Help with Designing Network (noob)

[Oyster1286]

Hi everyone. I'm pretty new to home networking. A while ago I setup an OpenWRT WiFi Router and that was quite complicated but I got it working. I'm now trying to better understand networking as a whole and design my own home network. I have been planning to build a NAS for file sharing, etc. and install surviellance cameras while using the software Frigate and since I just got Fiber I figured now would be a good time to recreate my network and do it properly. I uploaded an image down below in the spoiler with a few ideas of how I could create my network and would love to hear your expert thoughts on them. Are they decent ideas or completely missing the point? Do you have a better idea? I think #4 is my favorite as it uses a 4 port Vault which is cheaper than a 6 port and it eliminates a switch which also keeps the price lower. My only holdup is that I don't know if I can connect the switch with PoE cameras to the second ethernet port on my future NAS and expect it to work.

PS. All appliances in the image are wired together.

Extra information on devices I might use:

• Protectli Vault w/ coreboot and PFSense for firewall and routing with a mostly system wide VPN
• x1 WiFi router in AP mode not on VPN (or maybe dedicated IP VPN in future) for Streaming TV using Gl iNET Beryl AX
• x1 WiFi router in AP mode on VPN for all other devices using GL iNET Flint 2
• NAS will be an Odroid H3+ (has two 2.5GbE ports) running OpenMediaVault with two Docker containers. One with NextCloud and the other running Frigate, the surveillance camera software.
• Printer
• Up to x10 PoE surveillance cameras
• A managed PoE switch for all of the cameras
• All other electronics will be connected over WiFi

Spoiler: Network Layout Ideas Image

 

[Tech Junky]

Well, it all depends on what you have on hand already or if you need to purchase everything to make it work.

Rebuilding from the ground up and planning makes a big difference in cost and managing things.

Rule #1 don't use a router as an AP - get a real AP. Cheaper and more effective WIFI coverage

Instead of the PCLI you could just reuse a PC and add a couple of NICs to it for the port density. Choose an OS you're comfortable with and supports the NIC you want to use.
-- using a PC will allow more features though the PCLI will do the same things if you configure them.
-- PC will offer expansion options
-- PC can also house your "NAS" by just putting the drives inside and turning on samba

Consolidating things ~$600 gets you a powerful solution and simplifies things from the base networking / NAS foundation

POE is the expensive part as port density and power budget are pricey compared to powering with an AC adapter but, managing them with POE is easier for monitoring. Putting them all on the same switch and then uplink from there to the main connection keeps it simple and cos effective.

Another perk of the PC setup is it can grow with you or you can add higher speed ports via NIC in another slot for higher priority data w/o replacing the whole device. Adding a 10GE port $90 vs replacing the box for $350 or if you want dual 10GE ~$200. Depends on if you think you'll want to upgrade the ISP connection or need more data to the drives and so on.

 

[tgl]

Hi everyone. I'm pretty new to home networking. A while ago I setup an OpenWRT WiFi Router and that was quite complicated but I got it working. I'm now trying to better understand networking as a whole and design my own home network.

Welcome to the forums! There are other people around here with a lot more experience than I, but there are a few points I feel comfortable commenting on.

Extra information on devices I might use:

• Protectli Vault w/ coreboot and PFSense for firewall and routing with a mostly system wide VPN
• x1 WiFi router in AP mode not on VPN (or maybe dedicated IP VPN in future) for Streaming TV using Gl iNET Beryl AX
• x1 WiFi router in AP mode on VPN for all other devices using GL iNET Flint 2
• NAS will be an Odroid H3+ (has two 2.5GbE ports) running OpenMediaVault with two Docker containers. One with NextCloud and the other running Frigate, the surveillance camera software.

The hardware and software you're choosing here are not much discussed on snbforums, as far as I've seen. Maybe they're perfectly fine gear, but you might get better advice about using this stuff elsewhere.

Independently of brand choices, I don't buy using one AP for a streaming TV and a second one for all else. TVs don't really eat that much bandwidth by modern standards --- I believe even 4K streams are only 20 or 25 Mbps. You should be buying APs according to how much space you need to cover, rather than pre-judging what connects to what.

Also, if you are setting things up with a separate router (which I do approve of) then buying a WiFi router and using it as merely an AP is throwing money away on hardware you don't need. Get something that's intended as a plain AP. There's not much of that in the consumer space but SMB-oriented lines have plenty of it. I've had good results with Zyxel's APs, and other people speak highly of Cisco, Omada, and Ubiquiti APs.

