ragnaroknroll
Regular Contributor
I recently posted a related thread on SuperUser, but thought I'd post a modified version here to get advice specific to Asuswrt-Merlin.
I'm planning to install a home surveillance system consisting of 7 PoE cameras recording 24/7 to my HTPC. I figured since my HTPC stays on 24/7, there's no real need to get a separate NVR. Considering my complete lack of trust in these cameras, I will be blocking internet access to them using the Parental Controls feature from the Asuswrt-Merlin GUI. Additionally, I would like the cameras to be able to communicate only with the HTPC, while keeping the rest of the devices connected to my home network safely isolated from them. The HTPC, on the other hand, should be able to communicate freely with the rest of my home network devices.
My planned home network configuration is as follows. I already have an Asus RT-AC86U router running Asuswrt-Merlin, that is connected to the internet. A PoE switch I am yet to purchase will be connected to the router, and the cameras and HTPC will be connected to this PoE switch. All other network devices in my home will be connected directly to the router. My questions are as follows:
1. Can my isolation requirements be met just by purchasing a cheap unmanaged PoE switch and configuring the router? On first thought, it feels like the Guest Network feature with the Access Intranet setting disabled might be able to help me out. Firstly though, I don't know how to connect wired devices to a guest network. Even if I manage to do this and put all the cameras on a guest network, I don't know how I can permit them to communicate with the HTPC, which cannot be on the guest network, since it needs to be able to communicate with the rest of my home network devices. Alternatively, could I achieve what I want to using the command line?
2. If this cannot be achieved by just configuring the router, what type of switch will I need and how should I go about configuring it? From reading up a bit online, it appears I need a switch that supports VLAN configuration. I've noticed that some L2 managed switches offer VLAN configuration capabilities, while being much cheaper than L3 managed switches. Specifically, some TP-Link L2 managed switches (like the TL-SG1210MPE) support an MTU VLAN mode, which I think would satisfy my requirements if I set the HTPC port as the uplink port. Unless I've misunderstood how this mode works, this would permit the cameras to communicate only with the HTPC, and the HTPC with the router, which gives the HTPC access to the rest of my home network devices and the internet. If this cannot be achieved using an L2 managed switch either, can it be achieved using a more expensive L3 managed switch?
Any help or advice would be much appreciated. Thanks!
I'm planning to install a home surveillance system consisting of 7 PoE cameras recording 24/7 to my HTPC. I figured since my HTPC stays on 24/7, there's no real need to get a separate NVR. Considering my complete lack of trust in these cameras, I will be blocking internet access to them using the Parental Controls feature from the Asuswrt-Merlin GUI. Additionally, I would like the cameras to be able to communicate only with the HTPC, while keeping the rest of the devices connected to my home network safely isolated from them. The HTPC, on the other hand, should be able to communicate freely with the rest of my home network devices.
My planned home network configuration is as follows. I already have an Asus RT-AC86U router running Asuswrt-Merlin, that is connected to the internet. A PoE switch I am yet to purchase will be connected to the router, and the cameras and HTPC will be connected to this PoE switch. All other network devices in my home will be connected directly to the router. My questions are as follows:
1. Can my isolation requirements be met just by purchasing a cheap unmanaged PoE switch and configuring the router? On first thought, it feels like the Guest Network feature with the Access Intranet setting disabled might be able to help me out. Firstly though, I don't know how to connect wired devices to a guest network. Even if I manage to do this and put all the cameras on a guest network, I don't know how I can permit them to communicate with the HTPC, which cannot be on the guest network, since it needs to be able to communicate with the rest of my home network devices. Alternatively, could I achieve what I want to using the command line?
2. If this cannot be achieved by just configuring the router, what type of switch will I need and how should I go about configuring it? From reading up a bit online, it appears I need a switch that supports VLAN configuration. I've noticed that some L2 managed switches offer VLAN configuration capabilities, while being much cheaper than L3 managed switches. Specifically, some TP-Link L2 managed switches (like the TL-SG1210MPE) support an MTU VLAN mode, which I think would satisfy my requirements if I set the HTPC port as the uplink port. Unless I've misunderstood how this mode works, this would permit the cameras to communicate only with the HTPC, and the HTPC with the router, which gives the HTPC access to the rest of my home network devices and the internet. If this cannot be achieved using an L2 managed switch either, can it be achieved using a more expensive L3 managed switch?
Any help or advice would be much appreciated. Thanks!