Results 1 to 2 of 2
  1. #1
    Newbie
    Join Date
    Feb 2015
    Posts
    11

    Default Trouble Setting up VLans

    I am a beginner at this stuff, but this is what I am trying to do:

    Key hardware:
    Untangle on a decent dedicated PC
    Netgear JGS516PE - 16-Port Gigabit ProSAFE Plus Switch with POE
    Multiple Ubiquity AC Pro access points controlled by a PC
    Multiple REOlink IP Cameras
    Blue Iris NVR on a decent dedicated PC

    Goals:
    Camera VLan that only allow the cameras to talk to blue iris and not the internet.
    Guest Vlan (not vital as ubiquity seems to be able to block guest wifi users from accessing the internal network)
    apartment lan/Vlan (currently set up to a different port on untangle, but would like the apartment user to be able to access their lan through the whole house ubiquity access points)

    Untangle setup
    External eth0 [redacted]/21
    Internal eth1 192.168.1.1/24 with untangle DHCP server on
    Basement eth4 192.168.9.1/24 with untangle DHCP server on
    Camera vlan 192.168.50.1/24 with untangle DHCP server on and 802.1q tag=50
    Basement vlan bridged to Basement and 802.1q tag=9
    Guest vlan 192.168.15.1/24 with untangle DHCP server on and 802.1q tag=15
    Once I get this working, I would consider moving my primary house network to its own Vlan and leaving 192.168.1.* to control the switches and the like though not ready for that complication yet.

    Untangle Filter rules
    Block basement interface access to Internal (need to add other combinations once I get this working)
    Block Internal interface access to basement (need to add other combinations once I get this working)
    Allow Camera interface access to Blue Iris's IP (temporarily off for testing)
    Allow Blue Iris's IP access to camera interface (temporarily off for testing)
    Block Camera interface access (temporarily off for testing)
    Block access to Camera interface (temporarily off for testing)

    Key DHCP reservations
    Each access point gets a 192.168.1.* reservation
    Each camera gets a 192.168.50.* reservation
    Netgear switch gets a 192.168.1.* reservation

    No other special routes or setup on untangle, I'm thinking maybe there is something else I need to do?


    Netgear Switch setup

    I've never used a managed or semi-managed switch before, so thinking this is what I am messing up:

    Key ports:
    16 is Untangle
    1, 3, 5 are reolink cameras
    7, 8 are Ubiquity access points
    all other ports are stuff on my primary house network including the ubqiutiy controller and blue iris machine (though if I get another managed switch in the future, could maybe better seperate the blue iris machine if needed)

    Vlan 1: all ports untaged except 1, 3, 5 are blank (my thinking is that this will allow the main network traffic flow to all ports)
    Vlan 9: all ports blank except 7, 8, 16 are untagged (my thinking is that this will allow basement network traffic to flow to untangle and the access points)
    Vlan 15: all ports blank except 2, 7, 8, 16 are untagged (my thinking is that this will allow guest network traffic to flow to untangle and the access points)
    Vlan 50: all ports blank except 1, 3, 5, 16 are untagged (my thinking is that this will allow camera traffic to flow to theaccess points)
    PVID: all ports set to tag 1 except 1, 3, 5 are set to tag 50

    Ubiquity Wifi networks
    Internal - untagged
    Basement - set to tag 50
    Guest - set to tag 15 and set as guest blocking everything in the 192.168.1.* range except allowing access to the printer
    Internet of things - untagged. considering making it a vlan in the future.

    No other special setup on ubiquity other than the wifi networks. There is a networking config tab but I think that only matters if you have a ubiquity branded router. Of course my life may be easier if I used a ubiquity gateway instead of untangle and a ubiquity switch instead of netgear, but trying to keep costs down as this is just a regular house and I probably already have enough tech here for a 30 person company.

    Based on this setup, I cannot access the cameras from the main network even when the filter rules are off. I am suspicious that they are somehow not even connecting to the DHCP server (even letting it sit for many hours) as when I switch ports 1, 3 and 5 back to PVID 1, then I can instantly access them at their prior ip address on the 192.168.1.* network (assume if they picked up a 50.* address there would be at least some lag and maybe a random address when switching backO).

    i feel like either I am setting up the switch incorrectly or I am forgetting to set up some type of routing on untangle. Maybe in addition to the having a hole in the filter for blue iris, I need some type of routing to get between blue iris and the cameras?

    Also having trouble with my ubiquity controller, but not 100% sure it is related.

    Thanks.
    Dave

  2. #2
    Newbie
    Join Date
    Feb 2015
    Posts
    11

    Default

    Since I wrote the post, I have continued reading and learned that I need to Tag the Untangle port on each Vlan. I have done so and think this is helping, but still need to test more.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2