• All other electronics will be connected over WiFi

Is none of your other gear particularly network-performance-critical? You will always get better throughput from devices that are wired not wireless, so this is something to be cautious about.

Also, you might want to think about whether your design supports segregating different WiFi devices into separate VLANs, so that you can put low-trust devices (like cheap IoT junk) onto a separate firewalled SSID. For this you will need VLAN-aware APs and VLAN-aware (i.e. managed) switches, as well as a router that can control connections between the VLAN subnet and the outside world. You don't necessarily need to set that up on day one, but you should buy gear that's able to handle it.

 

[tgl]

Rule #1 don't use a router as an AP - get a real AP. Cheaper and more effective WIFI coverage

Agreed. For same price you will get better RF gear.

POE is the expensive part as port density and power budget are pricey compared to powering with an AC adapter but, managing them with POE is easier for monitoring.

I think the value of POE is only having to run one cable rather than two (for power and signal) to a camera or AP that's located out of easy reach. This is definitely worth something, but as @Tech Junky says, switches with lots of available POE power are expensive. Also problematic in a home environment is that they likely have noisy fans. You might be better off with a couple of smaller switches with lower power budgets.

 

[Oyster1286]

Well, it all depends on what you have on hand already or if you need to purchase everything to make it work.

I'm starting over from scratch. All I have is an OpenWRT WiFi router that I wish to replace as I want the newest WiFi standard. I'll use my current one to experiment with OpenWRT and learn more about how it all works without the fear of breaking anything.

Rule #1 don't use a router as an AP - get a real AP. Cheaper and more effective WIFI coverage

I hadn't thought about that. I never noticed just APs before, though I never looked really. My thoughts on these Gl iNET WiFi routers are that they run OpenWRT (open source is a must for me) and I figured I could use it as a switch if I needed to, like in #4.

I'll look inot the brands that @tgl mentioned for APs. I'm guessing plain APs don't have switching capabilities built in?

Instead of the PCLI you could just reuse a PC and add a couple of NICs to it for the port density. Choose an OS you're comfortable with and supports the NIC you want to use.
-- using a PC will allow more features though the PCLI will do the same things if you configure them.
-- PC will offer expansion options
-- PC can also house your "NAS" by just putting the drives inside and turning on samba

Consolidating things ~$600 gets you a powerful solution and simplifies things from the base networking / NAS foundation

What does "PCLI" mean? I assume you're refering to the SoC Odroid H3+. I actually haven't had a desktop PC for quite some time now, just laptops. I haven't found a way to build a computer in this day and age that keeps it as cheap as an SoC, especially the H3+. I'm certainly open to ideas though. I also really like how little power the SoCs draw in general.

POE is the expensive part as port density and power budget are pricey compared to powering with an AC adapter but, managing them with POE is easier for monitoring. Putting them all on the same switch and then uplink from there to the main connection keeps it simple and cos effective.

I hadn't looked at the price of a PoE switch yet. Do you know of a good company? I would like something to reference. I do want to go with PoE though as it only requires one cable to route to each camera.

Another perk of the PC setup is it can grow with you or you can add higher speed ports via NIC in another slot for higher priority data w/o replacing the whole device. Adding a 10GE port $90 vs replacing the box for $350 or if you want dual 10GE ~$200. Depends on if you think you'll want to upgrade the ISP connection or need more data to the drives and so on.

This is certainly a good point

 

[Oyster1286]

Welcome to the forums! There are other people around here with a lot more experience than I, but there are a few points I feel comfortable commenting on.

Thanks! It seems like a great place! I can certainly learn something from anyone so thanks for your input.

The hardware and software you're choosing here are not much discussed on snbforums, as far as I've seen. Maybe they're perfectly fine gear, but you might get better advice about using this stuff elsewhere.

The reason for these companies is because they make devices that use open source software and firmware which is important to me. I'm open to other brands though, as long as they use open source too.

Independently of brand choices, I don't buy using one AP for a streaming TV and a second one for all else. TVs don't really eat that much bandwidth by modern standards --- I believe even 4K streams are only 20 or 25 Mbps. You should be buying APs according to how much space you need to cover, rather than pre-judging what connects to what.

Well it's not because of bandwidth. It's because I can have a seperate AP that's not on a VPN (or using a dedicated IP VPN just for streaming, rest of network on normal VPN servers) so that streaming services will work. If there is a better way you know of that doesn't require seperate APs I'm all ears.

