One of our remote offices has given a security contract to a company that came in and set up IP security cameras and a server in our office. They clearly didn't know anything about integration of their system into an existing network, as they completed the job without talking to anyone in our team.
Our internal network is running on 10.6.n.0/24. They set up their equipment to use 192.168.1.0/24. It's all plugged into the same network infrastructure – the same broadcast domain. Of course, all their equipment can talk to each other, so the security system works, internally at least.
If we have no requirement for external access to or from the security system, are there any issues that would necessitate proper integration with our network? Or can I safely leave the equipment set up as it is?
Best Answer
There are several reasons to separate the two:
Separating the two is easy: Make two VLAN's on all you switches, make sure all the new devices are in one VLAN and all the rest is in the other and all links between the switches have both. (If you don't have any switches that can handle VLANs, you have to use physically separate switches and then invest in some proper switches.) If you need connectivity between the two networks, have one layer 3 switch, router or firewall with interfaces in both networks and voila.
NB: Best practice is to not use VLAN 1. You can choose any VLAN number you want, so just pick any number except 1.
Added bonus: once your network grows more complex, you are already set up to separate out other things in your network, since the basis is there already.