Separate network to offload router camera traffic

ccchihaho

n3wb
Joined
Nov 7, 2020
Messages
4
Reaction score
0
Location
BE
Hi guys,

I'm looking for some advice to separate my network, so my normal LAN doesn't get affected by the traffic of my camera's.

I'm running a VMS server with 13 camera's. My network setup is like:

ISP->Router->Main switch -> POE camera switch -> 13 camera's

How do I prevent that the data of those camera's goes through the router so it affects my normal LAN. I do have some networking knowledge, like subnetting, creating VLAN's etc but it seems I miss some basic knowledge... haha
 

Old Timer

Known around here
Joined
Jul 20, 2018
Messages
1,290
Reaction score
2,762
Location
I'm ok
Put your VMS on the same switch your cameras are on.
A lot of POE has 2 ports without POE, and I usually use the second port to either daisy chain switches together, or go the the VMS
 

ccchihaho

n3wb
Joined
Nov 7, 2020
Messages
4
Reaction score
0
Location
BE
Put your VMS on the same switch your cameras are on.
A lot of POE has 2 ports without POE, and I usually use the second port to either daisy chain switches together, or go the the VMS
I can do so, but I'm not sure how I'll segregate the network to block the camera's to the internet and allow the VMS.

Or add another ethernet port to the computer and have the cameras go to one NIC and the internet to the other.
I cannot add a second ethernet port to my VMS.

I added an overview of my network to clarify the situation.
network.jpg

Clients VLAN 200 -> go to internet and server
Server VLAN 300 -> clients only
Camera VLAN 400 -> VMS only

So what I want to do is to create another VLAN 500 for the VMS. So the camera's can send there video to the VMS and the VMS can be accessed through WAN.

What I want to prevent is that the VIDEO data will interfere with the LAN data, so it shouldn't go through the ROUTER.

Hoping this will give some insight in my situation and you guys have some advice.
 

SpacemanSpiff

Getting comfortable
Joined
Apr 15, 2021
Messages
855
Reaction score
1,172
Location
USA
...
I cannot add a second ethernet port to my VMS.
...
Is it a physical space constraint for an added NIC? If so, a USB network dongle would be a good choice. Or is the VMS a proprietary system that will not accept additional hardware?

Assign a port on the managed switch to VLAN400. This will host the uplink connection from your hikvision PoE camera switch. The VMS sever should have VLAN400 and VLAN200 assigned to it's port to recieve camera feeds and allow access from internet. If you want the local workstations to access the VMS, you should also add VLAN300 to the VMS port also.
 

ccchihaho

n3wb
Joined
Nov 7, 2020
Messages
4
Reaction score
0
Location
BE
Unfortunately the VMS is a proprietary system and indeed will not accept additional hardware.

The second part of your post is clear, but the data of the camera's will still use bandwidth of the LAN network, correct? (Because I cannot add a second NIC to my VMS)
 

SpacemanSpiff

Getting comfortable
Joined
Apr 15, 2021
Messages
855
Reaction score
1,172
Location
USA
Unfortunately the VMS is a proprietary system and indeed will not accept additional hardware.

The second part of your post is clear, but the data of the camera's will still use bandwidth of the LAN network, correct? (Because I cannot add a second NIC to my VMS)
The camera traffic will be isolated to the two ports on the managed switch assigned to VLAN400. Yes, this will require the managed switch to use some of it's processing power on the camera traffic, but it would be the most efficient config based on your current hardware.
 
Joined
May 1, 2019
Messages
2,093
Reaction score
3,210
Location
Reno, NV
Somewhere in my initial research about cameras & server machine that may or may not be true: keep both on the same subnet. Crossing subnets between cameras on 192.168.3.x and server on 192.168.4.x puts a serious load on the CPU of the router. Maybe this only applies to 80+ cameras, dunno.
Either way... you will have to have firewall policy rule skillz. Cameras + access to internet = bad, so must be blocked.
 

SpacemanSpiff

Getting comfortable
Joined
Apr 15, 2021
Messages
855
Reaction score
1,172
Location
USA
Somewhere in my initial research about cameras & server machine that may or may not be true: keep both on the same subnet. Crossing subnets between cameras on 192.168.3.x and server on 192.168.4.x puts a serious load on the CPU of the router. Maybe this only applies to 80+ cameras, dunno.
Either way... you will have to have firewall policy rule skillz. Cameras + access to internet = bad, so must be blocked.
That said, OP could improve the config by spending a bit more money... consider replacing the hik unmanged with a managed switch (MS#2). The VMS and the cams will physically connect to MS#2 with their ports assigned to VLAN400. Uplink port between MS#2 and MS#1 will have VLAN200 & 300. VMS port on MS#2 will also have VLAN 200 & 300.

This model would only burden MS#1 with VMS related traffic when folks were reviewing footage
 
Top