Multi network setup help

[SticKx911]

If this is even possible, I need to set up 2 wifi networks that work independently but route together. I have a handful of wifi cameras that when I set to record, my entire network slows to a crawl. I have tried numerous routers and the issues remain.

Yes wifi cameras suck, but I'm not in a position to cat6 up the house and replace what I have just yet. For now I'd like to just set up a secondary ddwrt router I have laying around to handle the cameras and only access the main gateway for internet traffic. (remote viewing).

I have a basic understanding of home networking, but this is just out of my grasp to do it right. Any good guides out there to help me accomplish something like this?

Thanks and sorry I'm an idiot.

 

[Brian_B]

Two APs, each with a different SSID. Both would source back to a common router. Might be able to do it with one AP and Guest Network setting

 

[FNtastic]

Ubiquiti AP Lite can broadcast multiple networks from one access point. You can then create VLANs that will allow you to route traffic between the networks, if desired.

You don't need, or want, multiple pieces of hardware to accomplish what a single AP can do. You'll be asking for more trouble if you go that route.

 

[HammerSandwich]

Make sure the channels don't overlap.

 

[BlueLineSwinger]

Make sure the channels don't overlap.

Only an issue with multiple APs. A single AP uses only a single channel (per band), even if broadcasting multiple SSIDs.

 

[IdiotInCharge]

You don't need, or want, multiple pieces of hardware to accomplish what a single AP can do. You'll be asking for more trouble if you go that route.

Well, you want multiple channels here, which usually means multiple APs. Remembering that WiFi is a single broadcast domain per channel, and given disparate broadcast distances adding delay, getting the cameras off of the 'data' chanel makes a bit of sense.

 

[BlueLineSwinger]

Well, you want multiple channels here, which usually means multiple APs. Remembering that WiFi is a single broadcast domain per channel, and given disparate broadcast distances adding delay, getting the cameras off of the 'data' chanel makes a bit of sense.

Why would you want multiple APs (and the required separate broadcast channels) just to segregate devices? Such a scenario is exactly the type that an AP set up for multiple SSIDs/VLANs is intended for.

Multiple APs are for expanding coverage area, not partitioning off various client devices.

 

[FNtastic]

Well, you want multiple channels here, which usually means multiple APs. Remembering that WiFi is a single broadcast domain per channel, and given disparate broadcast distances adding delay, getting the cameras off of the 'data' chanel makes a bit of sense.

Nope. Single AP broadcasting multiple networks. Like I explained. Looks like BlueLineSwinger already pointed out why one might want multiple APs. Not the case here

 

[IdiotInCharge]

Why would you want multiple APs (and the required separate broadcast channels) just to segregate devices? Such a scenario is exactly the type that an AP set up for multiple SSIDs/VLANs is intended for.

Multiple APs are for expanding coverage area, not partitioning off various client devices.

Well, you're getting that potential benefit, but what you're really doing is clearing the broadcast domain by moving the slower but steady consumers off so that bursty and high-bandwidth stuff doesn't get degraded, as the OP is seeing.

Perhaps it's not the best way to approach the problem, but it's certainly quick, cheap, and easy, and effective.

 

[IdiotInCharge]

Note: I'm not approaching this as a gateway issue or a security issue; this is a layer 1 WiFi issue, in my opinion.

 

[Grentz]

Why would you want multiple APs (and the required separate broadcast channels) just to segregate devices? Such a scenario is exactly the type that an AP set up for multiple SSIDs/VLANs is intended for.

Multiple APs are for expanding coverage area, not partitioning off various client devices.

Nope. Single AP broadcasting multiple networks. Like I explained. Looks like BlueLineSwinger already pointed out why one might want multiple APs. Not the case here

The scenario he is seeing is degraded performance as the Wifi cameras are steady consumers of the channel traffic, not the need to separate the traffic for routing, security, etc.. Simply using a multi-SSID AP will do nothing to help with this problem as the multiple SSIDs are still on a single channel and share the bandwidth.
A clean answer is to either use a multi-radio AP or multiple APs on different non-overlapping channels. You could even do this without standing up a new network and see a benefit (increase the density of coverage and minimize the # of clients per radio).

 

[SticKx911]

Note: I'm not approaching this as a gateway issue or a security issue; this is a layer 1 WiFi issue, in my opinion.

Yes. Ignoring the obvious security holes of wifi cameras. Ha.

All the devices are just getting bombarded with dvr fluff so packet delays are dragging down the network. I would at least need to run different channels I would think. That and the AP can only talk to so many things and the 8 full time cameras are a lot of constant traffic.

In the past I’ve tried using multiple ap’s to split the load (like 2 cameras on each) but all wired together...running 4 ddwrt routers on different IPs but all the same network. It was too much to maintain and it barely helped

The scenario he is seeing is degraded performance as the Wifi cameras are steady consumers of the channel traffic, not the need to separate the traffic for routing, security, etc.. Simply using a multi-SSID AP will do nothing to help with this problem as the multiple SSIDs are still on a single channel and share the bandwidth.
A clean answer is to either use a multi-radio AP or multiple APs on different non-overlapping channels. You could even do this without standing up a new network and see a benefit (increase the density of coverage and minimize the # of clients per radio).

