1. Guest, Thank you for visiting Rc-Help. Please do NOT post tech questions in this section, post them in the Tech section instead. Thank you.
    Dismiss Notice
  2. If you would like to get rid of these banners and the ads within the posts, all you have to do is sign up and they will go away!
  3. Welcome to Rc-Help, are you here looking for the PDF Plans? They are located in the store in the tab above, but you must be signed in to access that part of the site. It only takes a second to sign up!
  4. Like Us On Facebook!
    Hello Guest, it occurred to us during that last server failure that we had no way of informing the members of the site of the failure and I would like to invite you to like us on facebook so that you can get updates if the site happens to go down again. We don't post much over there unless we are updating the members so we will not flood your feed like some places do. Just click on Like and then allow notifications and that's it. See you there soon!

    Click Here To Rc-Help's Facebook page!
    Dismiss Notice
Dismiss Notice
Hey Guest, I see you are not signed up on our forum yet. Did you know Registration is FREE and is only a couple clicks away? You can even sign in from Facebook, Twitter or Google+ for your convenience! So what are you waiting for, CLICK HERE to join in on the conversation!

My Surveillance System Project

Discussion in 'RC-Help Lounge' started by Tony, Mar 30, 2019.

< Happy Easter Birthday BigDave! | Need Some Linux Help >
  1. Tony

    Tony Administrator Staff Member

    Blog Posts:
    14
    Joined:
    Feb 21, 2011
    Messages:
    35,208
    Likes Received:
    1,385
    Trophy Points:
    113
    I had started to write a very long story about my setup, but the more I went, the more I realized that not many people would actually want to read it. So I thought I would do a much shorter version, but add to it every once in a while like I do with my Saltwater thread. Past questions can probably be answered in the Spoiler below. But for now, we will just start with today. Ask any questions you have.

    Today, I figured out some settings that took my server load from 70% all the way down to only 30%. That is going to save some energy! And I'm running 5 cameras as well as Plex. It was a decent day for the most part Network wise. I do have other issues that we will cover later.

    Over the last few weeks, I have been playing around with trying to upscale my surveillance system and make it even better. I have been running, for many years, a Swann NVR8-7072 system that used to have 8 cameras running on it. I say "used to have" because 3 of the cameras are completely dead, one camera has a pink hue to it because one color of the sensor completely died, possibly two colors. Now that I think about it, I'm going with two colors since it is red, so the green and blue have died on that camera. And my final camera that is still working doesn't always work, it cuts out more often than it is actually on. Oh, and I have yet another camera that the motor on the IR Cut filter has died so it has NO night vision. It just switches to black and white with a very dark image.

    I do have the other cameras that have died and I have taken them offline and off the house and are inside in my "server closet". What dies on these cameras is the main chip overheats if you live anywhere other than Alaska. I live in Oklahoma where we get over 100ºF in the summer and these cameras get hit with direct sunlight. So they get hot and they die. But, I do have another camera and sensor board from one of the dead cameras that I can put into the one that is nothing but red, and I can take that motor for the IR Cut filter and put it on the one that doesn't have night vision. The one that is cutting out, I can do nothing about other than replace it.

    So I did some talking with the wife, and I started doing some research on new IP cameras and that is when a lot of questions started to come up. The first was are some of these cameras ACTUALLY POE? My cameras have an RJ45 jack with a separate 12v plug that you have to run power to. So I kept seeing all of these cameras with an RJ45 AND a power plug. To my knowledge, this meant they were NOT POE (Power Over Ethernet. Ethernet is the cable the RJ45 plug is connected to, and the RJ45 plug is what you plug into the back of your computer for those that don't know). But Randy (@rdsok) posted up in another thread that a lot of IP cameras will come with both connectors and can be powered either way. This got me to looking even deeper.

    The first thing that I did was I took one of my old, bad cameras and I connected it up to a POE injector that I had. I can still apply power to these cameras and the IR lights (Inferred lights) still turn on (they have a very slight red glow to them). Even though the cameras main board is dead, this board still works and tells me that they are powered on. I plugged them into the POE Injector and... Nothing. I plugged in the regular 12v adapter and the lights came on. That is when I noticed my POE injector is only 24 volts and not 48 that most other POE systems use. Even Randy didn't know about this. So I was still in the mind set that POE was a single cable, and shouldn't have a separate 12v plug.

