Security Systems - Looking For Resources

Nice feature set, many available and inexpensive! Cheap enough to buy spares. Nice GUI and decent manuals.

The features check all my boxes for security.

 

Yeah, but will it automatically yell "Get off my lawn" like a genuine grumpy old man?

 

As Sec added, they phone home. I run MikroTik Routerboard routers for this reason, but some others will show this traffic as well. I started watching network traffic due to traffic on my network when there should not have been, and looking up IP addresses and discovering that the cameras (I had 4 brands running at the time) were calling home, or somewhere. They use the same method as Teamviewer to do this, meaning that a VLAN will not stop this activity if the router is connected to the internet. Using Cisco or other managed switches just adds another hoop to jump through but will not stop he issue. The only way is to shut down the ports the cameras use.
Ubiquiti is good gear, but way overpriced considering it does nothing special as far as cameras go.

 

I went simple and local...wired Samsung 16 camera dvr...lan to wifi so I can watch locally on phone, svga to monitor by the bed, hdmi to big screen...but no internet access. I could, but don't want to.
Another multicam system to be installed when the weather decides what it's going to do...

 

Do you have any issues between the Netgear switch VLANs and the Ubiquiti EdgeRouter (assume you are using it as opposed to Unifi)? Is the VLAN on the switch recognized by the router? The reason is that I want to set up VLANS for different cases such as Internet only access, internal network only access, and other types of routing rules.

I'm planning on one switch in the house and a second switch in a nearby workshop. There will be the same VLANs on both switches and each switch will connect to the router separately as they are in two separate buildings.

I do like how you are isolating the cameras behind a workstation, so I might consider setting up a second isolated network using a small EdgeRouter and separate cam/security PoE switches in both locations,

 

I have too many VLAN's planned for that type of setup tp be practical, but then for your application it's perfect. I might have to buy a small switch in the series I'm considering (they are cheap) and expirament to see if they play nice. I did get an open box Ubiquiti EdgeRouter pro for a stupid low price since the bandwagon is to Unifi. I really don't want Unifi's plug-n-play type system since I want granular control over everything.

I've been looking into a dedicated computer running Blue Iris (haven't locked that in yet) with dual LAN ports as you described. The software requires Windows 10, which supports dual homing, so I could monitor using Blue Iris's web viewer. That would also allow me to record the streams to my NAS

 

As an update, I've been pondering how best to implement PoE on managed switches. There are two main strategies:

1. PoE injectors
   1. Pros:
      1. inexpensive used managed switches all over eBay
      2. Failed injectors can be replaced
      3. More powerful injectors can be added if needed later

2. Cons:

1. Takes up more space
2. Additional patch cords
3. Power supplies tend to be bricks, complicating cable management

3, Resources:

1. poetexas.com

​

2, PoE enabled switches

1. Pros:
   1. Easier cabling
   2. Less rack space (I'm planning on small wall mounted racks)

2. Cons:

1. All eggs in one basket
2. Assigning PoE to a non PoE port can permanently damage that port or connected device.
3. Increased rack depth compared to non-PoE switches
   
4. Many PoE switches have limitations, for example older Netgear switches can provid PoE+ to a limited number of ports, with others limited to PoE
5. Generally speaking higher costs

​

I was strongly leaning to a rack mount PoE injector solution when I stumbled on a stupid low eBay price on a 24 port 500 Watt Ubiquiti EdgeSwitch (ES-24-500W). A few small scratches on the cover (and I mean small) put it near similar non-PoE switches. Only driven on Sundays by a little old lady, yada, yada, yada, but comes with original box and all original parts, paperwork. Sold sez I; delivery by this Thursday so I can integrate it next weekend.

I'm going to buy a cheap IP Cam to test every single port for functionality and power. A review on YT has got me interest in the ~$50 ReoLink RLC-410 so that looks like a good test subject



Per the spec sheet the Ubiquiti ES-24-500W will provide PoW+ to all 24 ports which is enough to power 24 PTZ's so I'm pretty covered with a maximum of nearly 40W per port (assuming not all ports are PoE enabled). Initially, this will be my main switch as I experiment with VLAN's, port management, etc., but in my next house will be on an isolated network per @BTPost 's configuration.

