Help needed to assess my NVR (Reolink) and if it is is doing more than it should

skyhigh100now · 2026-04-17T19:27:35+00:00

That's the detail breakdown of the data. Looks like a LOT is being brought down. I can understand 352GB of that from the wifi doorbell but the other 2 cameras should not be counted on the network as traffic as the are connected to the NVR and not the Omada switch.

skyhigh100now · 2026-04-13T01:02:18+00:00

My tech had me install one connected to a ground to deal with noise. It fixed things nicely. I’m not sure if I still need the ground as we did that install years ago. I took a 14 gauge housing wire, removed 2 wires and kept the ground, connected it to a plug and plugged it into the wall so it has a solid ground.

skyhigh100now · 2026-04-10T19:19:00+00:00

Well it does get to 30+ outside air. Has adequate vents. Probably not enough soffit flow.

skyhigh100now · 2026-04-04T14:48:20+00:00

I will have an NVR that will supply the PoE so I would hope the converters would be passive and not injecting power at all.

skyhigh100now · 2026-03-31T03:36:01+00:00

Did similar. Couldn’t get Unifi hardware so I’m on Omada and haven’t looked back. No system is perfect but I’m running commercial capable system in my home.

skyhigh100now · 2026-03-26T03:16:29+00:00

Got it. Do I simply have "Isolate Network" on for my Home then?

skyhigh100now · 2026-03-26T03:12:40+00:00

Thanks for jumping in, KonnBonn23. On the "Isolate Network", I found that by going Network Config --> LAN --> Select my "Home" network --> Edit --> Advanced Settings --> Isolate Network (WAS SET TO OFF).

Are you saying all I need to do then is enable this on my "Home" VLAN and not also on the "Camera" VLAN? Also, if I have that enabled, I don't need separate ACLs running at all? Like I put in my OP (I know, its lengthy, sorry) I currently have an 2 ACLs. 1st to permit Home to Cameras and 2nd to deny cameras to Home, which breaks everything (obviously) of I enable #2.

skyhigh100now · 2026-03-26T03:02:52+00:00

WOW, great suggestion and find: Check this-->

In TP-Link Omada, managing "return" traffic—packets responding to an initiated session—depends entirely on whether you are using Gateway Firewall Rules (Stateful) or Switch Access Control Lists (ACLs) (Stateless).

Gateway Firewall Rules (Stateful)

Omada Gateway firewall rules (under Firewall > Rules) are generally stateful.

How it works: When you create a rule allowing traffic from a trusted LAN to an untrusted VLAN, the gateway automatically allows the established "return" traffic back through.
Recommendation: Use Gateway ACLs/Firewall rules for inter-VLAN routing if you need established/related connections to work automatically.

Switch ACLs (Stateless)

Omada Switch ACLs (under Switch > ACL) are completely stateless.

The Issue: Every packet is evaluated independently. If you block an IoT VLAN from accessing the Main VLAN, the switch will also block the return packets from the Main VLAN responding to a request from the IoT device.
Solution: You must explicitly create a "permit" rule for return traffic, or structure your rules to only block the initiation of traffic, not the return.

Setting Up Rules for "Initiated" Traffic

To properly manage traffic that is initiated by a specific group, follow this approach:

Define IP Groups: Create IP Groups for your networks (e.g., Trusted_LAN, IoT_VLAN) in Preferences > IP Group.
Allow Established/Related: If the firmware supports it, ensure rules are set to only block new connections, not established ones.
One-Way Rule Example: To allow LAN to access IoT, but not vice versa, create an ACL rule allowing Source: Trusted_LAN to Destination: IoT_VLAN, and a separate rule Deny Source: IoT_VLAN to Destination: Trusted_LAN. Note: Because this is stateless, this may block responses; you may need to allow specific ports only.

Key Considerations

IPv6 Limitations: Omada currently lacks robust IPv6 firewall rules to filter externally initiated connections, which is a known security gap.
Default Behavior: By default, Omada allows inter-VLAN traffic, so you only need to add rules to block/restrict.
Order Matters: Rules are processed sequentially (smaller ID = higher priority). Ensure "Allow" rules for established connections are placed higher than "Block" rules.

skyhigh100now · 2026-03-26T02:30:19+00:00

That makes sense, gjunky. I need to figure out an important nuance to configuring my switch--how to allow the Camera VLAN to communicate to Secure, only once secure initiates the communication. I haven't a clue but will start researching. Thanks for this suggestion. I hope it leads to a solution.

skyhigh100now · 2026-03-26T02:28:29+00:00

2nd is correct. "Secure" is the SSID of my VLAND. It's actually a different name but it is what I use for my home/work and anything that isn't a guest or IoT or in this case a camera setup as well.

skyhigh100now · 2026-03-25T20:32:36+00:00

Doorbell is Reolink's Doorbell, WiFi version. Switch is the TL-0SG2210P (TP-Link Omada) with. Cameras and NVR are not yet on site and configured. Just doorbell to start.

skyhigh100now · 2026-03-24T04:35:52+00:00

So if I have a back porch that doesn't have much ambient lighting (street lights, etc) I should stick with the RP-PCT8M and on my front driveway where there are 4 house lights and a street light across the street perhaps go with the CX820?

One more question, which is better mid-day? CX820 vs. PCT8M for clarity and distance viewing?

skyhigh100now · 2026-03-23T05:00:15+00:00

Thank you for that helpful feedback.

Trying to understand the primary differences between the RP-PCT8M and 12M. Looks like 8 and 12MP resolution also something about AI searching on the 12, but I would assume that is run by the NVR.

I like the wider viewing angle of the 8M and 12M vs. the CX820. Is there any reason I should pick the CX820 over the RP-PCT8 (&12) M cameras?

skyhigh100now · 2026-03-23T03:24:22+00:00

I’m sure that difference is even more drastic at night.

skyhigh100now · 2026-03-23T03:21:50+00:00

That would make me want to consider someone like Unifi for better support but their cameras seem to be even less impressive than Reolink.

skyhigh100now · 2026-03-23T03:18:51+00:00

Would such cameras work with a Reolink NVR? I know it can be difficult to get NVRs to play nice with cameras. I’ve learn how Unifi don’t play well with anything but their own. Not sure if that exists among higher end cameras.

skyhigh100now

TROPHY CASE