    My researched continued into POE cameras and every single one of them had the dual plug. So I started reading some of the fine print. It stated, clear as day, that you could use EITHER POE power from a switch OR you could use the INCLUDED 12v power supply to power these cameras. I do find it funny though that these cameras ONLY come with 1 meter long wires for both the power and ethernet lol. One person left a negative review because of this lol.

    Okay, with that now known I decided on a cheap camera just to test out my system and try some things out on the server. We will talk more about the server here in a little bit. I settled on the WIRED SV3C ProHD 1080P cameras since I didn't want to clog up my wireless network with a surveillance system. And, it's harder to hack a wired connection than it is a wireless connection. I will leave a link to the exact cameras in the bottom of this post.

    For $40 a camera, being 1080P and POE, lets just say that my hopes were not that high. I expected them to be about the same quality as the cameras that I already have, but I was pleasantly surprised.

    Lets talk about my network setup real quick. I have been running, for quite a few years, an Asus AC3100 router with a 4 port switch. I used that 4 port switch (the 4 plugs on the back of just about any wireless router) to spread my connection out to different parts of the house where I would in turn, add another switch to split that signal so I could connect everything. As an example, lets take my main living room setup. I have one cable coming from the wireless router over to my living room TV where I have it going into an old WRT54G router running DDWRT. I used to do this wirelessly, but now, I'm just using the switch. I have assigned the WAN port to the switch so I have a total of 5 ports on this one. These provide a connection to almost everything. Over there I have my TV, PS3 (shutup), xbox360 (I said shutup), Surround Sound and my aquarium. If you are counting, that is 5 components that need a signal, but I only have 5 ports and I need one for the wired connection. So one of them is always left out and it is NEVER my aquarium lol.

    So I also have a wire like that running to my office, but that one is plugged into an actual 10/100/1000 8 port switch that is sitting on my desk. I don' t need all 8 ports but it was cheap and it is rather small. All of these switches are also known as a "Dumb" switch or "Unmanaged". Well, I was tired of not having any control over each device, only relying on blocking a MAC address to limit some things. So it was time to upgrade my network. So I went searching on eBay. Where else do you look? lmao.

    I found a Brocade FastIron FCX648S-HPOE switch. This switch is 48 ports, all gigabit and all POE. It also has two other cars plugged into it so you can do other things like connecting multiple switches together and so on. Also, it has dual power supplies so if one goes down, the switch will stay up. I just run one though lol.

    Fantastic, now I have a switch to run everything in my house! Downside? I have to ACTUALLY RUN ethernet cables to EACH component lol. I will get there, eventually.

    My server was donated to me by Randy that started out being just the power supplies so I could do more charging setups or something. But he asked if I would want the entire server and I said yes. The other server that I had was only 32 bit and this one was 64 so it was a no brainer. One drawback was the lacking amount of RAM that it had and it only had one out of the two CPU sockets populated. And it was populated with one of the lower end CPU's. This had to change.

    First upgrade to the server, I took out the old memory and replaced it with 16GB of ECC memory specifically for a Xeon CPU. After a little while, I purchased two Xeon CPU's and populated both sockets, and this time, with the highest end CPU I could put in there that this motherboard supported. Those two CPU's cost me $28. lol. So then I had to get a cooler for the second CPU and the cooler ALONE was over $45. Go figure lmao. But this server was now as fast and as powerful as it could possibly get. It's old, so don't expect i9 9900k style performance here. We are talking about non hyperthreaded quad core Xeons running at 2.83GHz so lets keep the expectations real here lol.

    I had been running VMWare but the memory usage was out of this world. I know, it allocates memory but if you do a top or htop command you will see that it is not "using" it all. I know. But this still caused issues with things like plex that needed that memory for encoding. So I pulled that drive out that had the VMWARE config and I decided to give UnRAID a try. I had heard good things about it and they offered a 30 day free trial. Nothing to lose!

