.

Go slow,, real slow, do one project at a time.

Read,study,plan before spending money ..... plan plan plan
To save money do it right the first time.

Who is your internet provider ?
What is the make and model of ISP modem/router ?

Maybe one of the UK guys could help out.

 

[crw030]

I don't have a self-contained NVR, but I assumed they would most likely have a built-in POE switch (so basically a dual nic config out of the box) ?

I doubt you need VLAN's unless your goal is to plug the cameras into your regular network and you want to segregate the camera and non-camera LAN's which is a solid idea. I don't believe VLAN's buy you anything for bandwidth/throughput on any given port (I believe a 1g port is 1g, regardless if its a single trunked line or has 10 vlans running across it), but it does reduce the broadcast domain/traffic, and on a managed switch it can be routed out an entirely separate port to the NVR (for example). But, if you can "home run" the cameras to the NVR you wouldn't necessarily need a VLAN capable switch.

VLAN and VPN are two separate challenges, I'd focus on setting up a VPN to connect to your home network securely (and avoid port forwarding at all cost which is insecure, especially with low-security devices like an NVR, camera or IOT device).

VLAN's require learning how they work, and having the right equipment to support them. They are not technically required for someone starting out new like yourself, but if you are interested in them best to buy a VLAN capable switch. Around here they are frequently referred to as a method to provide some security and isolation between your primary network devices and the camera/NVR, and also commonly allow you to establish VLAN specific firewall rules (i.e. block all outgoing internet access to these low security NVR/camera devices). Unless your cameras have to coexist on your existing network with other devices (not plugged into the NVR directly), VLAN might not be required.

 

[HMay]

Thanks for all the advice, guys.

SouthernYankee, the ISP router/modem is an EE Smart Hub. I've been onto the EE community forums, and it appears that the Smart Hub can't be put into Bridge mode or Modem only, so I'll likely need a separate modem.

crw030, if a VPN will suffice, I'd be happy with that. I can then explore VLAN's if I want to a little further down the line.