Home Surveillance/LAN Topology – Critique/Recommendations

Currently reading
Home Surveillance/LAN Topology – Critique/Recommendations

83
31
NAS
220+
Operating system
  1. Windows
Mobile operating system
  1. Android
Last edited:
System:
  • Router: ASUS RT-AX88U Pro Firmware version 3.0.0.6.102_32843 (supports VLANs)
  • NAS: DS220+ (2 LAN ports) running version DSM 7.2.1-69057 Update 3 (current version)
  • Synology Surveillance Station version 9.1.3-10869 (current version)
  • Cameras/Devices:
    • (1) HikVision DS-2CD2347G2-LSU/SL
    • (4) Synology TC500
    • (1) AXIS C1410 POE Speaker (FUTURE)
  • Switches: 3 Netgear Smart L2
    • GS308T 8 Port Plus L2
    • GS316EP 16 (15) Port Plus L2
    • GS308E 8 Port Plus L2
Objective:
  • Surveillance devices (cameras and speaker)
    • Reduce network broadcast chatter
    • Isolation from all other LAN devices
    • No Internet access
    • Management of devices with Synology Surveillance Station
  • Ability to access devices from LAN gateway subnet either temporarily with simple config adjustment or any time for firmware updates.
  • Surveillance Station push notification to DS CAM mobile app
Current Status:
With the exception of 2 devices, which are on a separate VLAN (VOIP and Solar Monitoring), all other devices are on the primary gateway subnet (including all surveillance devices). In almost every case, router DHCP IP reservations by MAC address have been assigned to client devices. Everything is working as it should. However, even though I have blocked internet access of each Synology TC500 camera, they are able to access FW updates through Surveillance Station. The HikVision camera, however, is successfully blocked because this configuration is by camera IP direct access.​

Possible Topology/Configuration Improvements:

Everything I have read suggests that connecting all surveillance devices to a switch that is connected to NAS LAN port #2 is best practice.​
This (https://community.synology.com/enu/forum/17/post/91455) 2016 forum thread covers what I am trying to accomplish. However, it is 7+ years old. Although the final posts are a bit later, Synology Surveillance Station and DSM have all seen significant updates. It is for this reason I am reaching out to the community for some advise.​
Based on my hardware, I am considering 3 possible network topologies. And since a picture is worth a 1000 words, I have created a network diagram for each option.​

Option A:
2 switches.​
The GS316EP 16 would be configured with 2 different VLANs: ID 60 for surveillance devices and ID 70 for untrusted devices that require internet access. An ethernet cable connects the router to the switch. AND another ethernet cable from a VLAN ID 60 port runs to the NAS port #2.​
Screenshot 2023-11-29 093358.png



Option B:
3 switches.​
The GS316EP 16 switch would be dedicated to 1 VLAN ID 60 (POE surveillance devices only). An ethernet cable connects the router to this switch. AND another ethernet cable runs from this switch to the NAS port #2.​
The GS308E switch would be dedicated to VLAN ID 70 for untrusted devices that require internet access.​
Screenshot 2023-11-29 093453.png


Option C:
3 switches.​
This option is the same as Option B except the ethernet cable connecting the router to the GS316EP 16 switch is ELIMINATED.​
Screenshot 2023-11-29 093540.png

I am confident I can work through Options A or B. Option B is simpler and I am leaning in that direction. It is Option C that is most interesting and concerning. Option C eliminates an ethernet cable. And because my router is on the 1st floor and the GS316EP 16 is in the attic, eliminating one ethernet cable is a big deal.

But I don’t know if Option B will meet my objectives or if Option C is even possible. Is it?

This post Synology Community says that the NAS can serve as a DHCP server for port #2 devices.

Screenshot 2023-11-29 094300.png
Is that true?

Thank you in advance for your comment and pros & cons of each option.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Old thread notice: There have been no replies in this thread for quite some time. The last reply was on .
The content in this thread may no longer be relevant. It might be better to open a new thread instead.

Similar threads

I have 3 Monitors and DSM will not allow any Open DSM Window to be dragged from other than the Home...
Replies
0
Views
1,520
  • Solved
Hello @fredbert, thanks a lot for you response I am so frustrated right now, and i cannot even understand...
Replies
2
Views
1,594
That would be a problem with browsing or email, but is it really an issue with bittorrent? Wouldn't it...
Replies
7
Views
2,097
  • Question
Have had issues with DS FINDER, not doing WOL, but DS ROUTER always works... Cannot reply to after power...
Replies
7
Views
4,411
Hi, you need to use a SRV record in the dns zone for your domain name, with this you can add ports to A...
Replies
26
Views
4,557
If you set a different network and assign a port to it I don't see why the firewall will not allow you to...
Replies
1
Views
1,446

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top