Putting Meraki Security Camera on my LAN Network

SOLVED
SCC
Building a reputation

Putting Meraki Security Camera on my LAN Network

Hi All,

I have a problematic situation the thing is that due to some limitation i can not have a new VLAN configured. so is it possible if i put the Meraki security cameras in the same LAN network VLAN.

 

I know the good practice is to keep the security camera in seperate VLAN. but i just wanted to know will it be a problem if i keep the Meraki security camera in same VLAN as LAN network.

 

Thanks

1 ACCEPTED SOLUTION

For what it is worth - in certain networks we have placed camera's on the LAN - No VLANS present. Without any issues

View solution in original post

9 REPLIES 9
EJN
A model citizen

I'm not the best person to reply (wait for others), but I will add that if you do have them in the same network, go into your DHCP settings and assign a separate subnet just for the cameras. This will help you identify them more easily or separate by IP address if needed. Mine are PoE and the DHCP server gives them a separate IP address subnet based on the leading characters of the MAC address.

 

For example, if MAC address equals AB-CD-12-xx-xx-xx (where xx is a wildcard), assign IP address from 172.16.110.1 to 199. Whenever I see 110 subnet in my network monitoring tools, I know it's a camera.

 

I'm not saying this is the best or only method. This is one possibility and it's working good for me.

Esteban J Nunez
School and Church
K-12 Education
SCC
Building a reputation

@EJN 

 

Well, I dont see such option on the SOPHOS Firewall. I have only one VLAN for LAN network, I can add Meraki Security Camera in the same LAN network, i have no issue what IP they picked. As i will be monitoring them from the Meraki Dashboard. My only concern is that if i will put the Meraki Camera in the same VLAN of my LAN Network where i have PC/desktops etc. Will it cause any issue or problem.

BlakeRichardson
Kind of a big deal
Kind of a big deal

@SCC  yes its not best practice to have security devices on you main LAN however it will work. The only way to view footage from a Meraki camera is through the dashboard so its not as though someone can hack the camera and view its footage. 

 

If you have an MX you could setup another VLAN and have that routing through your MX, that would be more secure.  

SCC
Building a reputation

@BlakeRichardson 

 

The problem is that I have SOPHOS Firewall not MX. The other option i was thinking to put these Meraki Cameras in Management VLAN. As I have just two more switches in this VLAN and its easy for me to put these Meraki Cameras into this Management VLAN.

 

 

Hey @SCC ,

 

you can add a new VLAN on a SOPHOS firewall too. 

It's not kind of a big deal.

 

So add a new VLAN on SOPHOS, set UPLINK to your Switch and configure an access port in the created VLAN for the Camera.

 

Greets

Putting it in the management VLAN is not a bad option as long as you can get to it from your production VLAN, you should be fine.

@SCC  your Sophos firewall should support you setting up one of its interfaces as a tagged interface. 

For what it is worth - in certain networks we have placed camera's on the LAN - No VLANS present. Without any issues

hoempf
Getting noticed

As many are saying you should be able to easily add a VLAN on the Sophos FW to be used for the camera. But if for whatever reasons you can't (or are not allowed to) don't worry. It's not like the camera is going to do something bad to your network or other clients. Also clients trying to "hack" into your camera is IMHO an unlikely scenario.

But consider this: If you want to look at camera footage and are not able to directly communicate with the camera (by putting it on a VLAN without access to other VLANs) then your video feed will go over the WAN (only while looking at it, that's the beauty of storage on the cameras). Also there are some features like fast-forward which are not available to you if you only have a cloud connection to the cams. If you have one single cam that's probably not an issue, but depending on your WAN something you want to consider.


Cheers!
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.