    The first day I had UnRAID I knew I was going to buy it. Way better IMO than VMWare for a single person with limited power in his server and not anywhere near as confusing to use compared to FreeNAS (a NAS is why I wanted to try it). So I kept testing. I found that Plex would install with one URL, and it did! Wow, that was easy. So now, lets setup the NAS. I had already installed one of my 8TB drives into the server for testing, and that is where Plex was installed. The OS for UnRAID is installed on a USB Thumb Drive that dumps its contents into RAM once you power it up so it is not constantly writing to it. So it was time to setup the NAS. I created my share, I added a new network drive to my computer and boom, it just worked. It even showed the ACTUAL drive size, used and free space unlike other programs that I had tried. Loving it!

    We are not going to get into the issues I'm having at the time of this post with the NEW router my ISP gave me for the gigabit internet... Lets just say things are not working out too well and I keep having to search for IP addresses because I can't manually link MAC and IP's together in this new router. This will be resolved next Thursday when they bring me a simple modem that converts light to copper and I plug it into my Asus Router.

    Now it's time to talk about Surveillance Software. There is a LOT out there let me tell ya. Just off the top of my head, you have BlueIris, iSpy, ZoneMinder, MotionEye and Xeoma. Those last 3 have dockers you can actually use to install them onto UnRAID. I was going to go with BlueIris since it is pretty much the most popular out of all of them, but never could get it to install on UnRAID. So I decided to go with ZoneMinder. Yes, I tried MostionEye and Xeoma, but they were lacking on functionality.

    ZoneMinder, the Open Source surveillance software that "can" be awesome! They even have an app (for $5). Setup of this is VERY confusing at first. My hardest issue so far was permissions for directories. You would think, if ZM created the directory, it would give ownership to the directory.... NOPE. Once that was figured out, it was time to install some cameras. Now, I started all of this before I purchased the above mentioned cameras. So I had to test with my Swann cameras and to do that, I had to find the RTSP address they were broadcasting on. This, was not fun. But, I found it and I was able to pull the image and put it on ZM. I added all 5 of the cameras that I had left running, but camera 5 (out of 8, the one that kept cutting out) didn't want to work and then the pink camera didn't want to work. Screw it, I just tested 3.

    You would think that just 3 cameras would be really easy to setup and wouldn't tax the system much. Man was I wrong. At 720P/30 (sometimes up to 60fps) it put a load on my server that would bring it to its knees. Add plex on top of that and yea, buffer city.
     


  2. Tony

    Tony Administrator Staff Member

    Blog Posts:
    14
    Joined:
    Feb 21, 2011
    Messages:
    35,208
    Likes Received:
    1,385
    Trophy Points:
    113
    I just checked my server tonight and the CPU load is down to less than 20%. That was a nice little surprise.
     
  3. Tony

    Tony Administrator Staff Member

    Blog Posts:
    14
    Joined:
    Feb 21, 2011
    Messages:
    35,208
    Likes Received:
    1,385
    Trophy Points:
    113
    :poidh:

    Here you go. Bonus memory useage as well. 5 cameras, all constantly recording and plex server going. Loving it.

    cpu load server night.png
     
  4. bigone5500

    bigone5500 Well-Known Member

    Blog Posts:
    0
    Joined:
    Mar 22, 2017
    Messages:
    2,026
    Likes Received:
    66
    Trophy Points:
    58
    Location:
    Louisiana
    Best surveillance method- several hungry Rottweilers.
     
  5. bigone5500

    bigone5500 Well-Known Member

    Blog Posts:
    0
    Joined:
    Mar 22, 2017
    Messages:
    2,026
    Likes Received:
    66
    Trophy Points:
    58
    Location:
    Louisiana
    Oh. And you must install the no chains mod.
     
  6. Tony

    Tony Administrator Staff Member

    Blog Posts:
    14
    Joined:
    Feb 21, 2011
    Messages:
    35,208
    Likes Received:
    1,385
    Trophy Points:
    113
    I have an internal system like that, but just a single 140lb Doberman :chuckles:
     
  7. D.O.G.

    D.O.G. I Support Rc-Help! Rc-Help Supporter Goblin 380 Supporter

    Blog Posts:
    0
    Joined:
    Jul 9, 2013
    Messages:
    2,601
    Likes Received:
    92
    Trophy Points:
    58
    Gender:
    Male
    Occupation:
    Disable
    Location:
    Inverness,Florida
    45 hollow points :shhh:
     
  8. Tony

    Tony Administrator Staff Member

    Blog Posts:
    14
    Joined:
    Feb 21, 2011
    Messages:
    35,208
    Likes Received:
    1,385
    Trophy Points:
    113
    With me at all times.
     
  9. Tony

    Tony Administrator Staff Member

    Blog Posts:
    14
    Joined:
    Feb 21, 2011
    Messages:
    35,208
    Likes Received:
    1,385
    Trophy Points:
    113
    So last night I was doing some poking around in the switch and I think I just need to start over and clear out the boot memory. Not the Primary or Secondary Flash, but the boot! I learned my less on that one.... As in having to purchase a new switch kind of lesson....

    From what I have read, If you set it back to default settings, it is basically set to be a "dumb switch" and just route traffic where it needs to go. No vlans (well, there is one vlan, for every port, it's called Vlan 1 and named Default Vlan), no ip addresses, nothing. This is mainly because even after restarting the switch, I have a command in startup that is a no command. Usually when you do a "no" command such as "no ip int e 1/1/1", it will remove the ip from that interface. And for those that don't know, "int" stands for interface and "e" stands for ethernet. And once you run that command, it is supposed to remove what you are telling it to remove and that is it. It should not be in the startup flash. But yet, it's still there.

    So I think I'm going to take @callsign4223's suggestion and go back to factory defaults and start with a dumb switch and set 12 ports to "play with" until I get a feel for this thing. But in order to do that, I have to take down my entire network which I really don't want to do.... This is frustrating lol.
     
  10. D.O.G.

    D.O.G. I Support Rc-Help! Rc-Help Supporter Goblin 380 Supporter

    Blog Posts:
    0
    Joined:
    Jul 9, 2013
    Messages:
    2,601
    Likes Received:
    92
    Trophy Points:
    58
    Gender:
    Male
    Occupation:
    Disable
    Location:
    Inverness,Florida
    Oh wow. The more I think about it, the more I'll just stay with the surveillance setup I have now. Sounds like a wonderful setup Tony but way to fancy for my pee brain lol.
     
  11. Tony

    Tony Administrator Staff Member

    Blog Posts:
    14
    Joined:
    Feb 21, 2011
    Messages:
    35,208
    Likes Received:
    1,385
    Trophy Points:
    113
    It's like learning how to fly a helicopter. There is a very steep learning curve in the beginning, but gets easier after a while. I just need to figure out the basics before I dive in and enable the layer 3 features of this thing lol. Which is does have, and that means I can get rid of my Asus router at some point and let the switch do all of the network routing for me. I'm sure Matt will think otherwise lol. He likes the KISS method lmao.
     
  12. murankar

    murankar Moderator Staff Member Armed Forces

    Blog Posts:
    9
    Joined:
    Dec 4, 2011
    Messages:
    8,722
    Likes Received:
    356
    Trophy Points:
    83
    Gender:
    Male
    Occupation:
    Soldier
    Location:
    Eastlake, Ohio
    Yeah every switch port is assumed to default vlan 1. Vlan 1 can be set with an IP but not needed for a basic setup. I can dig out my notes and get you some more basic house keeping commands. Thomasville setting up remote admin, needed to admin the switch from IP instead of counsel. Its not overly difficult at a basic level.

    It's essentially setting up subnets in the switch.so if you don't know or understand that topic then keep it simple.
     
  13. Tony

    Tony Administrator Staff Member

    Blog Posts:
    14
    Joined:
    Feb 21, 2011
    Messages:
    35,208
    Likes Received:
    1,385
    Trophy Points:
    113
    I understand subnetting and such. I need to just buckle down and play with it. A lot of it is the same as Cysco bu tthere are some that are way out in left field, such as doing a factory reset. On the ICX series, unplug it, hold in the reset button and plug it in. Easy. Others, you do a factory reset command and boom, done. No harm no foul. On this one though, I'm pretty sure the only way is to do the 'erase startup-config' command and hope for the best. If I kill this one, I'm done.
     