Also, if you are setting things up with a separate router (which I do approve of) then buying a WiFi router and using it as merely an AP is throwing money away on hardware you don't need. Get something that's intended as a plain AP. There's not much of that in the consumer space but SMB-oriented lines have plenty of it. I've had good results with Zyxel's APs, and other people speak highly of Cisco, Omada, and Ubiquiti APs.

Like I said to @Tech Junky I never noticed just AP devies before. I'll defeinitely look into them so thank you for suggesting a few brands to start my search. Do plain APs have swithing capabilities? I though that could be a useful feature to have with using a WiFi router in AP mode like my idea in #4.

Is none of your other gear particularly network-performance-critical? You will always get better throughput from devices that are wired not wireless, so this is something to be cautious about.

No, nothing on my network is very critical. I don't game much anymore, especially not fast paced online stuff. Like in #4 I figured I could plug my laptop into an extra port on one of the WiFi routers when at home if I really wanted a hardline. I read that a WiFi router in AP mode still allows the ports to work like a typical switch.

Also, you might want to think about whether your design supports segregating different WiFi devices into separate VLANs, so that you can put low-trust devices (like cheap IoT junk) onto a separate firewalled SSID. For this you will need VLAN-aware APs and VLAN-aware (i.e. managed) switches, as well as a router that can control connections between the VLAN subnet and the outside world. You don't necessarily need to set that up on day one, but you should buy gear that's able to handle it.

This is definitely on my mind. I don't have many IoT devices but for the ones I do have I currently have them segragated to a guest network and they aren't allowed to talk to other devices. I thought about segragating them to the second AP to isolate them further in my future setup.

 

[Oyster1286]

Agreed. For same price you will get better RF gear.

What do you mean by "RF gear"?

I think the value of POE is only having to run one cable rather than two (for power and signal) to a camera or AP that's located out of easy reach. This is definitely worth something, but as @Tech Junky says, switches with lots of available POE power are expensive. Also problematic in a home environment is that they likely have noisy fans. You might be better off with a couple of smaller switches with lower power budgets.

Yes, running a single cable for power and data is a must for me. I haven't looked at prices yet on PoE switches so that scares me a little but I guess it's a necessary evil. I did notice from the one PoE switch I saw did have a fan. I could potentially switch the fan for something quieter but no fan is better. Do the smaller PoE switches not have fans typically? Do you know of a decent brand to begin looking into PoE switches? Do you know if plugging one PoE switch with all of my cameras into the second port of the server would be recognized the same as if it were rather connected to Protectli Vault router?

 

[tgl]

The reason for these companies is because they make devices that use open source software and firmware which is important to me. I'm open to other brands though, as long as they use open source too.

I hear you, because I'm a longtime open-source guy too ... but you need to understand that that constraint is costing you a lot of choice in this particular space. For wifi in particular, it's kind of a pointless thing because even the "open source" platforms have to rely on closed-source device drivers: the hardware makers simply won't release enough data to let other people build software from the ground up. Sadly, I think there are better hills to die on.

Well it's not because of bandwidth. It's because I can have a seperate AP that's not on a VPN (or using a dedicated IP VPN just for streaming, rest of network on normal VPN servers) so that streaming services will work. If there is a better way you know of that doesn't require seperate APs I'm all ears.

Hmm. I bet you could do it with a VLAN connection to whatever is providing your VPN connection point, but the details are beyond my expertise.

Do plain APs have swithing capabilities?

Depends what you buy. The Zyxel NWA210AX's that I'm currently using have one spare LAN port in addition to their main uplink ethernet port, and AFAICT they bridge the spare port to the uplink port pretty transparently (though they do filter on VLAN IDs). Other gear probably has different options.

 

[tgl]

What do you mean by "RF gear"?

Sorry, RF = "radio frequency" ie everything having to do with the wireless hardware.

Do the smaller PoE switches not have fans typically?

The smaller the power budget, the less likely it needs a fan. You mentioned picking a 10-port switch before, but two 5-port switches would likely cover the same requirement with no fans. Against that, you'd be paying for the management infrastructure twice, which will run into a few $$ if you want fancy capabilities like VLANs. It depends a lot on what your tolerance for noise is (I find mine has decreased over the years) and whether you can stick the equipment into a remote closet.

