Skip to content

Network Q. Connect PoE switch directly to Mac Pro?

GregoryGregory
edited September 2017 in SecuritySpy
My cameras are connected to a PoE switch (injector) which is connected to our Apple Airport router. Everything works fine.


AirPort (10.0.1.1) -- PoE Injector -- cameras (manual IPs 10.0.1.x)
AirPort (10.0.1.1) -- Mac Pro ethernet#1 (manual IP 10.0.1.x)

However, my Mac Pro has two ethernet ports. The cameras use quite a bit of bandwidth on our LAN, so I thought I'd try connecting the switch directly to the second ethernet port on my Mac, and set manual IP addresses. This way, the cameras don't affect my internet bandwidth (unless I'm accessing SecuritySpy from outside), and the cameras don't have direct access to the internet.

AirPort (10.0.1.1) -- Mac Pro ethernet#1 (manual IP 10.0.1.x)
Mac Pro ethernet#2 (manual IP 10.0.2.x) -- PoE Injector -- cameras (manual IPs 10.0.2.x)

But it's not working.

The cameras are connected to the switch. the switch is connected to my Mac Pro's second ethernet port.
I have manual IP addresses set on the cameras and my Mac Pro's second port, all in the same domain: 10.0.2.x
I have not set a router address (because there is none).

I had hoped that by setting manual IPs, I wouldn't need a router. was I wrong?
Would a cross-over cable between my Mac Pro and the switch solve the problem?

Would the OS X VLAN function (Network/Manage virtual interfaces) be able to help me in any way?

cheers,
Gregory

Comments

  • guykuoguykuo
    edited September 2017
    Your physical connection is correct for isolated, dual networks. You don't need a router or crossover cable. In fact, I don't think you should even set a default gateway address on EN2. This looks like a routing issue. The MacPro, by default, preferentially accesses network devices only via the highest service order interface that is active.

    I would first verify the service order has EN1 listed first. That will let the Mac by default access the gateway and WAN without special intervention.

    Then, add a manual route directing camera network traffic on 10.0.2.x through EN2 with something like...

    sudo route add -net 10.0.2.0 -netmask 255.255.255.0 -interface en2

    That route will only work until reboot, of course.
  • GregoryGregory
    it is indeed all working. after your comment, I went back and tried again.

    I *then* remembered that I had turned on a security feature of the cameras. they could only receive communications from 10.0.1.2 but my Mac Pro was now 10.0.2.2 on the second LAN. ouch!

    I had to reset all of the cameras, and re-configure them again, but it's all working now with the cameras connected to the PoE Injector which is connected directly to my Mac Pro with a normal 'patch' cable.

    cheers all.
  • guykuoguykuo
    edited September 2017
    Were you able to get that working without defining an explicit route for en2? I didn't know MacOS would be smart enough to do that.

    I think the only thing you are now missing is enabling your MacPro to serve as the NTP for your cameras. I found some info at... https://theredblacktree.wordpress.com/2015/01/19/make-your-mac-osx-serve-as-a-ntp-time-server/

    Once that is done, the cameras can then be set to sync their clocks with the MacPro and be fully functional despite being totally isolated from the WAN. No more risk of someone hacking your LAN via your camera connections, but maintains synced clocks.
  • GregoryGregory
    yep. no need to defining routing. a level-9 person on Apple's discussion board wrote:
    The rule of thumb for Routing packets is:
     
    Packets destined for addresses on the any of the current Subnets (one for each working Network Interface) will be sent directly from your computer to their destination. They may pass through a switch to get there, but they are not Routed. (with the combination Router/Switch, which most Routers are today, this is not at all obvious.)
     
    Packets that are NOT on any current Subnet are sent over the TopMost working interface listed in system preference > Networks to be Routed onto the Internet.
     
    So for using a device that you do NOT want to be visible on your Internal network, providing an address on the second Ethernet port that is outside the main Subnet keeps it private to your computer.
    the ntp would be nice. I'll try to set that up. thank you.
  • guykuoguykuo
    Thanks. That is good info regarding the sub-nets automatically getting handled for each NIC.
  • GregoryGregory
    I gave away my Mac Pro 2008, and bought an iMac 27" 2017. the iMac only has one ethernet port, but I still want to keep the cameras away from the internet, and keep their traffic off our main LAN, so I bought a USB -> USB3 + Gigabit Ethernet adapter. so the topology now is:

    iMac -> built-in Ethernet -> Airport router -> internet (10.0.1.x)
    iMac -> USB/Ethernet adapter -> PoE Injector -> 3 cameras (10.0.2.x)

    works flawlessly :)
  • guykuoguykuo
    Great idea.

    I had read about doing that using ethernet & wifi as the 2nd network interface, but using the USB to ethernet dongle got you two hardwired connections.
Sign In or Register to comment.

© Vanilla Keystone Theme 2024