  14. Tony

    Tony Administrator Staff Member

    Blog Posts:
    14
    Joined:
    Feb 21, 2011
    Messages:
    35,208
    Likes Received:
    1,385
    Trophy Points:
    113
    I have to give a huge thanks to @callsign4223 for finally finding the issue that I had been missing in my project. All this time, I have been trying to not only setup every port to be in a forwarding state so everything could talk to everything, and everything had an internet connection, but I was also trying to make it where I could still ssh, telnet or even browser into the switch to configure it. The way I had it, I could do one or the other, but not both.

    I kept trying to put everything into a vlan and then assign an ip address, but then it would lock one port. I was not putting the IP on the vlan, I was putting it on a port where I wanted to have a tunnel into teh switch. But, I could either have a tunnel or I could have internet, never both. So Matt came over to 1. pick up his lights that had been here for a very long time lol and 2. look at the aquarium which I'm not too happy with right now. He wanted to look at the skimmer that I just modified lol. So while he was here I had him look at the switch since he is an IT guy.

    Remember, this is in my closet and I have a server running in there that has my cameras on it and to say it was hot in there is like saying water is wet. It was HOT. I'm guessing 90 or somewhere there close. But he kept plugging away at it, googling, which was harder than it sounds. He had to do the console, then google, then kill wifi (our only connection to the internet) and ping on the LAN, then back to google on wifi, then back to the console... He knew what he 'needed' to do, he just didn't know how to do it.

    What needed to be done is you needed to create a vlan and you needed to give that vlan an ip address. Doing it this way allows you to remote into the switch, but also allows everything connected to it to still talk to each other and have internet. Exactly what I had been trying. But I never could find what he was about to find. And that was 'vif', or virtual interface.

    What you have to do is you have to create a vlan, and then you have to put a virtual interface ON THAT VLAN!! That is what I was missing. You couldn't put an IP on the vlan, you actually had to create another 'virtual' interface to assign an ip to.

    But that is not all he did that made this work so smoothly. You see, this is a layer 3 switch which means it has routing capabilities. However, at this time, we don't want to use layer 3 capabilities. So any mention of "router" or "route" or "routing", I stayed away from. This was a mistake. But there is what is called an IP -Route. And the switch always added an ip to this IP-route of 192.168.1.0 with a subnet of /24 or 255.255.255.0 but no default gateway. so he went in and changed the IP-Route to 0.0.0.0 for the IP address, 0.0.0.0 for the subnet and 192.168.1.1 which is my routers address on the lan. That third number was the gateway, and doing it that way, brought everything up and everything was talking.

    We still couldn't talk to the switch from a remote computer though. So he typed in this little bit of code into the console...

    Code:
    FCX648SHPOE Router(config)#vlan 10
    FCX648SHPOE Router(config-vlan-10)#rou
      router-interface              Attach router interface for Layer 2 VLAN
    FCX648SHPOE Router(config-vlan-10)#router-interface ve1
    FCX648SHPOE Router(config-vlan-10)#interface ve1
    FCX648SHPOE Router(config-vif-1)#ip ad
      address              Assign IP address to this interface
    FCX648SHPOE Router(config-vif-1)#ip address 192.168.1.xxx
    Incomplete command.
    FCX648SHPOE Router(config-vif-1)#ip ad
      address              Assign IP address to this interface
    FCX648SHPOE Router(config-vif-1)#ip address
      A.B.C.D or A.B.C.D/L   IP address/Subnet mask length
      *                      delete all ip addresses (no only)
    FCX648SHPOE Router(config-vif-1)#ip address 192.168.1.xxx/24
    FCX648SHPOE Router(config-vif-1)#exit
    Of course I'm not going to reveal what my ip is of my switch lol. But the first line puts you into config mode on vlan 10, the one we created outside the default vlan. Actually I had already created this vlan, he just worked with it. From WITHIN vlan 10, he did the "rou" and then hit the question mark "?" which brings up what "rou" matches, in this case, "router-interface", something that I NEVER would have touched because it had the word "router" in it. That is layer 3 stuff. But read what is to the right of it that I always missed. "Attach router interface for Layer 2 VLAN". That was the key!!!

