I have tried for days to setup vlan using an 8 port poe switch connected to a Tp-link TL-SG3216 switch connected to pfsense . My question is this: after I have setup pfsense for vlan and dhcp server for the vlan. Should the ip camera’s set to auto dhcp change from 192.168.1.XX to my setup 192.168.2.XX. I have cycled power hopping to find camera’s at new address. I do not want to climb the ladder for 5 camera’s, if i screw up!
I guess the question is: if everything is setup correctly, power cycling the poe switch, will that cause the camera’s to change to the new ip?
Having been in the same situation, I gave my IP Cameras fixed IP addresses on the camera vlan, new DNS and gateway, rebooted. Then I changed the port on the switch to the camera vlan.
If someone is handy with a crimper they can gain access to your network via the external ethernet cable, you ought to secure the camera vlan to not allow traffic out ! You can also use 802.1x if your camera supports it, that way a username and password is required to access the network too.
If you have the system setup correctly and the ports only offering the camera VLAN they should keep getting the same VLAN after a power cycle. Also, as @neogrid there is the potential for attack if you have DHCP & network access going to a cable outside of the house, but I will assume they are in a separate VLAN to keep them secure.
Thanks for the reply’s. I guess I have not setup the vlan correctly. When I make the changes to tp-link I can’t get access to camera’s . Can’t find them. Ip Scanner shows them at the old address but not functioning. I was looking for dhcp server to move them to the new ip. They are setup now with no wan access, mac address reserved. I am trying to restrict all access, only my network having access to them.
first of all. A VLAN acts as if you have dedicated switch for this lan. So if you setup a vlan and putt all the comera’s ports on the vlan (lets call it 2) to untagged only this cameras can talk to each other.
You need to add a vlan on the pfsense to the LAN Interfache. It will lock like lan.2. This port needs to be setup to tansport the vlan 2 tagged. On the pfsense you need to assign the new “created” interface for vlan 2 and give it a name and a ip. Like 192.168.2.254.
Then you should be able to see the new interface lan.2 unter services / dhsp server and can enable it.
I sugged you start wie a port on your switch attach a pc to it and check if you get dhcp offers.
If you camera’s are poe then you can powercyle them via the switch and could leave the ladder where it is stored
Hope this helps if you have questions feel free to ask.
thanks blex, I have given up on the camera’s. Going to start new topic help with vlan’s