05-18-2024 09:27 AM - edited 05-18-2024 12:54 PM
Hi Cisco Community. I would like to setup a separate DHCP pool for the cctv VLAN with a separate IP address range set the pool size to number of devices +1 and static bind them all, then set firewall rules to stop the home LAN from reaching the cctv VLAN except for the viewer ports. And set rules to stop the VLAN from reaching the lan and wan except for ports required for remote viewing and time sync and maintain the security of the network and not allow the cameras/nvr to talk out except for the remote viewing capability only.
I really appreciate all the help. I have no knowledge of doing this at all. If there is someone to create a config file and upload it to my switch would make things easier if possible of course.
Router is Asus Gt Ax-11000 Rog.
The switch is: Cisco 3560cx 12pd-s.
GATEWAY: 192.168.1.1
NVR : 192.168.X.XXX:XXXX
IP CAMERA 1 : 192.168.X.XXX:XXXX
IP CAMERA 2 : 192.168.X.XXX:XXXX
Thank you
05-19-2024 02:58 AM
Depends on the setup where your Layer 3 SVI interface located
is this on router or switch (some time switch act as just Layer2) rest everything will be done on router.
not sure what capable of your router can do the task :
Option1 Router as Gateway for all the VLAN and Switch just act as Layer2
Router to switch (create a Trunk and allow all the VLAN
Router to Access control between the VLAN what to access and what to not access.
Option2 :
Switch act as Layer 3, so you create all the Layer 3 SVI associated with VLAN
you create a ACL to between VLAN to access or deny
check below guide example :
https://www.practicalnetworking.net/stand-alone/routing-between-vlans/
NOTE :
The acl logic applied to an SVI on a switch.
IN = traffic originating from with in vlan
OUT= traffic originating from out vlan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide