Cable Modem/Router/Switch

The security system had been running for a number of months and was performing well. I was about to go on holiday and was looking forward to testing the system remotely. As I went around the house to turn off some of the appliances that did not need to be running while I was away, it became apparent that I had a small design flaw with the system.

To access the system while on holiday, it would obviously require an internet connection. The problem was that the cable modem, that provides the house’s internet was located on the other side of the house, many switches downstream. To maintain the internet connection I would have to leave all of these switches powered on while on holiday.

I decided that the best solution was to move the cable modem into the box with the security system itself. This way the security system doesn’t need to rely on any hardware in the house to provide its link to the internet.

A Few Problems With The Idea

My first problem was that I would have to obtain coaxial cable, connectors and a crimping tool. This didn’t prove to be much of a problem as I could get all three of those at Jaycar.

Secondly, I didn’t want to change the house’s current  coaxial wiring put in by Optus, mainly for two reasons. I was not sure if they would take kindly to me tampering with their wiring and secondly I didn’t want them to know the location of my security box should I ever have problem with the cable modem. The solution was to create an ‘extension lead’ of coaxial cable which I could connect to the existing outlet in the house and run to my box. This would allow me to put the cable modem back in the original location should there ever be a problem.

Another problem was running the bulky and unbendable coaxial cable through the walls and floor. While this took a long time it was ultimately achievable.

Finally, the cable modem itself does not perform any routing or NAT functions. Up until now I had been using my wireless access point to perform the routing and NAT, however, there was no point putting the access point into the security box as it is located no where near the main living areas of the house. My solution was to get a dedicated router and place it into the security box as well.

Implementation

The running of the coaxial cable itself did not prove to be too difficult, apart from feeding it up some of the walls.

Installing the Router

I purchased a router with two LAN interfaces. This allowed me to connect one interface to the main network and another interface to the security system network. The router would act as the default gateway to both networks as well as providing NAT and DHCP.

Once the router was installed I encountered the first major problem. As the router was directly connected to both the main network and the security system network, it would route traffic between them. This created a security vulnerability as I did not want anyone from the main network to be able to access the cameras, only the web server. The solution was to use contiguous IP addressing for all of the cameras and then write one access control list for the router to block access to this IP range. The web server was given an IP address out of the blocked range allowing it to still be accessed.

Installing a Switch

After the router was installed, I was now feeding both the main network and the security network from the box. This involved several small switches which was making the box very untidy.

My solution was to get a managed switch to switch the whole network and use VLANs to seperate the two networks. I ended up with a 24 port switch which I split down the middle. The first 12 ports were assigned to the first VLAN and connected devices from the main network. The next 12 were in a different VLAN and connected to the security system devices.

Unfortunately as this switch was an afterthought I didn’t get a router that supported router on a stick interVLAN routing. All this meant was that I needed two connection between the switch and the router; one for each VLAN.

All of the new devices installed. The exact models have been obscured for security.
All of the new devices installed. The exact models have been obscured for security.