I’ve upgraded routers a couple times to varying levels. Went from a wrt 1200 to a 3200. Now I’m on a netgear orbi 3000 with 2 satellites as I had hoped splitting the load/bands would help. As soon as I plug dvrs in, everything grinds to a hault. All my cameras are 2.4g and even the 5g band gets a communication hit albeit not as bad. Ideally I’m going to dump these and go wired, but for the interim, I can try to set my 3200 to just run the cameras and gateway into the orbi. So that way all local traffic is separate, but internet traffic can mingle. That said other than configuring the gateway address, I don’t quite know what to do to keep the local traffic from crossing.

 

[EniGmA1987]

If this is even possible, I need to set up 2 wifi networks that work independently but route together. I have a handful of wifi cameras that when I set to record, my entire network slows to a crawl. I have tried numerous routers and the issues remain.

Yes wifi cameras suck, but I'm not in a position to cat6 up the house and replace what I have just yet. For now I'd like to just set up a secondary ddwrt router I have laying around to handle the cameras and only access the main gateway for internet traffic. (remote viewing).

I have a basic understanding of home networking, but this is just out of my grasp to do it right. Any good guides out there to help me accomplish something like this?

Thanks and sorry I'm an idiot.

If you want your wifi camera video traffic completely separate, then you should have something like an EdgeRouter (or various other ones but ER is common, cheap, and good) and have your main network on 192.168.1.x, and then a second subnet on 192.168.2.x. Have that second subnet go to a switch, and the switch goes to the server/NVR that is recording the wifi camera streams and also to one or two APs specifically for the wifi cameras. That will keep all traffic on their own network until it needs to get to the internet for remote viewing. You could even make specific rules blocking all traffic to the actual cameras at the router so their traffic can only get to the NVR, and then for remote viewing you log into your NVR itself to view the streams. That would block the security issues of cheap wifi cameras as well.

Depending on how the cameras work, they may be broadcasting all over the network which spams it with traffic. That could be causing the performance issue you are seeing. In this case, the router can block those packets from getting to your computer network, but will still take router CPU time. You could go with a managed switch with IGMP Snooping to block the multicast traffic from spamming the whole network and let that one switch on the video network do all the filtering so the traffic never even hits your router. Something like this multicast traffic may be your issue as the network gets saturated by packets rather than being a sort of "not enough bandwidth" issue. Reason being if you had 8 cameras at med-high bitrate 1080p, you would probably be only around 60-70 megabits per second used on the network over the wifi AP the cameras use. You should have more bandwidth than that, unless the cameras only support wifi-n or older. If they support wifi-AC (I assume they do since you said your wifi AP runs both 2.4 and 5GHz) then you should have enough bandwidth on a single access point for at least a dozen cameras. However if a dozen cameras are spamming multicast traffic then the whole network would easily be saturated. I have seen less than a dozen clients using only 10-20mbit of traffic bring down a whole network before when they spam out nothing but multicast on a network without a switch or router to filter that traffic to only the necessary devices.

 

[BlueLineSwinger]

The scenario he is seeing is degraded performance as the Wifi cameras are steady consumers of the channel traffic, not the need to separate the traffic for routing, security, etc.. Simply using a multi-SSID AP will do nothing to help with this problem as the multiple SSIDs are still on a single channel and share the bandwidth.
A clean answer is to either use a multi-radio AP or multiple APs on different non-overlapping channels. You could even do this without standing up a new network and see a benefit (increase the density of coverage and minimize the # of clients per radio).

Ugh, yeah. I somehow completely missed/forgot that this appears to be some kind of WiFi bandwidth issue and got security/device segmentation stuck in my head. My bad.

 

[SticKx911]

If you want your wifi camera video traffic completely separate, then you should have something like an EdgeRouter (or various other ones but ER is common, cheap, and good) and have your main network on 192.168.1.x, and then a second subnet on 192.168.2.x. Have that second subnet go to a switch, and the switch goes to the server/NVR that is recording the wifi camera streams and also to one or two APs specifically for the wifi cameras. That will keep all traffic on their own network until it needs to get to the internet for remote viewing. You could even make specific rules blocking all traffic to the actual cameras at the router so their traffic can only get to the NVR, and then for remote viewing you log into your NVR itself to view the streams. That would block the security issues of cheap wifi cameras as well.

