Surveillance on Home broadband

[djkprojects]

Hello.

I'm in a process of installing 4 IP cams in my property and use either my NAS or NVR. Since it will be all connected to the home router I'd like to separate traffic for the IP cams + NVR from the rest of the network as not to affect other devices connected to the router.

I'm thinking of getting a managed switch and separate the surveillance using VLAN/IGMP.

Is that a good or bad idea and how do you guys have your surveillance set up?

Thanks

 

[alastairstevenson]

Since it will be all connected to the home router I'd like to separate traffic for the IP cams + NVR from the rest of the network as not to affect other devices connected to the router.

That can be a good move, depending on the capabilities and limitations of the specific router.
Last year I changed out the ISP-supplied router due to the need (could not be avoided) to route about 10Mbps of purely local camera traffic via its switch ports, which dropped the internet download speed by 50%
The replacement router is absolutely fine with the traffic load via the switch ports.
But that was performance-related as opposed to security-related.
Security-related - I think it's sufficient to not use port forwarding, and to use selective outbound block-lists.

 

[djkprojects]

Thanks Alastairs,

Any other suggestions/recommendations guys?

Thank you

 

[bguy]

There's WAN, and there's LAN. Your "home broadband" is the WAN connection. WAN is basically the Internet. Your router connects your home LAN to the WAN. It sounds like your questions is related just to the LAN. I would say yes, you want to isolate the camera network from the home network, for security and traffic reasons. But just putting the cameras and NAS on a dumb switch should keep the camera traffic from interfering with the rest of the network, that's what a switch does.

You can have multiple LANs and they may not even have access to the WAN. If you use an NVR with PoE ports, then the cameras are already on a separate network from your home LAN.

 

[randytsuch]

I have all of my cameras, and my BI PC (NVR) connected to the same, managed, POE switch.
This POE switch is also connected to my router to give the BI PC access to my normal network.
So this switch has one port to the router, one to the BI PC, and the rest to my cameras, nothing else connected.
This keeps my camera traffic isolated from the normal, family traffic.
No complaints from family about slow network, so it must have worked lol.

BTW, for security reasons, I vlan'ed the cameras so they can only access the BI PC. They can't access the router, and so don't have internet access.

Randy