Do you know of a decent brand to begin looking into PoE switches? Do you know if plugging one PoE switch with all of my cameras into the second port of the server would be recognized the same as if it were rather connected to Protectli Vault router?

In theory, interconnected switches will act like one big switch: packets that go in one port will pop out the appropriate other port. The thing to worry about is whether you're overloading intermediate switches with traffic that doesn't really need to go through them at all. Since you don't seem to be especially worried about overall throughput, you probably don't need to sweat about that.

 

[Tech9]

I never noticed just APs before, though I never looked really.

From what I see so far you'll have very steep learning curve with pfSense/OPNsense firewall. It's very different than your home routers and setting it up requires above average networking knowledge. Online guides may give you some directions, but for customized setup with VPNs and VLANs you're on your own. It's an entire OS with hundreds of menus and dependencies. You have to learn and understand the logic behind it first.

 

[Oyster1286]

The smaller the power budget, the less likely it needs a fan. You mentioned picking a 10-port switch before, but two 5-port switches would likely cover the same requirement with no fans. Against that, you'd be paying for the management infrastructure twice, which will run into a few $$ if you want fancy capabilities like VLANs. It depends a lot on what your tolerance for noise is (I find mine has decreased over the years) and whether you can stick the equipment into a remote closet.

What do you think of this Netgear GS08EPP for cameras? It's got 8 PoE ports, is fanless, and managed for a reasonable price. 1GbE is probably fine for a few cameras though I need to look into that more as well as my PoE power requirement. I don't know if it's a layer 2 or 3 switch however I really don't know if 3 is needed; do you have thoughts on that?
I did try looking into open source switches and that just doesn't seem feasible especailly at my skill level unfortunately.

In theory, interconnected switches will act like one big switch: packets that go in one port will pop out the appropriate other port. The thing to worry about is whether you're overloading intermediate switches with traffic that doesn't really need to go through them at all. Since you don't seem to be especially worried about overall throughput, you probably don't need to sweat about that.

Well that's good to know. I'm sure I'll be able to find a way to make it work then.

 

[Oyster1286]

From what I see so far you'll have very steep learning curve with pfSense/OPNsense firewall. It's very different than your home routers and setting it up requires above average networking knowledge. Online guides may give you some directions, but for customized setup with VPNs and VLANs you're on your own. It's an entire OS with hundreds of menus and dependencies. You have to learn and understand the logic behind it first.

It will definitely be a learning experience. I've been watching some things so I'm not totally blindsided and I've setup OpenWRT so some things are familiar. I also have a PFSense config file that I can use to get close and then modify it from there.

 

[Tech Junky]

I'm starting over from scratch.

Then planning is key. Knowing your needs and desires will make a big difference in your budget.

(open source is a must for me)

I agree but, the problem is unless you build it yourself that doesn't always ring true. When I built my setup the idea was to roll all of the functions into a single chassis. I achieved that but, when I wanted speed I had to peel off the AP function into an external AP instead of using the internal card I started with because I couldn't find an AX option that worked with hostapd i.e. nothing Intel based

When you go under the hood though of almost any AP / router they all use hostapd to bring up the radios but, they lock down the ability to manipulate the configuration from a CLI standpoint. Even my current AP uses hostapd to run the WIFI setup but, unless I want to crack the code to fine tune things it's impossible.

can have a seperate AP

APs don't have switching capabilities built in?

APs don't have switched because they're not needed. They sometimes offer an uplink port though to connect a switch to it or a single device. The downside to this additional port is it's usually only 1GE where the primary is 2.5/5GE or higher. Anything piggy backing through the AP / Ethernet connection will be slower than if you ran a line to the location and then plugged the switch into that and then from there added the AP / devices.

What does "PCLI" mean?

Protectli Vault

PoE switch yet. Do you know of a good company?

They all do the same and when it comes down to it it's more about the features you need and then whittle down the options by ports / price. As mentioned though smaller switches mean less noise / cost typically but, sometimes increases the price per port. The other option is using POE injectors

https://www.amazon.com/dp/B0BVR4CNYL/?tag=snbforums-20 - $20 and will power any POE++ device Then you can just plug it into a dumb switch or managed switch of your choice.

https://www.amazon.com/dp/B0BVR4CNYL/?tag=snbforums-20 - $50

• 8 Port Gigabit PoE Switch, 120 Watts total PoE Budget + 2 x PoE+ports ( 60 watts maximum) +6 x PoE+ Ports(802.3at, 30 watts maximum).

