Meraki

Community

VoIP and IP Security Cameras: VLANs /Subnets

MrBear
Here to help
‎Jul 9 2020 7:52 PM
‎Jul 9 2020 7:52 PM

VoIP and IP Security Cameras: VLANs /Subnets

Good evening,

 

I am so amazed by the level of help I’ve received from this community; thank you.

 

I am going to, again, ask for your suggestions on a few things but first, I think I should mention that my Meraki system is installed in my home, not a business (in case it helps with your response to my questions).

 

About me – I am mildly techie but I am not an IT professional like you all and Meraki is my first real network; so much of what I have read in the forums is over my head, so please keep that in mind too 😉

 

My Meraki system was installed on June 15th and other than a couple of remaining gremlins (mostly Crestron related), everything is working with everything on one subnet (192.168.1.x) and no VLANs. We decided to go this route to simply just get everything working, and then we would look at things like subnets, VLANS, etc.

 

So now I am ready to begin looking at best practices for security, ease of use & performance and at the same time I do like the KISS principal & I don’t want to needlessly make things overly complex if they don’t need to be.

 

Here’s my hardware overview:

Internet = (1) 450 Mbps service from Charter Spectrum

Router = (1) Meraki MX100 with the Advanced license

Switch = (2) Meraki MS350-48, stacked with 40G cable

Switch = (2) Meraki MS350-24

Switch = (2) Meraki MS120-8

AP = (10) Meraki MR46 (wifi-6)

AP = (2) Meraki MR76 (wifi-6)

Cameras = (3) Meraki IP cameras being tested now for consideration*

Cameras = (12) Axis IP cameras in use

Sec Storage = (1) QNAP NAS (65TB usable RAID-10) + QVR Pro Security Software

Music Streamers = (23) Linn DSM network music streamers

VoIP = (12) VoIP phones (make/model TBD)

 

Usage = Typical family of 5-6 usage (just a larger than normal house) and the only things that are not typical are:

 

  1. the number of security cameras running 24x7
  2. the number of music streamers
  3. VoIP phones
  4. several times a year, I host large fundraiser events than could have 200-300 present (it will be interesting to see how the Meraki Guest Network handles the next event lol).

 

I am evaluating VoIP phones right now and planning to implement something very quickly. I’ve read it is important to put them on their own VLAN, but that’s all I know. And I don’t know how to do it.

 

I've read I may want to also consider putting the IP cameras on their VLAN too but I don’t know how to do it.

 

Not sure about the various Crestron products that I have and if they should be on their own too or not.

 

So much to think about, that it’s overwhelming to me… however this community helped me get my Linn music streamers working; thanks again for that help!!

 

* more on this later but the only Meraki product I don't like are the cameras but with a new feature in the beta version, this make turn me into a Meraki camera fan

0 Kudos
2 Replies 2
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jul 10 2020 2:37 AM
‎Jul 10 2020 2:37 AM

Hello @MrBear 

 

To keep it simple you could leave your network as is....But the engineer in me slaps me on the wrist and tells me to do this the right way. 

 

So, you currently have a single VLAN (1) - 192.168.1.x/24.  Let's build out your IP schema to accommodate the extra VLANs and IP subnets.

 

Log into your MX > Security > Configure > Addressing & VLAN's.  Down the page there's the Routing header with LAN setting <VLANSs/Single LAN>.  Your's will currently be set to Single.  Select VLANs.

 

UCcert_0-1594372718729.png

 

Now click Add VLAN and populate as per below.  I assume you don't have a preference on VLAN numbers and which IP addresses to use so I've kept it simple. 

 

UCcert_1-1594372770142.png

 

Click Update, now lets add another for your CCTV network:

 

UCcert_2-1594372867789.png

 

Click Update again.  You should now have your 3 VLAN's for your network.  If VLAN 1 has disappeared just add it back in again using the above steps.

 

Now we need to pass these VLAN's to the rest of your network.  Staying on your MX and the same page as above scroll down to Per-port VLAN settings.  Click on the port number that you're using to connect the MX to your switch and enter the below configuration.  The port is now configured as a Trunk and is passing all VLAN's to the downstream switch.

 

Forgot to mention - make sure you're saving the config as you go.

 

UCcert_3-1594373086114.png

 

Now we need to configure your downstream switch port that the MX is connected to and also assign the voice and cctv VLAN's to their designated switch ports.

 

Switch > Switches > click on the switch that your MX is connected to.  Click on Ports then the link Configure ports on this switch.  Now click on the port that is connected to your MX

 

UCcert_4-1594373419405.png

 

Port information for that port will appear.  Click on the Configuration link

 

UCcert_6-1594373577321.png

 

Configure the port as per below.  You can of course change the Name of the port.  To read through this it may look long-winded but this is pretty standard stuff.

 

UCcert_5-1594373514998.png

 

To configure a voice and data port simply find and select the ports you which to configure and enter as per below.  All we've done is assign VLAN 1 as the data vlan and 2 for Voice.  Simple as that.

 

UCcert_7-1594373735298.png

 

Looks like you have quite a healthy WAN/Internet pipe so should be able to handle all your traffic.  But....if your internet usage is quite heavy and bursty i.e gaming, streaming then Voice may suffer.  Is your provider able to split the pipe and guarantee say 5Mbps solely for Voice?

 

Have fun

 

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
In response to DarrenOC
MrBear
Here to help
‎Jul 10 2020 6:20 AM
‎Jul 10 2020 6:20 AM

Thank you @DarrenOC 

 

I was slightly mistaken, my Meraki professional DID create a single VLAN, which he named "Data" and he connected the MX100 port 11 to switch#1 (MS350) on port 45 - SEE PHOTO

 

This is the main rack (rack 1 of 5) and is located in the basement. I call the MS350 directly above the MX100 "Switch-Basement(1)" and it connects to "Switch-Basement(2)" via a 40G Stack Cable in the back.

 

So I setup additional VLANS per your message but I am confused about my remaining steps regarding ports on the MX100 (ports 2-10).

 

To keep with baby steps... first let's focus on the IP Camera VLAN - so there would be about a dozen IP cameras and one NAS (that records the streams) that would go onto VLAN 5.  The cameras and NAS do not all connect into these two switches but many do.  The remaining cameras are connected into various other Meraki switches located in different racks.

 

In addition to the single cable that is in place now, do I also connect a cable between the port 5 on the MX100 and the MS350 too?  If so, where do I connect it (which switch and port). Don't laugh but gotta ask 🙂

 

I will likely have a few more questions after this but its a fantastic start 🙂

 

Here's what I have thus far..

 

My dashboard as of this morningMy dashboard as of this morningIMG_1819.jpegMain Rack (1 of 5) - basementMain Rack (1 of 5) - basement

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.