Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about isolation of a network.


  • Please log in to reply
24 replies to this topic

#1 pistol22cal

pistol22cal

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:48 PM

Posted 28 September 2017 - 09:33 AM

Scenario

 

Wireless Router Modem / Netgear 7550 from Frontier - internal network is 192.168.1.1

 

NVR security system connected to the modem via ethernet set to MAC address reservation for and internal IP of 192.168.1.108

 

Camera's pull IP from NVR at 10.1.1.1 - 20

 

What I need to do is separate this whole network from the home network. I dont want it accessible without persistent routes 

 

Would having a separate wireless router connected to the modem and disabling the modems wireless resolve this issue?

 

If so what would the new wireless routers internal ip scheme and subnet need to be to separate it? 

 

 


I Love Lamp!


BC AdBot (Login to Remove)

 


#2 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:12:48 PM

Posted 28 September 2017 - 09:45 AM

Interesting this router has a DMZ feature which should allow you to accomplish what you are trying to do simply configure your DMZ.

 

Frontier Netgear 7550 Router Manual


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#3 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:12:48 PM

Posted 28 September 2017 - 09:47 AM

Can you give a network diagram as to how you have the network laid out so I can get a better understanding?


Edited by arlattimor, 28 September 2017 - 09:47 AM.

A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#4 pistol22cal

pistol22cal
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:48 PM

Posted 28 September 2017 - 09:48 AM

Can you give a network diagram as to how you have the network laid out?

 

I can let me draw out a diagram on lucidcharts right fast, brb! 


I Love Lamp!


#5 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:12:48 PM

Posted 28 September 2017 - 09:49 AM

Thank you.


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#6 pistol22cal

pistol22cal
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:48 PM

Posted 28 September 2017 - 10:00 AM

https://imgur.com/1RXFeRF


Edited by pistol22cal, 28 September 2017 - 10:12 AM.

I Love Lamp!


#7 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:12:48 PM

Posted 28 September 2017 - 10:12 AM

So let me make sure I understand. So the cameras that the NVR is recording from are not physically on the same network. The NVR is recording these Cameras remotely is that correct? What you wish to accomplish is to get the NVR off of the 192.168.1.0/24 network is that correct?  


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#8 pistol22cal

pistol22cal
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:48 PM

Posted 28 September 2017 - 10:14 AM

So let me make sure I understand. So the cameras that the NVR is recording from are not physically on the same network. The NVR is recording these Cameras remotely is that correct? What you wish to accomplish is to get the NVR off of the 192.168.1.0/24 network is that correct?  

 

Everything is physically connected - the modem connects to the NVR and the cameras connect the the NVR directly via ethernet 

 

The modem is set to assign the NVR a static IP via MAC Address Reservation

 

The NVR assigns the cameras IP as 10.1.1.** the cameras get their DHCP from the NVR


I Love Lamp!


#9 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:12:48 PM

Posted 28 September 2017 - 10:15 AM

I see ok, so the NVR is acting as a Router, and DHCP Server


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#10 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:12:48 PM

Posted 28 September 2017 - 10:18 AM

So do you wish to get the NVR off the 192.168.1.0/24 Network Range? If that is so then all you should have to do with this Netgear 7550 Router is configure the DMZ and plug the NVR into the DMZ port.


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#11 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:12:48 PM

Posted 28 September 2017 - 10:23 AM

If you have the manual. To configure your DMZ is on page 19 


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#12 pistol22cal

pistol22cal
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:48 PM

Posted 28 September 2017 - 10:24 AM

So do you wish to get the NVR off the 192.168.1.0/24 Network Range? If that is so then all you should have to do with this Netgear 7550 Router is configure the DMZ and plug the NVR into the DMZ port.

 

No, what I want is for people that connect to the wireless service of the modem to not be able to access the NVR ---- If this would require another wireless router I am ok with that. 


I Love Lamp!


#13 pistol22cal

pistol22cal
  • Topic Starter

  • Members
  • 294 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:48 PM

Posted 28 September 2017 - 10:29 AM

https://www.lucidchart.com/invitations/accept/54d887b5-f932-4712-a8f9-5eb3f5c33ae4

 

 

Something like this is what I am after

 

I thought DMZ can cause some issues......Forgive me but I have 0 experience with DMZ


Edited by pistol22cal, 28 September 2017 - 10:31 AM.

I Love Lamp!


#14 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:12:48 PM

Posted 28 September 2017 - 10:30 AM

 

So do you wish to get the NVR off the 192.168.1.0/24 Network Range? If that is so then all you should have to do with this Netgear 7550 Router is configure the DMZ and plug the NVR into the DMZ port.

 

No, what I want is for people that connect to the wireless service of the modem to not be able to access the NVR ---- If this would require another wireless router I am ok with that. 

 

 

Precisely, and in order for you to do that you would be putting the NVR on an entirely different Network Range / Subnet whether the NVR is placed within the DMZ or you have added another wireless router this is the over all goal.


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#15 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:12:48 PM

Posted 28 September 2017 - 10:31 AM

Sorry don't have access liquidchart


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users