Why am I set on rack mounting my network gear? First I hate cables and power cords running amuck like a bunch of snakes high in extasy having an orgy. It makes it hard as hell to troubleshoot and you are always untangling things. Second, rack mounted gear is easier to ground for electrical protection. Third, there is less strain on patch cables improving reliability. Fourth, rack mounted equipment is more secure in the event of earthquake. Fourth, it's easier to provide physical security with locking doors and side panels. Fifth, and not least,

I'm attempting to minimize wireless connectivity in my next house to there will be multiple Cat-6 or better runs to each room (2 per bedroom, 4 to my office, etc.) so these will terminate in patch panels in the wall mounted rack. Yeah, I'm even playing with Visio layouts - this is a prototype of the House rack (a MUCH smaller one will be in the workshop). In order from top to bottom (and may change as I progress):

1. PoE switch for cameras (ES-24-500W - arriving Thursday)
   
2. NeatPatch cable management
3. Camera/security patch panel (modular RJ45's) Note: am planning different colored cable and jacks for security vs general network. Hell, yes, everything will be labeled on both ends.
   
4. House Network patch panel (modular RJ 45's)
5. NeatPatch cable management
6. House network switch (ES-24-LITE)
   
7. 1 U cable management
8. Router (EdgeRouter Pro)
9. 2U Blue Iris Security server
   
10. NAS
11. PSU

Yes, I have engineering OCD. Yes, I calculate electrical needs, thermal, etc. Yes, it will get it's own dedicated circuit. So sue me.

Lastly, I came across a great forum dedicated to this stuff: ipcamtalk.com . I've learned a great deal there along with hours and hours of YT vids. I highly recommend perusing the site, especially the FAQ area, if you are new to this or want to expand your knowledge.​

 

My only add here is that any modern POE switch uses sensing to determine if a port needs POE or not. I have a rack full of Cisco 3850s that have POE on every RJ-45 port, but the switch senses if there is a power requirement on the brown/brown-white pair and turns it on or off automatically.

 

The new to me PoE switch arrived and after letting it sit a day to acclimatize I powered it on and did did some research and will experiment more tomorrow and this weekend while all the Ubiquiti gear is still in "lab" mode. I have a PoE Tester on the way and will check all ports for performance.

Yet one more stupid low price on new in box Ubiquiti 48 port non PoE switches (lower than used 24 port non PoE) so another switch is arriving next week so I can lab up the whole shebang.

I did figure out how to get the router to interact with VLANS on the switch. Searching for data is all about the right keywords. It turns out the terms are "port trunking", "sub-interface" (Ciscoese), and "router in a stick". It appears that you can mix and match switch and router makes so long as the VLAN ID's are the same.



There is a how to guide here for Ubiquiti routers if it ever becomes a useful option
EdgeRouter - Router on a Stick

 

Only if you let it happen. I'm OK with the Edge series because it acts like conventional networking. I had to turn on the Legacy UI on the switch, because the new UniFi-ish one is IMO pretty but worthless. The actual UniFi stuff, well no way, Jose. I don't trust things that join others automatically because IMO too prone to attack once someone has access.

Ubiquiti Cloud Keys ain't gunna happen. I'm considering OpenVPN (still researching) for access when I'm away but would only be on when I wanted it on and not all the time.

I'm still concerned about Vendor back door access. I've worked with enough support techs to have seen it in action when they ran into roadblocks. I've also had experience with some grey market Cisco gear that was sold as US and turned out it had some mods made by the manufacturers in China. I figure I'm small enough potatoes that hackers will be going after low hanging fruit (I see so many freaking default SSID's in the wireless in my area it ain't funny. I wonder how many have default admin accounts with the default password?

Even with my VLAN requirements, the Camera/Security LAN will be isolated and only accessed by a multi homed Blue Iris computer.

 

Kinda wrapping things up on this thread, but wanted to follow up on the PoE switch that arrived Thursday.

After a day of letting it sit to acclimatize I turned it on and did a factory reset followed by a firmware update. I ran through the menus for familiarization and to check functionality. I was planning on getting an inexpensive PoE camera to check the ports, this being a used switch, but decided to spend the money on a PoE tester.

I wound up getting the PoE Texas PoE Tester II. If I used the mode where the tester simulates an end device to check each port for voltage and all passed. If the tester is not set to simulate a PoE device it is connected between the two and will display volts, Watts, and Amps used. That's going to come in very handy when devices start getting attached.



Manual in case you are interested: Technical Center

My non PoE switch arrives next Wednesday or Thursday. I'm going to put them into a lab configuration behind my existing router for configuration before migrating to the new equipment.