Connecting Multiple LANS with random subnets

[Abdo alhamwi]

Hello guys

This is my first question and I am kinda newbie here

I have a building with 24 apartments. Each one has its own network with internet and has its own subnet and everything is separated

I want to add multiple cameras to the building so people living there can see them

You each apartment has a random network depending on the router they use or the provider they have registered in. The good news I have an Ethernet cable from the lobby to each of these apartment

So I want people from their apartments to see the cameras without changing the network

Will youhelp me

 

[vnet]

For liability reasons you probably dont want your network attached to theirs for any reason. Aside from that there is really no easy way to do it, your best bet would be to make the cameras accessible from the internet, using an ssl secured connection with a login/password. and provide a username and password to the residents needing to see the cameras.

Depending on the location of the cameras there are other privacy concerns to worry about. i know that if i was a resident i would not want all the other residents to be watching me get groceries out of my car and walking them into my unit, etc. I mean sure they could from their window.. but you get the idea.

I am not really sure what your aiming to accomplish providing residents with access to the camera system though.

 

[Abdo alhamwi]

Thank you for the answer

Internet connection is not that stable there, so I have excluded this option 🙁
It is more or less like an intercom camera
So it is shared anyway for all residents

I want to include this system to our home automation system

 

[bill001g]

Maybe with a non standard network implementation and managed layer 2 switch that can filter the traffic.

You have huge number of issues. Lets just say you take these jack hook them all to a dumb switch and they then plug this jack into their router.

The first massive problem you have is the DHCP requests from all the routers will now see each other you will get duplicate and random assignments of IP addresses through out the apartments. Next the routing will not work. The users will always send traffic out their routers gateway than out the new wall jack. The users routers would have to have some ability to route to this port and that varys greatly. On top of this if there is any duplication in the IP addresses between any apartments nothing will work.

So how do you get this to work ? start by plugging the cables into their routers lan jacks. Try to find a block of addresses nobody else is using in their apartments. Most time you can find 10.x.x.x ones but worse come to worse pick some random ones that are not really used on the internet. You could also use IPv6 addresses.

You now assign all your camera to this block and give all your users a IP to use for each of their machines. So they don't have to constantly change their IP you would assign these as secondary addresses ....this is the non standard part.

Now to avoid all the other nasty problems of having the users routers all hooked together sending DHCP and other junk back and forth you need a managed layer 2 switch that has ability to filter traffic. What you want to do is only allow IP traffic that has a destination address of the cameras. This will prevent any traffic going from site to site only from the site to the small group of cameras.

The users can then user whatever software and key in the ip of the cameras.

The biggest issue is going to be support. It is pretty easy to add a secondary IP address to the machines but some users will just not understand ..maybe you could make a youtube video for them.

 

[Abdo alhamwi]

Thank you

From what I understood I tried to build up this network

https://www.dropbox.com/s/lu5hf5ez0xjgw12/Screenshot%202014-01-31%2012.00.56.png

https://www.dropbox.com/s/kxpxg20z8hpce6t/option%204.pkt

Here is a photo and a packet tracer file

Please check for me

the trunk vlan is not opened to other vlans 🙁
I cant ping the other side "(

 

[bill001g]

If this was real cisco routers instead of linksys junk it might be easier.

If I were to completely ignore the vlan configurations I could see how this could work. Router 2 has the internet and its lan interface is connected to the wan interface of all the other router. It provides the 192.168.81.x network to them via DHCP this would allow all the machine to reach the internet. Now lets say router 3 is assigned IP 192.168.81.3 for its wan port. You could then port map different ports to each camera to the users would access 10.10.10.1 as 192.168.81.3:7001 and 10.10.10.2 as 192.168.81.3:7002

Now if you actually have real vlans in there I can't see how you manged to connect them. Router 3 will need to be a actual router to work as you propose. You would for example assign multiple point to point networks between each router wan port and router 3. Router 3 would have to have its default route pointing to route 2 but router 2 would have to have static routes pointed to router 3 for all the networks used within the subnets by router 3. If these were a real cisco router kinda messy but can be accomplished. Consumer routers no possibility and a dd-wrt load is a huge pain compared to cisco to configure junk like this.

 

[Abdo alhamwi]

The problem is that cisco routers are costly
there should be an easiest way
You know this idea is available in most of the compounds now adays
how do they manage this?
I heard about a switch which be controlled via a server.
This server will control the traffic
what about this?

 

[bill001g]

Almost everything they sell on the market is designed to cost as little as possible. People will choose one router over another because it is $1.00 cheaper totally ignoring that for the extra $1 they would get a huge number of features. Almost every device on the market is not really a "router" in the true sense. They generally can only have a single WAN address and a single LAN subnet and they can only transfer data between this WAN and LAN and have no option other than a many to one nat on the wan address. This extremely limits what you can do with these device...but it makes it simple for those who are lucky to understand how to plug the power cord in the wall.

You could use a layer 3 switch but this is really just a name for a router with lots of ethernet ports.

After looking at this again I realized your diagram does not even come close to the complexity. I was thinking this was a shared internet but you say each has their own internet. This means each of these routers you show also has some form of connection to another device. You would need actual routers at each location or at least DD-WRT which makes them into more of a router. This would be a nightmare to maintain.

I am starting to think maybe you go out and find some old laptops for very cheap that have ethernet ports and provide those to hook to this other network strictly for watching the cameras.

 

[Abdo alhamwi]

After reading I have found the best way is to use Protected Ports supported switches and give all flats LANS in the same subnet
This is maybe the best solution and most stable one