Configuring Insight managed switches to work with both a private network and a domain
Greetings,
I recently purchased 8 x Netgear GC510PP & 5 x Netgear GX728XP switches for a factory I work in. This factory is a global manufacturer and they have their own domain
In the factory I work out of, we recently upgraded the 13 existing security cameras with newer POE models, plus we’ve added 46 brand new POE cameras. Currently, those new cameras are not yet connected to any network. The original 13 are connected to the factories’ domain switches.
All of the PoE camera's are Pelco model cameras and connect to a brand new Pelco DVR with dual NIC. Currently the Pelco DVR is set up for DHCP, connected to a domain switch (also received internet access through the domain switch, but is not a member of the domain) and the 13 original cameras are connected and recording to the DVR.
Our goal is to take all 59 cameras, put them on a private network, and connect them all to the DVR. The difficulty is that the private network needs to be able to be accessed by a few members of management who are on the domain and also our guard house will need access to those cameras as well.
Before I purchased any switches I did some homework, I initially was going to go with Ubiquiti brand but after further investigation I noticed their operating temperature threshold was considerably low compared to Netgear and Cisco. I also called and spoke to a very knowledgeable sales associates at Netgear. I told him what I was planning to do and asked if the 2 model switches I had picked out were capable of doing that and he knew right away that they could. He mentioned that those switches came with free setup-support and free insight for a year; but he also added that a subscription only costs $9.99 per switch per year. (I later found out the free program is ending next month?)
I spent several hours this past weekend feverishly researching how to do this task. I think I have a good idea but I do not know how to specifically implement it with these switches.
The 13 switches will be all interconnected via fiber. There will be no redundancy, unfortunately… and some switches will branch off to 4 other switches throughout the factory. I would like to set them all up for a 192.168.x.x private LAN. Each switch will have anywhere from 1-14 POE cameras connected to them, so they shouldn’t be over loaded… and only Pelco PoE traffic will be present (with the exception to the few users watching the cameras from the Pelco app or the guard house).
I think each fiber connection will have to be set up as a trunk connection, and do I need to make 2 VLAN’s on each switch? One for the private network and one for the KraftHeinz domain? That IP range is 10.196.x.x.
I definitely would like to work with someone who is very knowledgeable on this type of setup (it is probably easy for most of your techs… but in-depth networking is definitely not my strong point).
I did buy the appropriate amount of SFP modules, mostly 1Gbps but a few 10Gbps ones also.
Another question I have…am I over thinking this? Is there a better solution? Each user is going to have a 10.196.x.x IP address and they will be on the <factory domain>. Can they access the cameras another way even though they're on the domain? Maybe using something like a separate VPN on their laptop/computer? Some of them already use a VPN when they take their laptop home in order to connect to the network.
I am a domain admin but I have no access to the existing network switches due to the contract with a 3rd party that maintains and monitors their existing business network.
I do have full access to the DVR and of course, all of these switches are registered to me with my Insight account.
I added a picture if it helps anyone. The number in red below represents the number of cameras connected to that specific switch.
Model: GC728XP|Insight Managed 28-Port Gigabit Ethernet PoE+ Smart Cloud Switch with 2 SFP and 2 SFP+ Fiber Ports
Re: Configuring Insight managed switches to work with both a private network and a domain
Let's keep this simple: Sync the requirements and VLAN and IP subnetwork configs with the KraftHeinz/Mondelez. At the hand-over point there will be just the assigned VLAN tagged (or untagged) of course.
No idea if it's a good idea to have multiple VLAN and IP subnetworks for the DVR system, unless it allows such a set-up.
Another point which hit my auditor eyes was the "all of these switches are registered to me with my Insight account". Definitively a bad idea. As a customer, I would not accept this - the devices and the cloud config must be registered to the correct owner, I assume that's KraftHeinz. Some kind of a shared mailbox or a tech e-mail address (where you have access to of course) would be a good plan.
Re: Configuring Insight managed switches to work with both a private network and a domain
Good morning,
Thank you for your reply. I was able to get the switches configured to a working state. 2 of them were 'tricky', but the rest were just configured for a VLAN and static conditions... with the SFP ports acting as Trunk to the next (or return) switches.
Most of the switches were just for the static PoE cameras and I didn't need to involve working them into the domain.
The 3 in question were the MDF Netgear switch (that several come back to), one that the guard uses (they have to have a separate PC on the domain, a VoIP phone, networked printer) and then another PC dedicated for camera viewing. This was challenging but not difficult to get to work because I had at least 2 ethernet home runs back to the MDF... so I kept the one as is and patched the other home run into the private lan.
The REAL tricky one was one that I was setting up the private LAN for the cameras on ports 5-8, 10 and the Domain on 1-4, 9 but the difficult (for me) part is getting them to work with only ONE fiber run back to the MDF. I am not even sure it is configured correctly, but we'll find out later today.
As for registering, I agree with you. I did create a "kraftheinz" sub-account within my netgear profile for that specific factory. I do have other sub-accounts with Netgear equipment I manage for other sites. For me, it is so much easier to configure the switch on my home lan, just boot it up out of the box, let the insight app discover it, assign it to the correct sub-account or group, then let insight update the firmware and 'optimize' it. I also make little "booklets" that I hand off to 2 key individuals within the respective companies when I do this kind of work. Those booklets contain every bit of information, fully detailed, in relation to the project associated with those switches.
I am very thankful to the members of the Netgear tech support team that helped me. This was the support offered for 90days from date of purchase that they will help you troubleshoot and guide you through setting things up.
