[SOLVED] LAN Configuration Help Please

[josephny]

I’m hoping someone can help me improve the network design.

I have a lan with a TPlink TL-600 router connected on its WAN/uplink port to a Time Warner Cable modem.

The TL-600 has 4 ports

Port 1 is connected to a 24 port POE switch

Port 2 to Ubiquity AP

Port 3 to an Engenius AP

Port 4 is empty

The 24 port switch has the following devices (no VLAN):

8 ip video cameras
1 ubiquity AP
1 engenius AP
1 desktop windows computer running Blue Iris
1 Smarthub

The desktop is continuously fed video from all the cameras.

I sometimes (often) access that desktop remotely to view the video feed using Blue Iris’ built in web server

Users always connect to any of the AP’s for Internet access.

There are definite bottlenecks caused by the video streams from cameras to desktop that interfere with Wi-Fi connected user’s internet access as well possibly a bottleneck from remotely accessing the desktop’s video feed.

How can I better configure this to improve user’s Wi-Fi access to the internet while not compromising the video system?

Thank you,

Joseph



Sent from my iPhone using Tapatalk

 

[bill001g]

The video cams are NOT using the wifi ?

Modern switches can run traffic on all ports at maximum speed up and down all at the same time. Your 24 port switch should be able to pass 48gbit of traffic continuously.

So even if all the camera ports and the DVR computer were at 100% the ports running the AP would still have full bandwidth to talk to the router.

No traffic from the cameras should leave the switch or even go to the router.

What might be happening is the cameras are sending broadcast or multicast traffic. This means the traffic is sent to all ports rather than just the DVR. They can do this even if you have your DVR set to pull data from the cameras.

It is pretty easy to test for this. Plug a pc into the switch and run wireshark on it. If you see traffic from the mac address of the cameras then that is your problem.

You might be able to disable the broadcast feature on your cameras but it depends how you have things rigged to work. The broadcast method is generally used when you have the cameras set to compress the data very little.

The only real fix to this is to use vlans but that will restrict you ability to get access to the DVR. You might want to consider dual nic the DVR and have one nic on the camera network and a second nic on the main network. This will allow you remote access and it keeps the cameras isolated. Cameras tend to be kinda risky to have on a network that has internet. Many vendors do not do a good job on security.....which is strange since they are security devices. They tend to be painful to patch so most people to do not keep the firmware updated.

 

[josephny]

Wow, that is such a great analysis.

Confirming my understanding, putting a pc on a router port and running wire shark will show what traffic leaving the switch and reaching the router.

That traffic, however, might be only a subset of the traffic that the router hears on the port coming from the switch, depending on how the router is configured, right?

Secondly, a second nic in the pc (with one nic going to the switch and one to the router) should completely separate the video/dvr traffic from the traffic created by other devices not directly connected to the switch, right?

Thank you!!


Sent from my iPhone using Tapatalk