Question Home Security NVR/VLAN setup

[MrEpix]

Hello,

I am currently looking to add some home security cameras after a recent scare. In researching, the current option I am attempting to pursue is that of setting up an NVR recorder with some cheap WYZE cameras around the house. I also want these cameras to connect wirelessly to said NVR device. In doing this, I want the system to be self contained on my network and not have access to the internet. The best option I seem to have found is that of connecting these devices to a local VLAN, restricting internet access whilst allowing them to communicate locally. I have found that my router does not support VLAN functionality, and a decent router that does is currently out of my price range as I don't care to buy a new router for that singular feature.

This is all very new to me and my networking experience is very limited, and I am unsure on if what I am doing is the best option. I also saw that there are switches with VLAN capabilities for much cheaper; but I am unsure on whether I would be able to plug one into my router and connect said devices wirelessly without issue. Any advice would be appreciated.

 

[kanewolf]

Hello,

I am currently looking to add some home security cameras after a recent scare. In researching, the current option I am attempting to pursue is that of setting up an NVR recorder with some cheap WYZE cameras around the house. I also want these cameras to connect wirelessly to said NVR device. In doing this, I want the system to be self contained on my network and not have access to the internet. The best option I seem to have found is that of connecting these devices to a local VLAN, restricting internet access whilst allowing them to communicate locally. I have found that my router does not support VLAN functionality, and a decent router that does is currently out of my price range as I don't care to buy a new router for that singular feature.

This is all very new to me and my networking experience is very limited, and I am unsure on if what I am doing is the best option. I also saw that there are switches with VLAN capabilities for much cheaper; but I am unsure on whether I would be able to plug one into my router and connect said devices wirelessly without issue. Any advice would be appreciated.

Wireless security cameras are never a good idea.
To isolate the NVR and cameras, you could get a second router and set it up for the cameras and NVR. You could not hook it up to the internet.
By the questions you are asking, you may be over your head with VLANs.

 

[gggplaya]

You could buy a managed switch with a DHCP server to create separate VLANS. <$50.

 

[kanewolf]

You could buy a managed switch with a DHCP server to create separate VLANS. <$50.

That won't work without a WIFI source also since the desire is to have wireless cameras. My assumption, is that the ISP router is the only WIFI source at present.

 

[gggplaya]

That won't work without a WIFI source also since the desire is to have wireless cameras. My assumption, is that the ISP router is the only WIFI source at present.

Another $50 to add a WIFI access point.

 

[kanewolf]

Another $50 to add a WIFI access point.

But just using a WIFI router with the home network on the WAN and firmware that allows firewall rules will take care of everything. No VLANs required. Block WAN access from the LAN clients.

 

[gggplaya]

But just using a WIFI router with the home network on the WAN and firmware that allows firewall rules will take care of everything. No VLANs required. Block WAN access from the LAN clients.

But with these smart security cameras, you likely do want internet access for the cameras. I use the AI detection on my Wyze cameras and it gives me alerts when a car is parked in my driveway or it spots a person or package at my front door etc... Unless you want to forego AI detection and use the NVR software for alerts instead using RTSP.

 

[MrEpix]

But with these smart security cameras, you likely do want internet access for the cameras. I use the AI detection on my Wyze cameras and it gives me alerts when a car is parked in my driveway or it spots a person or package at my front door etc... Unless you want to forego AI detection and use the NVR software for alerts instead using RTSP.

But just using a WIFI router with the home network on the WAN and firmware that allows firewall rules will take care of everything. No VLANs required. Block WAN access from the LAN clients.

Ideally I would want it connected through the main router, I just don't want the cameras/NVR to access the internet whilst still maintaining connectivity to each other. I plan on setting up a home VPN though OpenVPN so that I can still access these systems when I'm not there. My router supports the OpenVPN functionality, but I am unsure on how to limit the connections to the aforementioned devices. My current router is the Asus RT-ACRH17. I do have a spare router I could hook up, but being that I'd need a device to connect to said router for the purpose of me viewing the NVR away from home I don't think that would suit my needs. If my router has the functionality to do what I need in this regard such as blocking WAN access whilst allowing them to function correctly, I haven't been able to figure it out. If there is an easy way to block a device through my router as I'd mentioned let me know.

Thanks!

 

[bill001g]

So the way that tends to work the easiest is to just not tell the cameras where the router/gateway is so they don't know how to get to the internet. Since most cameras have fixed ip addresses you set manually what you can do is either leave the gateway IP blank if they allow it or put in some other IP. So if you router is really at 192.168.1.1 tell the camera the gateway is 192.168.1.254.

Many routers you could use parental controls to block access. You would just put in the list of IP addresses and then use one of the rules to block access. Most have things like time of day rules where you could block it all the time.

These methods are overly simplistic to block say a teen that knows how to change the I settings but is fine for a device like a camera.

Cameras and all these other smart device have a long history bugs and even intentional backdoors that allow them to be exploited by people on the internet. You constantly hear about people hacking into thing like ring door cameras which you would think would be more secure than a lot of the random cameras you get out of china.