As part of my new church network, I’m installing IP security cameras. So far I’ve picked out four HikVision PTZ cams, two for indoor and two for outdoor. One is already in and is working fine.
My area of concern here is the many reports about low-end Chinese IP cameras “phoning home” to China without their owners’ knowledge. I’d like to restrict that as much as possible. I’ve never worked with VLANs before. My router is an RB3011 and my main switch is a NetVanta 1534 PoE which should be able to be configured to support multiple managed networks, if I can ever figure it out (We received it used and I haven’t managed to reset it to factory defaults yet to be able to regain admin access).
The cameras need to be able to see the main server, which is also the surveillance controller. It has dual LANs, so if necessary I can set one of them up strictly for surveillance. I’d prefer, though, to be able to use the dual ports for network redundancy. One of the cameras I may, in future, use for live streaming video of church services, so it should be able to see the PC which is running the streaming software. That should be it, save for admin access from my laptop and possibly the pastor’s PC. I’d prefer that the cameras not have access to IPv6 at all, although I do want to enable IPv6 service on the remainder of the network.
What’s the best way to accomplish all of this?