Jump to content
RESET Forums (homeservershow.com)
Dave

IP Camera and Server Solutions

Recommended Posts

nrf

I just turned off my port for geniusvision too, it seems to work just fine thru cellular and the openvpn tunnel!
it is possible that some cameras connect out to cloud services or some vendor specific location site so one could look at any outgoing connections from the cameras just to be safe....

Share this post


Link to post
Share on other sites
Jason
If you have 802.3af and 802.3at you need a switch that supports both specs. I bought one of these for that reason:
http://us.dlink.com/products/business-solutions/dgs-1210-10p/


I ended up getting same Dlink switch as schoondoggy. Have 7 PoE cameras plugged directly into it. 2 others are WiFi cameras.

Cannot tell how to login to the webUI of this D-link switch for VLAN settings. Am not seeing anywhere in Untangle where it’s getting an IP address.

Share this post


Link to post
Share on other sites
schoondoggy


I ended up getting same Dlink switch as schoondoggy. Have 7 PoE cameras plugged directly into it. 2 others are WiFi cameras.

Cannot tell how to login to the webUI of this D-link switch for VLAN settings. Am not seeing anywhere in Untangle where it’s getting an IP address.
Download the Dlink Network Assistant, it should be able to find the switch. http://tools.dlink.com/intro/dna/
I assume the DGS-1210 is connected to another switch? Depending on how your network is configured you may need to set the vlan on the main switch.

Share this post


Link to post
Share on other sites
Jason

Thanks. Yes the Dlink Switch is plugged into a TP-Link switch that I do not believe supports VLANs.

Share this post


Link to post
Share on other sites
itGeeks
6 hours ago, nrf said:

I turned off UPNP for similar reasons, and allow access only thru my geniusvision server. Even there I am thinking of turning that off and coming in thru openVPN for such access.

yup, Turning off UPnP is the very first thing I do on routers that support it, The second thing I do is turn off WPS. If the router does not allow me to turn off these features they get banned... I can remember once working on a family members router for the first time and when I looked at port forwarding holy cow, There must of been around 20 ports open and when I asked them why of course they had no idea. UPnP was enabled.

10 hours ago, DragonRebornUK said:

That's why i turned off Internet access to my cameras via the router ( Netgear - Orbi ). Nothing goes in from the outside or leaves. Only the LAN which my Blue Iris Sees.

 

And that is the correct way to do it, There is no need to expose all the camera.

Share this post


Link to post
Share on other sites
itGeeks
6 hours ago, Jason said:

I have and generally keep UPnP turned off on all routers. Also, just assumed since all of my cameras were behind the firewall with no inbound access to them from outside the network, I was OK?

Currently, I access Blue Iris from my mobile to view cameras. Am unable to access any camera directly from outside firewall.

Not entirely safe, The cams can still dial out  make a connection and god only knows what can happen after that. Be safe, Continue what your doing and isolate them from the rest of your network and if something happens it won't cause harm to the rest of your network....

Edited by itGeeks

Share this post


Link to post
Share on other sites
nrf

so far I have been lucky - the whole gaggle of misc. routers I have allow me to disable WPS. I wouldnt' settle for anything less...

Share this post


Link to post
Share on other sites
Jason

OK.  Am starting to play around with setting up a single VLAN for my POE IP Cameras.  But I'm confused.

I have a 10 port POE switch.  Port 1 is connected to my router.  Ports 2-10 each have a camera connected to them.

 

I setup a "VLAN 10" and tagged Ports 2-10 in the switch admin config.

 

In Untangle, I've setup a VLAN with VLAN 802.11q tag = 10. It has a static IP and netmask.  DHCP serving is enabled on this VLAN interface.

 

However I cannot quite tell how to give each of my cameras a static DHCP entry in Untangle.  I don't want them getting DHCP addresses else it's too tedious to configure Blue Iris.

Share this post


Link to post
Share on other sites
Jason

Even more confused yet...VLANs, ugh.

 

I have an ethernet cable out from my Untangle LAN interface directly into port 1 on my D-link SGS-1210-10P smart switch.  Port 1 of the DGS-1210-10P shows as VLAN 1 in the switches admin interface.  Port 1 of this switch is also setup as UNTAGGED.  I can successfully access the switches admin menu from any device on my LAN (good).

 

Unfortunately however none of the POE cameras connected to ports 2-10, which are also setup as VLAN 10, each of these ports also UNTAGGED, are not showing up as getting DHCP addresses from the VLAN interface.

 

I have port 8 on the DGS-1210-10P switch going out to my TP-LINK 24 port unmanaged gigabit switch so that other devices on my LAN can access the cameras on MY VLAN.

 

Ultimately, I want my Blue Iris box 192.168.0.5 on my LAN to be able to access each of my VLAN 10 cameras 192.168.10.x, but I don't want any of the VLAN 10 cameras to be able to access the Blue Iris box or other LAN addresses.  For example, someone taking a camera off and plugging a laptop into it.

 

Surely it's more simple than this???

 

 

Share this post


Link to post
Share on other sites
itGeeks

Good evening Jason,

First let me start off by saying I am by no means an expert on VLANs and I am in the process of learning just like you so bare with me. From what I have learned this far I think your over complicating the setup as a result of miss understanding of VLANs. Have a look at this article from SNB for a great explanation of VLANs and how to set one up in a 'single subnet' VLAN, Pay close attention to the following. The 2nd bullet point is what your doing, Not the 1st bullet point that requires extra steps with the router.

 

1) "For example, a network connected to the Internet usually employs a gateway router, which is probably also providing DHCP and NAT (Network Address Translation) services. If VLANs are created on different subnets, then the gateway, or another router will need to provide those services to each VLAN. In larger LANs, inter-subnet routing and VLAN segmentation is often handled by Layer 3 (sometimes called "multilayer") switches."

 

2) This is what you want to setup. VLANs can also be configured to share a single subnet, yet isolate various LAN members from each other. I'm going with the single subnet approach here, using the SRW as my Layer 2 managed switch and a Linksys RV042 router (Figure 3) for Internet access, DHCP, and NAT.

 

On closing all switches to be a part of the VLAN need to be VLAN aware. Remember your setting up a VLAN (virtual private network) and as such a dumb switch aka an unmanged switch has no idea how to process the data.  Its like someone that only talks Chines and you only speak English, You wont understand what there saying. Same thing apply here.

 

Hope this helps....

Edited by itGeeks
  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...