https://www.amazon.com/dp/B089VDXQRW/?tag=snbforums-20 = $90

• 6 PORTS TOTAL, 4 POE PORTS, 2 UPLINK PORTS - The switch has (4) 10/100 powered POE ports with 2 additional non-powered 10/100 Ports.

https://www.amazon.com/dp/B0BSMHYY36/?tag=snbforums-20 - $170

• All 5 ports of the Ethernet Switch have PoE+ 30W (802.3at) capacity, while Port 1 has PoE++ 90W (802.3bt) powering capacity

https://www.amazon.com/Fastcabling-802-3bt-IEEE802-3-Ethernet-

Unmanaged/dp/B0BMFRMS3L - $180

• 802.3 bt PoE++: Provide FOUR 90W max PoE out ports, perfect for power-hungry applications, such as PTZ IP cameras; And it also flexibly fit IP cameras, wireless access points, VoIP phones, etc; supplies 180W total power budget ((so, if it provides 180W but has 4 x 90 ports - 360W what loses power when all 4 ports are in use?))

Switches get tricky as you can see on the port density and allocation of power. For managed switches the price goes up considerably but, you can segregate the traffic from the switch into VL's if you want to keep your cameras from getting out to the internet which most people do to avoid leaks.

If you use Ubuntu or linux in general you can do DHCP reservations based on the MAC of the device and then put the traffic into VL's from there. It doesn't have to be port based like on the switch. Though the switch makes it simple with click and save. So, instead of paying the $180 for 4-5 ports you could use dumb switches and POE injectors for the same / lower price.

So, you said...
10 IP CAMS - 10 ports / at least $100 using 2 x 8 port cheapest option // or // 10 POE injectors for $200 and flex to get any switch you want. Gig switches are cheap

NAS - can roll this into the same box for the price of drives / if you don't need more than gig speeds use one of the NIC ports or bundle 2 ports into a LAG w/ the switch for 2gbps speeds or up the NIC for the priority data to 2.5/5GE and run a direct connect to your PC or primary device for fast transfers. And if you get a dual/quad port you can use that as your uplink to the switch if you go a bit higher end

Printers work w/ a WIFI connection.... Mine is WIFI and no need for a port/cable

----------------------------------
It's not going to be cheap but it doesn't have to be worthy of taking out a loan either.

I would go ONT << DIY <2.5/5/10GE> Switch/es/ AP's w/ POE-I // Cams w/ POE-I

The other thing is going to be space that needs WIFI coverage.... composition of walls / studs / etc. I can cover 1300sq ft w/ a single AP w/ drywall/steel studs. If you have to deal with brick / concrete / plaster and so on it will make a difference in how many you need.

https://www.sherbers.de/diy-linux-router-part-2-interfaces-dhcp-and-vlan/ << looks familiar to the PCLI box

DIY Linux Router Part 1: Hardware

The following is the first part of a multipart series describing how I build (software not hardware) my own Linux router from scratch, based on Debian 11. * Part 2: Interfaces, DHCP and VLAN [https://www.sherbers.de/diy-linux-router-part-2-interfaces-dhcp-and-vlan/] * Part 3: PPPOE and...

www.sherbers.de

If you follow along those commands will work in generic Linux. SFF PC might be not enough but, could work with a dual/quad port NIC as there's only 1 slot to use. The PC cna be as cheap as ~$200 / Quad 5GE NIC ~$200 and then add from there the Switch 2.5ge 4-5 ports $80. Getting 5GE ports is still a tough thing to get at a reasonable price in a switch because they don't show up until you look at 10GE switches and those are a bit pricier which is why I do DIY w/ $200 for 4 ports where switches run $300+ and might offer 1-2 5GE ports.

AP's - I use Zyxel and the NWA210AX run ~$130 last time I checked. There are other options though but, are they worth the money?

As for isolating traffic / VL or not / etc. can all be manipulated using iprules and you can keep it simple or make it as complicated as you want. Since you would be doing DHCP/MAC assignments you can do the routing easier using containers to group things a bit more logically for simplicity sake in writing the rules. My personal preference is to edit them in notepad++ and save the file to the server and run a command that copies / replaces the running rules and activates them at the same time. The other is to edit them through the box itself using nano or whatever editor you want to use.

 

[tgl]

What do you think of this Netgear GS08EPP for cameras? It's got 8 PoE ports, is fanless, and managed for a reasonable price.

