Adding a POE switch

[moosport]

I'm planning to add a 8 port POE switch to my existing network. Looking for some ideas how to integrate and isolating sections of the network. The POE switch will have a set of IP cameras and 2 wireless POE AP.
Either zoneminder or blue iris will need access to the camera plus the freenas for storage video.

pfsense, zoneminder, and freenas are VMs.

Current setup is :
Cable modem -> Pfsense (router) -> HP 1810
-> Linksys E4200 (bridged mode)

New setup
Cable modem -> Pfsense (router) -> HP 1810
-> POE switch -> IP cameras
-> Wireless APs

 

[System Error Message]

HP make POE switches but they can be pricey. The main question is what type of POE switch do you need. Managed or unmanaged?
Some cheaper POE switches dont support POE on all ports and it is important you check the wattage rating. Using long cables for POE is undesirable as some voltage and energy are lost on the cable itself. Dont forget to check that they support the needed POE protocols and voltages.

If the switch itself uses 10W, the cameras use 15W each and you have 5 and you have 2 APs that use 5W each than the total wattage you need would be 95W so a 100W switch would work.

So before buying a switch look at the specs of the devices you will use attached to them, the number of watts they will use , voltage and POE format that they support.

 

[L&LD]

Take into consideration the line loss of POE not just for the switch and power supply itself, but for each device too. Longer runs and/or many of them may just bump you into a much higher power POE solution than you would think if you just add the wattage of each device all together.

In the end, I would over estimate the wattage needed than underestimate it to save a few dollars now, but give you phantom issues or outright failure in the near future.

 

[moosport]

I'm looking at either TP-LINK TL-SG1008P or TP-LINK TL-SG2210P or HP J9298A

The traffic between to cameras and wireless APs will need to be segregated. A managed switch is needed.

 

[System Error Message]

you need semi managed. fully managed is when you need ACLs, filters and configurability that you dont get with semi managed. semi managed allows segmentations and are cheaper.

 

[moosport]

you need semi managed. fully managed is when you need ACLs, filters and configurability that you dont get with semi managed. semi managed allows segmentations and are cheaper.

A semi-managed to separate the cameras from the wireless AP. Should the new switch be connected in parallel with the exist switch? I'll will need another port in pfsense for parallel setup.

 

[System Error Message]

a POE switch is more expensive than a normal switch.

The question is, POE switch with many ports vs normal switch with many ports + POE switch with only enough ports for your POE powered devices. Its more of a pricing comparison. The first choice (1 central switch) is the best in network efficiency (no bottlenecks) while the 2nd choice would have a bottleneck between central switch and POE switch unless you use a 10Gb/s port or stacking port. However if you dont need so much traffic between your POE switch and central switch than not an issue.

 

[moosport]

Maybe I was clear in my original post. I have a 24 port managed switch and looking to add a 8 port POE switch for IP cams and wireless AP.

Should the new switch be installed in parallel to the existing HP Procurve?

 

[System Error Message]

you cant put a switch in parallel not without some sort of advanced switch protocol.
Simply plug the POE switch into the main switch.

I was just mentioning different ways to build your network.

When selecting a switch, some switch will do POE on all ports while some on some ports. As for managed or not depends on your requirements. vlans require managed but i would suggest going for managed as it would give you the interface to also configure POE.

 

[moosport]

how would you redesign the network given there is a Procurve 1800-24G, a 8 ports POE (all 8 ports support POE), 2 wireless AP using POE and pfsense? 4 POE IP cameras.
ESXi server with 4 VMs including pfsense and freenas. Currently everything not wireless tied back to the HP switch through a patch panel or directly to the switch. I attached a picture of the existing design.

 

[coxhaus]

I would use separate VLANs. I would connect your storage device for the cameras in the same VLAN as the cameras. If you don't have a layer 3 switch then pfsense will support VLANs. You could also add another NIC to pfsense and run separate networks. But I think you will gain more flexibility using VLANs for future changes.

 

[moosport]

i thought about adding another NIC to pfsense to create another LAN2. If I create 2 VLANs in pfsense, I will not need the NIC?
Is there a way to share the storage instead of having a separate storage device in the VLAN for cameras? It will not be secure I suspect?

 

[coxhaus]

You should be able to share. I am sure pfsense will handle it either way. I use a layer 3 switch with pfsense so I would handle it in my Cisco SG300-28 layer 3 switch.
What do you mean by secure? In my layer 3 switch I have ACL which will control access on my network so I can lock it down. Pfsense probably can do the same thing. You need to research and maybe post a question. The question needs to be technically worthy of the pfsense forum people for them to answer.

PS
If you use VLANs then only one NIC is needed on pfsense.

 

[moosport]

What I meant by secure is traffic in the camera VLAN is restricted such that no traffic get out of there except zoneminder or blue iris access. Because it is running out of the same box as the NAS and pfsense.