cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
208
Views
1
Helpful
1
Replies

Cisco 3560cx 12pd-s, setup isolated Vlan for my ip cameras and NVR

CiscoKid74
Level 1
Level 1

Hi Cisco Community. I would like to setup a separate DHCP pool for the cctv VLAN with a separate IP address range set the pool size to number of devices +1 and static bind them all, then set firewall rules to stop the home LAN from reaching the cctv VLAN except for the viewer ports. And set rules to stop the VLAN from reaching the lan and wan except for ports required for remote viewing and time sync and maintain the security of the network and not allow the cameras/nvr to talk out except for the remote viewing capability only.

I really appreciate all the help. I have no knowledge of doing this at all. If there is someone to create a config file and upload it to my switch would make things easier if possible of course.

Router is Asus Gt Ax-11000 Rog.

The switch is:  Cisco 3560cx 12pd-s. 

GATEWAY:  192.168.1.1

NVR : 192.168.X.XXX:XXXX

IP CAMERA 1 : 192.168.X.XXX:XXXX

IP CAMERA 2 : 192.168.X.XXX:XXXX

Thank you.

1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

Depends on the setup where your Layer 3 SVI interface located

is this on router or switch (some time switch act as just Layer2)  rest everything will be done on router.

not sure what capable of your router can do the task :

Option1 Router as Gateway for all the VLAN and Switch just act as Layer2

Router to switch (create a Trunk and allow all the VLAN 

Router to Access control between the VLAN what to access and what to not access.

Option2 :

Switch act as Layer 3, so you create all the Layer 3 SVI associated with VLAN

you create a ACL to between VLAN to access or deny

check below guide example :

https://www.practicalnetworking.net/stand-alone/routing-between-vlans/

NOTE :

The acl logic applied to an SVI on a switch.
IN = traffic originating from with in vlan
OUT=  traffic originating from out  vlan

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help