Hm ... I've been happy with several unmanaged Netgear switches that I've had over the years (and mostly still have, because they're nigh indestructible). However, at least some of Netgear's managed switches refuse to work without setting up a cloud account at Netgear, which personally is something up with which I'd not put. (I've heard that specifically about the MS510TXPP, and maybe it doesn't apply to the GS08EPP, but I'd inquire carefully before buying any Netgear managed switch.)

 

[Oyster1286]

Then planning is key. Knowing your needs and desires will make a big difference in your budget.

I agree but, the problem is unless you build it yourself that doesn't always ring true. When I built my setup the idea was to roll all of the functions into a single chassis. I achieved that but, when I wanted speed I had to peel off the AP function into an external AP instead of using the internal card I started with because I couldn't find an AX option that worked with hostapd i.e. nothing Intel based

When you go under the hood though of almost any AP / router they all use hostapd to bring up the radios but, they lock down the ability to manipulate the configuration from a CLI standpoint. Even my current AP uses hostapd to run the WIFI setup but, unless I want to crack the code to fine tune things it's impossible.

APs don't have switched because they're not needed. They sometimes offer an uplink port though to connect a switch to it or a single device. The downside to this additional port is it's usually only 1GE where the primary is 2.5/5GE or higher. Anything piggy backing through the AP / Ethernet connection will be slower than if you ran a line to the location and then plugged the switch into that and then from there added the AP / devices.

I like the Flint 2 because it has a second LAN port that's rated for 2.5GbE. I wish I could get the Protectli with more than 4 ports but it gets really expensive.

They all do the same and when it comes down to it it's more about the features you need and then whittle down the options by ports / price. As mentioned though smaller switches mean less noise / cost typically but, sometimes increases the price per port. The other option is using POE injectors

I do think I will pay for a switch as I don't really want to plug in a bunch of PoE injectors and have more complication in the system. I want to keep the PoE switch just for the cameras.

Switches get tricky as you can see on the port density and allocation of power. For managed switches the price goes up considerably but, you can segregate the traffic from the switch into VL's if you want to keep your cameras from getting out to the internet which most people do to avoid leaks.

Keeping my cameras offline is exactly what I want to do so that's worth the cost increase.

So, you said...
10 IP CAMS - 10 ports / at least $100 using 2 x 8 port cheapest option // or // 10 POE injectors for $200 and flex to get any switch you want. Gig switches are cheap

I was thinking up to ten but am not set on that. I have since seen that 8 ports seem to be the common amount so I'll look for ways to cover all my angles with 8 cameras max.

NAS - can roll this into the same box for the price of drives / if you don't need more than gig speeds use one of the NIC ports or bundle 2 ports into a LAG w/ the switch for 2gbps speeds or up the NIC for the priority data to 2.5/5GE and run a direct connect to your PC or primary device for fast transfers. And if you get a dual/quad port you can use that as your uplink to the switch if you go a bit higher end

What is LAG? The Protectli and NAS both have 2.5GbE ports and the router that I may go with (that'll be in AP mode) has an extra LAN at 2.5GbE so that will be my cap. I could plug my computer into the second 2.5GbE port on the NAS but I'll have to find somewhere else to connect the PoE switch. Maybe that could plug into the router's 2.5GbE LAN port.

Printers work w/ a WIFI connection.... Mine is WIFI and no need for a port/cable

I try to minimize that amount of signals active. So far using the printer plugged into my router and using it's WiFi has worked well.

----------------------------------
It's not going to be cheap but it doesn't have to be worthy of taking out a loan either.

I sure hope not! I definitely won't get everything at once which will also make it less overwhelming to figure out and install.

I would go ONT << DIY <2.5/5/10GE> Switch/es/ AP's w/ POE-I // Cams w/ POE-I

That sounds similar to my #2 design. Is that correct?

