Home Network topology and getting IP cameras

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Home Network topology and getting IP cameras

Erelyes

8 posts

Wannabe Geek

#305890 11-Jun-2023 20:37

So my last topic on here was about the same thing 8 years ago. Whoops. Since then, tech's changed a bit, my wants have changed a bit, and we're building again (probably dumb in the current economic climate but oh well).

My current setup is fibre via ONT, into a Fritzbox router, into an unmanaged switch. I never ended up getting a WAP or two as WiFi was 'sufficient' from the router, although in honesty it's not great.

I want to add a couple PoE security cameras, and PoE WAPs as the new house is bigger and partly two storey.

Does the attached topology make sense with two switches, or should I invest in a switch that has enough ports for everything (probably a 24-port with some of those PoE)?
Am I better getting/building a standalone DVR then buying the cameras, or are there decent packages? I would want them to be IP, connected via Cat6.
I don't think I want to login to my cameras when I'm away from home, but it'd be nice to have... does this mean extra hassle/security concerns, static IP etc? I'd prefer something not cloudbased but could be convinced otherwise.
I currently have a Fritzbox router and use the access control... when I get WAPs and cameras, I'd have to login to those separately to control access I presume?
Is there a decent do it all solution that could cover routing, cameras and WAPs? I've seen Ubiquiti and TP-Link mentioned but have also heard of nightmares with firmware updates breaking stuff randomly. It'd be nice to just login to something from my desktop that can control access, check what the kids have been doing, and keep an eye on the front door to see when the courier arrives... without putting dumb holes in my network security.

Budget is 'enough to be building a house, but not enough to throw multiple thousands of $ into networking'. Cheers

Jase2985

13465 posts

Uber Geek

ID Verified

Lifetime subscriber

#3088646 11-Jun-2023 20:41

if you get a DVR it will likely have POE ports for the cameras already build into it so cameras can connect straight to that.

you can get some switches with a larger amount of ports that also have a few POE ports included which can help save space and power.

depending on how you consume media, you might be better conncting the swicthes together and just have one connected to the router so all traffic isnt going through the router, only that destined for the internet.

tcabw

68 posts

Master Geek

#3088725 11-Jun-2023 22:38

If I was building again, I'd run at least several ethernet cables to every room to combination plug sockets and rj45's. Terminate the ends where the router and ONT will be situated (possibly in the garage?) into the largest switch you can afford! Murphy's law will dictate how many you install, you'll never have enough! All the retirement villas being built these days are wired in this manner.
I have a Synology Diskstation which allows 2 cameras to be monitored on the existing licence. It also stores/feeds 8tb of video and music throughout the house. My cameras record 24/7 on a 7 day rotation. I've been using these NAS for over 10 years and found them ultra reliable.

Good luck!

MarkM536

309 posts

Ultimate Geek

#3088926 12-Jun-2023 11:34

Erelyes:

My current setup is fibre via ONT, into a Fritzbox router, into an unmanaged switch. I never ended up getting a WAP or two as WiFi was 'sufficient' from the router, although in honesty it's not great.

I want to add a couple PoE security cameras, and PoE WAPs as the new house is bigger and partly two storey.

Am I better getting/building a standalone DVR then buying the cameras, or are there decent packages? I would want them to be IP, connected via Cat6.
I don't think I want to login to my cameras when I'm away from home, but it'd be nice to have... does this mean extra hassle/security concerns, static IP etc? I'd prefer something not cloudbased but could be convinced otherwise.
I currently have a Fritzbox router and use the access control... when I get WAPs and cameras, I'd have to login to those separately to control access I presume?
Is there a decent do it all solution that could cover routing, cameras and WAPs? I've seen Ubiquiti and TP-Link mentioned but have also heard of nightmares with firmware updates breaking stuff randomly. It'd be nice to just login to something from my desktop that can control access, check what the kids have been doing, and keep an eye on the front door to see when the courier arrives... without putting dumb holes in my network security.

Budget is 'enough to be building a house, but not enough to throw multiple thousands of $ into networking'. Cheers

Biggest issue with running a seperate network switch for your NVR (network video recorder, for IP cameras) is that your cameras are on your main home network.

To make it better you would isolate those cameras on their own VLAN with managed switches or the bare minimum of blocking the cameras from phoning home on your router.

Three reasons;

To save your home network from a potentially bad camera. Whether the camera is phoning home to China or it's downloaded firmware that was replaced by malware. IoT malware attacks to form a large scale DDOS attack happen...
So people on your network cannot scan and attempt to login to your cameras directly or even use Wireshark to find the video feed and intercept it (typically IP cameras don't use encryption without setting it up).
To save overloading your network with extra traffic. My 4mp cameras in H.265 are around 12mb/s each, that adds up for multiple cameras.

For home users with no desire to make it complicated VLAN'ing off, just by an NVR with a built in POE switch. You can still run cameras on the home network and bring it into to the NVR if really needed.

Accessing remotely can be done a few ways:

Manufacturer's cloud service
P2P (via Manufacturer's P2P service)
Port forwarding and Static/DDNS.
VPN and Static/DDNS.

I personally like VPN because it adds an extra layer of authentication before connecting to the NVR and it can be setup to allow access to other devices in your home network (E.g. Home Automation).

Most NVR's never get a firmware update.... port forwarding exposes it to the internet directly to it's login/command line. [NOT HTTPS] insecam.org is an example of exposed cameras with no login at all.

P2P also relies on the NVR's security and the manufacture's cloud service not getting hacked to become a list of vulnerable devices to an attacker.

