I am just trying to set some Unifi cameras to have a static IP over on a VLAN. Right now they are just on 192.168.1.0 Network.
When I am in the Unifi controller and I click on the camera → setting IP settings It says “Requires are Unifi Gateway or layer 3 switch”
In protect there is Manage → restart / remove
and Advanced → advanced → Real Time Streaming Protocol (RTSPS)
Any help would be great!
Assign fixed ip address on the dhcp server giving out IP on the network
You mention vlan, have your setup your switches, router , etc with vlan settings
Pfsense is my dhcp server.
I have Unif switches.
Yes everything is set up. I actually have a Synology NVR (DVA1622) and cameras already on the “cameras” VLAN. I have outside cameras that the Synology manages and Unifi camera that the Unifi controller manages for inside.
I guess with other security cameras I would just log into the cameras and assign them the static ip address. Then on the unifi switch I would change “Native VLAN / Network” to the VLAN I want them on.
So you are saying for me to do it in pfsense " DHCP Static Mappings"?
thank you!
Yes use, DHCP static mappings.
Change the vlan on the switch port first, so the devices are getting the correct vlan ip address
Under DHCP Server (Select the correct network), scroll down to the end - add status mappings for the device. - Note the the ip address has to be outside the dhcp range.
Thank you, I will do that.
Have a good day!
So that worked great. However, I needed to add a firewall rule to all those camera’s to get back to the controller. Is this the most secure way of doing this?
My controller is over on 192.168.8.2 (In my first post I said 192.168.1.0, but its not)
my rule is
pass
Protocol: TCP
Source: the cameras IPs (I will put them all in a alias)
Destination: the controller (192.168.8.2)
Can I limit the scope of this rule?
When I’m googling it, I am seeing ports that need to be opened are 7442, 7444 and, 7550
Put the Synology NVR on the same network as the cameras, as most of the traffic will be between cameras and nas unit
Then create a pfsense rule to allow access to the Synology from the normal network,
If you do the above, block all internet access except for the nas - cameras do not need internet access
Sorry there is a confusion.
The Synology NVR is for my outside camera. That is set up and working.
I followed Tom’s
Securing Surveillance Camera Networks
I am talking about my UNIFI cameras going back to my UNIFI controller.
Need more info
What Unifi controller , what network is it on (i.e vlan, ip address)
Are there any other devices managed on the unifi controller
What network are the cameras on (vlan)
What firewall / router
Cloud Key Gen2 Plus
The controller is on the 192.168.8.0 network @ 192.168.8.2
It does manage my AP’s and switches
The cameras are now on my camera VLAN network 192.168.70.0 (you just helped me set up)
Firewall is Pfsense Netgate 7100
Within PFSense, create an alias with the cameras IP’s
Then create a firewall rule to allow camera access to the Gen2, source will be camera alisas to Gen2 IP all ports udp and tcp.
If you know the ports used, you could locked it down more to the ports but as the cameras can only access the gen2 , you limited security risk.
Sounds like you need to have that rule, otherwise the camera’s won’t be able to access the controller. Personally I would block WAN access on the CAM vlan as it doesn’t need it.