The other thing is going to be space that needs WIFI coverage.... composition of walls / studs / etc. I can cover 1300sq ft w/ a single AP w/ drywall/steel studs. If you have to deal with brick / concrete / plaster and so on it will make a difference in how many you need.

https://www.sherbers.de/diy-linux-router-part-2-interfaces-dhcp-and-vlan/ << looks familiar to the PCLI box

DIY Linux Router Part 1: Hardware

The following is the first part of a multipart series describing how I build (software not hardware) my own Linux router from scratch, based on Debian 11. * Part 2: Interfaces, DHCP and VLAN [https://www.sherbers.de/diy-linux-router-part-2-interfaces-dhcp-and-vlan/] * Part 3: PPPOE and...

www.sherbers.de

If you follow along those commands will work in generic Linux. SFF PC might be not enough but, could work with a dual/quad port NIC as there's only 1 slot to use. The PC cna be as cheap as ~$200 / Quad 5GE NIC ~$200 and then add from there the Switch 2.5ge 4-5 ports $80. Getting 5GE ports is still a tough thing to get at a reasonable price in a switch because they don't show up until you look at 10GE switches and those are a bit pricier which is why I do DIY w/ $200 for 4 ports where switches run $300+ and might offer 1-2 5GE ports.

I'll stick with the PCLI as I have a solid config file to fall back on if I can't figure things out myself. Thank you for the article

AP's - I use Zyxel and the NWA210AX run ~$130 last time I checked. There are other options though but, are they worth the money?

Can I competely avoid using their app?

As for isolating traffic / VL or not / etc. can all be manipulated using iprules and you can keep it simple or make it as complicated as you want. Since you would be doing DHCP/MAC assignments you can do the routing easier using containers to group things a bit more logically for simplicity sake in writing the rules. My personal preference is to edit them in notepad++ and save the file to the server and run a command that copies / replaces the running rules and activates them at the same time. The other is to edit them through the box itself using nano or whatever editor you want to use.

This will definitely take some learning to do so I'll reference your comment here frequently. Thank you

 

[Oyster1286]

Hm ... I've been happy with several unmanaged Netgear switches that I've had over the years (and mostly still have, because they're nigh indestructible). However, at least some of Netgear's managed switches refuse to work without setting up a cloud account at Netgear, which personally is something up with which I'd not put. (I've heard that specifically about the MS510TXPP, and maybe it doesn't apply to the GS08EPP, but I'd inquire carefully before buying any Netgear managed switch.)

Ah, thanks for the heads up. I'll probably avoid them then. In the mean time I have found this switch from Mikrotik. It looks to meet my needs and is fairly affordable. Can I use all 8 ports for cameras and then hook up the switch to something else via the SFP port with an RJ45 adapter and it'll function normally?

 

[Tech Junky]

8 ports seem to be the common

Keep in mind 1 of those 8 is needed to uplink to your network for viewing unless you want 100% isolation and feed them into a PVR of some sort.

2.5GbE.

non-POE switches @ 2.5 aren't that bad in price. Getting a couple of them and POE injectors to plug in at the same power source...

Switch <> POE-I x 4/8/16 <> Cam

2.5 doesn't make sense unless you're really pulling high res video. It's all in the specs of the cams which level you need for a data stream though. I would think in most cases this should be under 100mbps per feed. If that's the case then the POE price goes down as those are cheaper at lower speeds. Then it depends on the power req per camera. I was shooting for the highest rating up to 60W per injector to rule out any chance of power not being high enough.

LAG

Just means putting 2+ ports together into a bundle to increase the bandwidth. e.g. 2 x 1GE ports = 2GE

Can I competely avoid using their app?

Yes, just use the web GUI. If you can figure out the IP you can bypass using the app completely. Set it up with a static IP and bookmark it on your browser for future logins. Also, since these are more than consumer gear you can manage them through a terminal via SSH as well.

solid config file

I haven't used a PCLI but, the impression is that since it has a SSD it's not just a configi file unless it's throwing everything into a hostapd file for the WIFI or /etc/network/interfaces for the ports.

hook up the switch to something else via the SFP port with an RJ45 adapter and it'll function normally?

It's usually an either OR situation w/ SFP ports. Also, uplink will allow the cams on the network >> internet.

The way to isolate things is going to require at least 2 LAN ports on a "PC" one w/ internet access and one to the cams w/o bridging them together. The issue that becomes of that is not having DHCP enabled to the cams aka needing to set an IP for each one manually.

This sequestration situation turns into a nightmare of hoops to jump through to figure out the ins/outs of being able to use them conveniently. They're kind of pointless to have if you have to go to a specific terminal for viewing. Then there's the storage issue to deal with...

 

[tgl]

Yes, just use the web GUI. If you can figure out the IP you can bypass using the app completely.

Yeah, the Zyxel APs have perfectly normal http configuration access (or ssh if you prefer command line). I've never used Nebula for mine. I can see where the convenience factor might push you into using Nebula if you have more than about three of them to wrangle, but for one or two you don't need it.