Should i VLAN...?

Currently just using a belkin wireless router.

Looking to setup multiple megapixel ip cameras (edge recording on sd card). Just got a free layer 2 managed switch, Signamax 065-2276S.. Its a POE 10/100 switch.

I need the switch for POE anyway.. But, do i vlan? Or since im recording on edge is it not needed? Let me know your thoughts..!

Not sure what the point would be.

Doesn't hurt, I vlaned my PoE cameras so someone can't just tap into my home network by busting my cameras to access the ethernet cable. Put it in it's own DMZ with firewall rules and such.

Miikun said:

Doesn't hurt, I vlaned my PoE cameras so someone can't just tap into my home network by busting my cameras to access the ethernet cable. Put it in it's own DMZ with firewall rules and such.

Click to expand...

I'd be more worried about wireless attacks than the blatantly visible attack this would require.

Ultima99 said:

I'd be more worried about wireless attacks than the blatantly visible attack this would require.

Click to expand...

I do, I have my wireless nest / solar inverter monitor, Security PVR and other compromisable devices on the same untrusted vlan. A separate wireless network for HTPC media players / AV components firewalled to access the media server only, and a separate vlan/dmz for guests/phones/laptops that require use of openvpn to connect to the internal network. Doesn't actually cost anything to do once you have a nice switch and a vlan capable access point, so "doesn't hurt" if you have some time to burn.

Not a bad idea to split device types with vlans and firewall rules especially when one type does not need access to other. Ex: workstations don't need direct access to cameras and vice versa. I'd put cameras on their own vlan along with DVR.

Thanks guys.

Given the gear I have.. Would I be better suited at getting rid of my belkin wireless router, and getting a new WAP to run off the managed switch?

or.. is there a way I can still utilize the gear I have to accomplish the goal?

Depends on the Belkin router, some home routers support VLANs and if not open source firmware like DD-WRT though it's a bit hit or miss on how well they support complicated configs (I ended up getting some ubiquity APs since they work decently well, don't cost too much, and have PoE support so they can pretend to be smoke detectors on the ceiling).

One thing though is a good firewall really ties it all together. Just an old laptop with a supported gigabit nic and PFsense works well, you can do it with a single gigabit NIC since it supports VLANs and you put your WAN/LAN/Untrusted/Appliance subnets all via that NIC. Once you get PFsense working, it opens up some really cool options (for example routing all internal outbound traffic through a domestic anonymizing VPN, or all traffic destined to a European IP range via another anonymizing VPN within Europe so you can see local TV, and stuff), or passing all DNS traffic through your VPN so you're just a black box except for your initial DNS lookup to locate your VPN provider.

+1 for Mikun. I thought I was the only one that has a firewall running 7 networks on a single link

Don't go for an old laptop though, small system on chip based PC does better. The new intel avoton atoms rock hard for firewall duty. Plus it has the power to decently handle VPN due to the hardware crypto unit in the cpu.

Best decision I ever made was to junk all the small home networking crap*. Bought good managed switches and went DIY on the router... Also killed the wifi and replaced it with cabled everything. I reached networking nirvana...

*And I do mean CRAP! All of it. Even the home routers that are popular and expensive. Noncompatible VPN, no updates, cheap network interfaces with crappy buffers that explode if you open 10000 connections at the same time...