E.g. Manufacture gets a server attack and attacker gets a list of every camera system registered with the P2P service. Attacker uses this list and knowledge of a certain brand to create an automatic malware attack loaded onto each system. Each system then is part of a DDOS attack on another company.

Easy setup for monitoring of devices usually needs to be the whole branded 'eco system'.

Ubiquiti stuff to get the dashboard properly needs a UniFi router, Unifi controller and UniFi access points. (Some of the UniFi routers have a controller built in).

Erelyes

8 posts

Wannabe Geek

#3088977 12-Jun-2023 12:55

Yeah sounds like I'm best connecting the cameras to the NVR (not DVR whoops) and then connecting the WAPs, and the NVR, to a single switch. The more I think about it the more I don't care or want remote access to the camera stuff - I just want a local storage 'thing' that I can see on my own network but isn't exposed to the internet.

We're running Cat6 to nearly every room, plus some to likely camera locations, and WAP locations

MarkM536:

For home users with no desire to make it complicated VLAN'ing off, just by an NVR with a built in POE switch. You can still run cameras on the home network and bring it into to the NVR if really needed.

[...]

I personally like VPN because it adds an extra layer of authentication before connecting to the NVR and it can be setup to allow access to other devices in your home network (E.g. Home Automation).

Yeah I remember seeing something about insecam and wanting to avoid that. Plus avoiding cloud-based stuff. As far as the GUI goes I guess I'd be fine with having a separate frontend for switches/router, and then a separate one for the NVR if needed.

If there anything you'd recommend in terms of NVR+cameras, and/or switch? I'd need a max of 16 RJ45s in the switch, counting all the rooms, the 2-3 WAPs, and the NVR. PoE on a few ports would be nice for the WAPs but worst case I could just use injectors. All the gear's going to go into the garage or a closet or the like, I can live with a little noise / not being super compact. If there's a halfway decent guide to setting up I'd even be OK buying a NUC, attaching a 3.5" drive in the 10-20TB region and putting some sort of linux distro on it to serve as the NVR.

Feeling a bit blind here, I used to know more about setting up this stuff when it was the 'set blaster' days!

MarkM536

309 posts

Ultimate Geek

#3089084 12-Jun-2023 15:29

Erelyes:

As far as the GUI goes I guess I'd be fine with having a separate frontend for switches/router, and then a separate one for the NVR if needed.
If there anything you'd recommend in terms of NVR+cameras, and/or switch? I'd need a max of 16 RJ45s in the switch, counting all the rooms, the 2-3 WAPs, and the NVR. PoE on a few ports would be nice for the WAPs but worst case I could just use injectors. All the gear's going to go into the garage or a closet or the like, I can live with a little noise / not being super compact.
If there's a halfway decent guide to setting up I'd even be OK buying a NUC, attaching a 3.5" drive in the 10-20TB region and putting some sort of linux distro on it to serve as the NVR.

1. GUI with router and NVR...?

I haven't heard of anything like that before as an interface for 3rd party systems offered by a router or an NVR . I have something similar but it's achieved through my home automation (Home Assistant).

Ubiquiti Unifi also has their range of Unifi security cameras. It brings everything under one umbrella but it's a lot of money and not 3rd party camera friendly.

2/3. Camera wise,

I personally don't use anything lower than the quality of Hikvision/Dahua stuff.

Mainly because home brands like Reolink, Swann don't have good 3rd party support and the commercial cameras have better range of imaging sensors/analytics.

My own NVR is Dahua and most cameras are Dahua, other brands on it are Avigilon, Axis & Bosch. The NVR has a built in POE switch.

But this NVR I have is very overpriced for what function it can do compared to other more DIY options.

And now we loop back to using a seperate POE switch and needing to manage things...

A PC running software like Milestone xProtect (I think it's still free for <=8 cameras) or Blue Iris can be far more powerful than an embedded NVR. Even Frigate running within Home Assistant is amazing now days (+$200 Google Coral AI GPU thing).

There's a lot of information about Blue iris on IPcamTalk forum.

If you go with a VMS (video management software) it can be customised in sooo many ways. But the drawback is that makes it more complicated.

2. Networking gear,

Depends on how you want everything managed.

Ubiquiti's 'Unifi' range of Access Points, Switches and Routers makes it all controlled in one place. Very easy to select a device and isolate it on a VLAN, or restrict a certain device (e.g. child internet hours).

You don't have to use everything the same brand. A generic unmanaged switch, Ubiquiti router and Ubiquiti Access points would give you enough management of the WiFi network and restricting a device from the internet (e.g. NVR).

Erelyes

8 posts

Wannabe Geek

#3089482 13-Jun-2023 15:00

A PC running software like Milestone xProtect (I think it's still free for <=8 cameras) or Blue Iris can be far more powerful than an embedded NVR. Even Frigate running within Home Assistant is amazing now days (+$200 Google Coral AI GPU thing).

...

Ubiquiti's 'Unifi' range of Access Points, Switches and Routers makes it all controlled in one place. Very easy to select a device and isolate it on a VLAN, or restrict a certain device (e.g. child internet hours).

You don't have to use everything the same brand. A generic unmanaged switch, Ubiquiti router and Ubiquiti Access points would give you enough management of the WiFi network and restricting a device from the internet (e.g. NVR).

Thanks, I'm liking the sound of that. Match router/APs, generic switch with some PoE capability to cover the APs and main connections.

I'll look into DVR/Camera options. Dahua is sounding tempting.