Your feedback on how to configure the setup below would be greatly appreciated.
Looking on how to design (architect?) a VLAN for IP cameras. I would like the IP cameras to NOT have access to the internet nor the rest of the network.
There is a small network, with the following equipment (everything network related is Mikrotik).
- one RB4011 as the router, DHCP server, and DNS
- two CRS326-24G-2S+RM
- one RB951G (wifi AP)
- one CRS112-8P-4S-IN (for PoE into IP cameras)
- one DVR (ip camera) with ZoneMinder installed
- two IP cameras
The RB4011 serves the DHCP pool of 10.0.0.100-140. It also has six static IPs for different machines.
I have been reading the Mikrotik wiki and watching a couple of videos for information on VLANs.
Yet I'm still lost on how to set it up.
The IP cameras at the moment are only on the 1st floor, yet eventually there will be IP cameras all over the facility.
Thus I think it would be best to inter-connect the CRS326 switches with "VLAN trunks"?
From the little I have learned I think Mikrotik calls "VLAN trunks" tagged ports?
Where do I start? At the main router (RB4011)?
It would be ideal to have the IP cameras on their own network (small DHCP pool of 10.0.10.100-120).
Who would serve this pool? The main RB4011?
Then the DVR machine, I would like it to be able to receive the data from the cameras, yet also be accessible from the main network.
Main network: 10.0.0.0/24
IP cams: 10.0.10.0 VLAN-30
How can I go about this?
Thank you for your help... I'm just quite lost on how to start.