    So he then does "router-interface ve1". This is where he lost me. ve stands for Virtual Ethernet which for some reason I had always associated as being the same as vlan. But this is what I needed the whole time along with "router-interface". By making a ve1 or Virtual Ethernet 1, we could assign an IP address to it! It is just like the 1/1/1 physical port, but this one is is virtual. From there he did "ip ad ?" and that shows that Address was the only phrase available. We had been trying to use "ip address xxx.xxx.xxx.xxx/24" to set all of this outside a vlan/ve and it was not available. It is ONLY available inside the ve. So he tried to assign the IP, but forgot the subnet lol so he searched again and boom, he put a /24 subnet on it and it was done.

    The most awesome thing about all of this is he was doing this while also remotely working on his own servers for the place where he works. Simply amazing and I can't thank him enough for doing this. Of course he stole my tiller attachment from my weedeater, he stole my AC pump for my skimmer and he stole my cleaning attachment for an mj1200. It was worth it though lmao. So now, I can continue on and finish my setup the way I want it!
     
  15. bigone5500

    bigone5500 Well-Known Member

    Blog Posts:
    0
    Joined:
    Mar 22, 2017
    Messages:
    2,026
    Likes Received:
    66
    Trophy Points:
    58
    Location:
    Louisiana
    That's what I would have done... Sheesh..
     
  16. Tony

    Tony Administrator Staff Member

    Blog Posts:
    14
    Joined:
    Feb 21, 2011
    Messages:
    35,208
    Likes Received:
    1,385
    Trophy Points:
    113
    Right, Mr. ICanOnlyCatchACold.....
     
  17. murankar

    murankar Moderator Staff Member Armed Forces

    Blog Posts:
    9
    Joined:
    Dec 4, 2011
    Messages:
    8,722
    Likes Received:
    356
    Trophy Points:
    83
    Gender:
    Male
    Occupation:
    Soldier
    Location:
    Eastlake, Ohio
    Okay that was lengthy and I really need to say this. Since I don't have all the info that Matt has and since I am not there along with the hind sight stuff I am going to say this:

    In order to have vlans and still be able to remote admin the switch you need a maintenance clan which is typically vlan99. It can be any vlan you want but normally the admin vlan is 99. Once that's setup you can assign a port to that vlan.

    Cisco style networks are about data segregation. Your main network has to be separate from the administration for security.

    Also to communicate between vlan you need a router, this is the router on a stick topology.
     
    Last edited: Apr 7, 2019
  18. Tony

    Tony Administrator Staff Member

    Blog Posts:
    14
    Joined:
    Feb 21, 2011
    Messages:
    35,208
    Likes Received:
    1,385
    Trophy Points:
    113
    I had thought, and also talked with Matt about using the management port to SSH through (or telnet if that is something that I would want to do after getting hit in the head by a cannon ball...), and we decided to just do it through a ve within a vlan. This switch is behind two firewalls and the likelyhood of someone actually getting to it is quite slim. If for some reason they do, telnet is disabled and the only ways you can get into it is through SSH or I do have a web based page enabled, both of which have yet another password securing them. So quite honestly I'm not too worried about security on this one at this time. But I will be updating some security settings quite soon just for extra peace of mind.
     
  19. Tony

    Tony Administrator Staff Member

    Blog Posts:
    14
    Joined:
    Feb 21, 2011
    Messages:
    35,208
    Likes Received:
    1,385
    Trophy Points:
    113
    Well, had a little setback on this today. One of the two cameras is no longer turning on. It is pulling power from the switch, but the switch will not go into an UP state no matter what I do. I have tried different ports with the exact same result, so I'm pretty sure I have a bad camera. I am typing with Amazon right now and they have me jumping through all kinds of hoops for this $40 camera. I had better get a cheese reward when we are done because I feel like a mouse in a maze right now....
     
  20. Tony

    Tony Administrator Staff Member

    Blog Posts:
    14
    Joined:
    Feb 21, 2011
    Messages:
    35,208
    Likes Received:
    1,385
    Trophy Points:
    113
    Well, no cheese, but they are sending a pickup service to come pick up the camera and ship it back. Once they get it back, they will refund my money and I can get another camera. Yea, kind of a pain but since it was sold by a third party (SC3C), Amazon can't do anything more than that. But they are covering the issue, so that's a bonus. Sucks that I'm without one of my cameras though...
     
< Happy Easter Birthday BigDave! | Need Some Linux Help >

Share This Page