How to setup a parallel network to run my IP cameras on?

jhilb · Aug 9, 2014

I am not sure I totally grasp the parallel network concept.

My "primary" network consists of a wireless router with a few smaller switches hanging off it. Various clients connected to those. I want to keep that network from getting saturated with camera traffic.

I purchased a Cisco ESW 540 8-port POE switch to connect and power 4 new IP cameras. Also connected to the Cisco switch will be a PC for viewing/storing the video.

Now then, I need to purchase another router and put it in-between the Cisco switch and my primary network? Setup the new router to filter only traffic from the viewing PC to get into my primary network?

This is where I get foggy on how to keep that traffic (other than the viewing PC) from getting over to my primary network. Even though none of my primary network clients need direct access to the cameras, that traffic would otherwise come over my my primary network if not somehow controlled right?

Jeff

InvalidError · Aug 9, 2014

You can put everything on the same network. If your recording computer is on the same switche as your IP camera, the camera traffic will not leave that switch unless you access them from some other computer.

Switches only forward data on the port where the data destination is once they know which port that destination is through MAC table learning.

bill001g · Aug 9, 2014

I am going to bet it does not matter. Few if any cameras actually broadcast the traffic. The PC watching must request the traffic from the camera be sent to it.

The key here is that you are actually using mac addresses to communicate between the PC and the cameras. Although there are IP addresses inside the data packets they are not really used for very much. What happens when the session first opens is both the PC and camera map the IP address to the mac address in their ARP tables. After this traffic is send back and forth with the mac addresses. The switch you have understands mac addresses and know that say the camera is on port 1 and the pc is on port 2 so it directly sends the traffic. None of this traffic is sent to the router or any other client. Now if the pc on this switch wanted to talk to another pc on the router or maybe the internet it would send the request to a different mac address that corresponded to the other pc or maybe the router gateway if internet. The switch is smart enough to know that both these are on the cable going to the router and would only send the traffic on that cable if it was destined for a device on that path.

If your concern is to prevent someone on your main network from accessing the cameras you would need a device like a router to filter this type of traffic. It is part of a firewall feature and the ability to filter varies quite a bit from device to device so you would have to read the features to se how advanced a device you need.

jhilb · Aug 9, 2014

InvalidError :

Actually the camera itself does the recording. The camera has a web interface. I will be telling it where to FTP the resulting video to (the PC on the switch, which will be setup also as a FTP server).

I see. The switch learns the endpoints based on IP & MacAddress (they will all be static in my case, including the cameras). Then forwards the traffic down the correct physical network port based on where the traffic needs to go. The traffic doesn't "bleed" onto the other ports (one of which will be a wire back over to my primary network). Hence the name switch I think?

OK I think I get it. I don't need another router then.

jhilb · Aug 9, 2014

These cameras send there video via mpg files to an FTP server (which is that PC), on the same switch. But I get.

I didn't realize that a switch moves the traffic on only the necessary port. I was thinking it was broadcast over all physical ports, like old networks used to do.

Let's say on the CISCO switch I have 8 ports. Ports 1-4 for cameras, port 5 for the PC, port 6 is a tie back over to my main network (happens to be another switch).

Feed from camera's to the PC (an FTP server) will go over ports 1-4 to port 5, without bleeding over to port 6 and saturating my main network?

bill001g :

bill001g · Aug 9, 2014

The traffic will only go between ports 1-4 and 5 no traffic will go to port 6. In addition no traffic going say between port 1 and 5 will go to the other camera ports. This is the reason switches exist to provide this function we are way past the old hub days of 15 years ago that sent traffic to all ports.

InvalidError · Aug 9, 2014

jhilb :

Almost exactly.

Unmanaged switches do not care about IP. What they do see is which port it receives traffic from a given MAC address from and sends all future traffic to that MAC address through the same port it received traffic from that MAC address from.

When a computer wants to talk to 192.168.1.22 but does not know the MAC address for the host that owns the IP, it first does an ARP broadcast (Address Resolution Protocol) to learn the MAC address of whoever owns the MAC address and all future traffic destined to that IP address will also carry the associated MAC address which will be used by the switch to pick which port to forward traffic though. The outbound ARP request teaches the switch the requester's MAC address along with the port it can be reached with and the target's response teaches the switch the destination's MAC along with which port it can be reached with.

The switch does this learning process with all packets passing through it: whenever it sees a new MAC on one of its ports, it records the MAC and which port it was seen on so it knows which port to forward traffic addressed to that MAC if it gets any in the future. If the switch does not know which port the destination is on, it may either forward on all ports, drop the packet or rate-limit outbound packets to that MAC address until it learns which port that MAC is on.

jhilb · Aug 9, 2014

Thank you both! Very helpful. Will try to award both points but I am new at this. Guessing not possible.

Search

How to setup a parallel network to run my IP cameras on?

jhilb

Reputable

InvalidError

InvalidError

Titan

bill001g

Titan

jhilb

Reputable

jhilb

Reputable

bill001g

Titan

InvalidError

Titan

jhilb

Reputable

TRENDING THREADS

Latest posts

Moderators online

Share this page