Open up a vlan ip to the outside
-
@rashadmahmood said in Open up a vlan ip to the outside:
What is the best way to deal with this? My understanding is that you want to segment the CCTV LAN; otherwise, the whole network would be broadcasting all over the place. With a VLAN, I can confine this to the CCTV LAN.
Does your NVR have 2 ports? If so, you use one to access the NVR from elsewhere and one for an isolated LAN for your cameras.
-
thanks, yes I will separate the camera network from the NVR.
-
@rashadmahmood keep in mind if your going to multihome this box your using as your nvr. The interface you add to the cam network you create wouldn't have a gateway set, nor dns on this interface.
I would just have an IP with proper mask for the network your attaching it too.
-
You mean such as 192/168.0.1/24 (proper subnet mask?) and omit the gateway?
-
@rashadmahmood yeah your just going to use this interface to talk to cameras on this same network - you would not want your pc being used as nvr to use it for any other connections to other networks - so there would be no gateway set on it.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.03 | Lab VMs 2.7.2, 24.03 -
Many thanks
-
@rashadmahmood example - my main pc connection to my nas at 2.5ge.. That I use only to move files back and forth from my pc and nas.
This network 192.168.10/24 isn't use for anything else.. Kind of like the network your pc/nvr will user to talk to the cameras..
if I want to talk to the nas for say admin of the nas, then I talk to it on its 192.168.9 IP address.
-
@johnpoz perfect, thanks!
-
@johnpoz said in Open up a vlan ip to the outside:
so there would be no gateway set on it
Unless the device needs a gateway set. Then just use the NVR or a dummy address.
-
@JKnott said in Open up a vlan ip to the outside:
Unless the device needs a gateway set.
Why would the windows PC with a 2nd nic added it to it need a gateway on the interface?
This not the cameras - this is the PC he is using as his NVR.
"It's a PC running Windows 10 with AXIS Camera Station 5 software"
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.03 | Lab VMs 2.7.2, 24.03 -
The 1st NIC connected to the network (for the purpose of viewing the server/software) would require a gateway - correct?
The 2nd NIC connected to the cameras via a POE switch does not require a gateway?Have I understood this correctly?
Also can I use the same POE switch for bother camera (different network) and other lan devices (again another network)?
-
So I'm thinking of implementing the following
Network 1:
Subnet: 192.168.0.0/24
Gateway: 192.168.0.1 (pfSense)
Windows machine for viewing cameras: Assign a unique IP within the range, e.g., 192.168.0.10/24
Other LAN devices: Assign unique IPs within the range.
VLAN 1:VLAN 1 Interface for Access Point 1: 192.168.0.2/24
VLAN 1 Interface for Access Point 2: 192.168.0.3/24Network 2 (CCTV):
Subnet: 10.0.0.0/25
NIC 2 of the Windows machine: Assign an IP within this range, e.g., 10.0.0.1 with no gateway
cameras 1 to 4 set with no gatewayExample Configuration:
pfSense Gateway: 192.168.0.1/24
Windows Machine NIC 1 (Network 1): 192.168.0.10/24
Windows Machine NIC 2 (Network 2): 10.0.0.1/25
Access Point 1: 192.168.0.2
Access Point 2: 192.168.0.3Also create a vpn to access the 192.168.0.0/24 network
Apologies, its been a while since I messed with network configs.
-
@johnpoz said in Open up a vlan ip to the outside:
Why would the windows PC with a 2nd nic added it to it need a gateway on the interface?
Over the years I have come across some devices that required all the setting to be configured, including gateway whether it was needed or not. I'm not saying that will happen here, but it's always possible.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
Yes, that's correct and yes you can use the same PoE switch, provided it supports VLANs.
-
@JKnott - yep its a managed switch
-
@JKnott said in Open up a vlan ip to the outside:
, but it's always possible.
What part are you not getting that this is a Windows PC??
His cameras should point to pfsense as their gateway.. That is if he wants them to talk to the internet to say get firmware updates. Or if he wants to talk to them directly via his vpn connection without doing source natting. Or any other local networks.
-
refering to this:
@rashadmahmood said in Open up a vlan ip to the outside:
So I'm thinking of implementing the following
Network 1:
Subnet: 192.168.0.0/24
Gateway: 192.168.0.1 (pfSense)
Windows machine for viewing cameras: Assign a unique IP within the range, e.g., 192.168.0.10/24
Other LAN devices: Assign unique IPs within the range.
VLAN 1:VLAN 1 Interface for Access Point 1: 192.168.0.2/24
VLAN 1 Interface for Access Point 2: 192.168.0.3/24Network 2 (CCTV):
Subnet: 10.0.0.0/25
NIC 2 of the Windows machine: Assign an IP within this range, e.g., 10.0.0.1 with no gateway
cameras 1 to 4 set with no gatewayExample Configuration:
pfSense Gateway: 192.168.0.1/24
Windows Machine NIC 1 (Network 1): 192.168.0.10/24
Windows Machine NIC 2 (Network 2): 10.0.0.1/25
Access Point 1: 192.168.0.2
Access Point 2: 192.168.0.3Also create a vpn to access the 192.168.0.0/24 network
Apologies, its been a while since I messed with network configs.
So I need to add the gateway into the 2nd LAN, it does kind of make sense for updating firmwares etc..
-
@rashadmahmood I would set your cameras with pfsense as their gateway, they are not multihomed, etc.. If you want to talk to them directly from any other local network or via your vpn.. They need to be able to talk back..
The only device that you would not set a gateway on is your NVR box that you will have multihomed..
-
Network 1:
Subnet: 192.168.0.0/24
Gateway: 192.168.0.1 (pfSense)
Windows machine for viewing cameras: Assign a unique IP within the range, e.g., 192.168.0.10/24 - dont set gateway
Other LAN devices: Assign unique IPs within the range.
VLAN 1:VLAN 1 Interface for Access Point 1: 192.168.0.2/24
VLAN 1 Interface for Access Point 2: 192.168.0.3/24Network 2 (CCTV):
Subnet: 10.0.0.0/25
NIC 2 of the Windows machine: Assign an IP within this range, e.g., 10.0.0.1 with gateway of lan1 192.168.0.1
cameras 1 to 4 set with gateway of lan1 192.168.0.1Example Configuration:
pfSense Gateway: 192.168.0.1/24
Windows Machine NIC 1 (Network 1): 192.168.0.10/24
Windows Machine NIC 2 (Network 2): 10.0.0.1/25
Access Point 1: 192.168.0.2
Access Point 2: 192.168.0.3Also create a vpn to access the 192.168.0.0/24 network
Does this make sense?
-
@rashadmahmood Not sure why you are calling out vlan 1 or what IPs your AP are going to be on - what does that have to do with anything?
What vlan are you going to create on your switch for this camera network? It would not be the default vlan 1 if that is the network your putting your normal 192.168.0 network on.