Depending on how the cameras work, they may be broadcasting all over the network which spams it with traffic. That could be causing the performance issue you are seeing. In this case, the router can block those packets from getting to your computer network, but will still take router CPU time. You could go with a managed switch with IGMP Snooping to block the multicast traffic from spamming the whole network and let that one switch on the video network do all the filtering so the traffic never even hits your router. Something like this multicast traffic may be your issue as the network gets saturated by packets rather than being a sort of "not enough bandwidth" issue. Reason being if you had 8 cameras at med-high bitrate 1080p, you would probably be only around 60-70 megabits per second used on the network over the wifi AP the cameras use. You should have more bandwidth than that, unless the cameras only support wifi-n or older. If they support wifi-AC (I assume they do since you said your wifi AP runs both 2.4 and 5GHz) then you should have enough bandwidth on a single access point for at least a dozen cameras. However if a dozen cameras are spamming multicast traffic then the whole network would easily be saturated. I have seen less than a dozen clients using only 10-20mbit of traffic bring down a whole network before when they spam out nothing but multicast on a network without a switch or router to filter that traffic to only the necessary devices.

That sounds like what I’m going for. Half of that is french to me at the moment, but it gives me something to to at least base my google searching on. Haha.

 

[EniGmA1987]

That sounds like what I’m going for. Half of that is french to me at the moment, but it gives me something to to at least base my google searching on. Haha.

So basically your network would look something like this:

The EdgeRouter should have a wizard you can run to easily set up the basic WAN, LAN1, and LAN2 ports configuration with little knowledge needed. An ER-X is a cheap little device that can handle around 150-200mbps internet connections. So it you have less than that it will be fine.
The 5 port netgear switch is on Amazon for like $30-40 I think. Nothing special, just lets your PCs connect and lets you plug your wifi into it.

The only real special thing is a managed switch. IGMP Snooping can be hard to set up right depending on how the configuration is implemented. Some are just a simple checkbox and it does everything for you ina "smart way" and works great. Other manufacturers require you to set the IPs for listening and all that stuff and requires more work. Cost of a managed switch can also be somewhat high.

 

[SticKx911]

So basically your network would look something like this:

View attachment 135200




The EdgeRouter should have a wizard you can run to easily set up the basic WAN, LAN1, and LAN2 ports configuration with little knowledge needed. An ER-X is a cheap little device that can handle around 150-200mbps internet connections. So it you have less than that it will be fine.
The 5 port netgear switch is on Amazon for like $30-40 I think. Nothing special, just lets your PCs connect and lets you plug your wifi into it.

The only real special thing is a managed switch. IGMP Snooping can be hard to set up right depending on how the configuration is implemented. Some are just a simple checkbox and it does everything for you ina "smart way" and works great. Other manufacturers require you to set the IPs for listening and all that stuff and requires more work. Cost of a managed switch can also be somewhat high.

That’s awesome. Thanks! Pretty sure I’m at 100mbs wan so I should be ok. Could I swap managed or ERX with a ddwrt setup? Just disable the wireless on each. (Only asking because I have a handful of those on hand collecting dust)

I have an unmanaged already. I have a pile of ddwrt or random wireless APs.

If not, any recommendations on a brand for managed switch? Hoping not to spend a fortune, but my goal long term is to switch to cat6 cameras anyway so I May as well get something I can use with those later too.

 

[EniGmA1987]

That’s awesome. Thanks! Pretty sure I’m at 100mbs wan so I should be ok. Could I swap managed or ERX with a ddwrt setup? Just disable the wireless on each. (Only asking because I have a handful of those on hand collecting dust)

I have an unmanaged already. I have a pile of ddwrt or random wireless APs.

If not, any recommendations on a brand for managed switch? Hoping not to spend a fortune, but my goal long term is to switch to cat6 cameras anyway so I May as well get something I can use with those later too.

I have only ever needed to use IGMP Snooping in industrial environments since many industrial protocols use multicast traffic, so I only know the options in 3 different manufacturers of industrial switches. Of the ones I have used the option on, Moxa switches were the easiest by far. However all these industrial switches are very expensive. Here is a link to the ones we use: https://www.neteon.net/moxa-eds-510e-3gtxsfp-t
Im sure there are many cheaper options in the consumer space. I also just remembered you cant even power those at home without extra equipment for an industrial power supply...


As for the DD-WRT, I dont think you can use it. You could always try it and see, but you need a router that can run two different subnets for LANs. A DD-WRT flashed router still has all its LAN ports on the same switch chip, so I doubt you can run different subnets. But you never know, you could always plug it in and see if there is the option to do so.
Though if multicast traffic is your problem, and if you get a managed switch that can filkter that traffic and place it between the cameras and the DD-WRT router, then that multicast traffic shouldnt ever reach the router so it may be fine running it all on the same network through a DD-WRT router anyway and you may not need the different subnets.

 

[SamirD]

Depending on the bandwidth requirements for the camera, I would put them on a completely different bandwidth--2.4 or 5ghz--than the rest of the wireless devices. You can accomplish this by either segmenting devices in your current router or by using a separate access point/router to do the same.

This will get rid of most if not all of the collisions in the air that are happening when the cameras are hammering away during recording.