Multiple PTP Wireless Bridges for IP Cameras

Those 5 GHz TP-Link bridges will probably work fine for your use-case. I would avoid 2.4 GHz because the available channel space is small and its an even noisier band than 5 GHz. Interference between the B and C bridges is a possibility, but that can be mitigated by simply having them on different channels.

Frankly, given how noisy 5 GHz is, I tend to avoid it as much as possible. My go-to for short to medium range PtP is the 60 GHz band. Wave Picos would work perfectly for your use use case, though obviously the throughput is way more than you need (though it also allows you to use the connection for other things, such as your use case of also handling LAN traffic). I can understand if you don't want to spend ~$350 per link though.

As long as the PtP link is running as a transparent bridge, it's no different in practice than having the two sides connected by a wire and will pass whatever VLANs or other means you're using to separate your traffic and will therefore have no issue handling multiple networks.

Do you have full roof access? And are you able to even get at least a Cat5 POE up on the roof of each building for power?

I would think them being that close that you might not need PTP. Outside air line of sight good old Wifi in Mesh would work at those distances.

The purple dots are where a Wifi Mesh node will be such as https://www.tp-link.com/us/business-networking/omada-wifi-outdoor/eap625-outdoor-hd/

And camera wise might want dual camera. If you got everyone on board. One to be able to "read" and the other to "catch". Being the ones you propose are good enough to Read and identify. And the Orange Arcs i drew in are to "Catch". They aren't good enough to read i assume. But they'll catch the action and intent. For the orange ones like this one. Maybe https://reolink.com/product/reolink-duo-wifi/ some of these. You can even Battery/Solar them if needs be off the shelf. I'd dogfood the 180 camera on your own building along with the other camera. That'll sell the proposal more then saying why are they going to spend an extra $400 to get something like that installed.

If i were you i'd put this all "Off network" As make it's own network. And it bridges all through your internet connection. And if they want to see all the cameras. You give them access to the Blue Iris server via port holes.

And don't discount the pink area as being the not being exploitable. No idea how big or heavy stuff that is being stolen.

I would generally expect criminals to show up with no license plate, or stolen/covered license plate so you may not get the benefit you want from the cameras but if the value of your stuff is high enough, it might be worth it.

It might be worth just trying some omnidirectional outdoor access points if you can put a couple on your building in the middle with cat5e cabling back to your central location. I would bet they will give good enough coverage for wifi cameras to get their video back to the server as long as they are installed with more or less line of sight to the cameras. You might not need to worry about putting wifi equiment on all the buildings, just 2 or maybe 3 APs on the central building in the right spots. If it is a big enough building, you might need fiber uplinks to a small switch with an SFP+ port (might as well get 10 gigabit if you are going fiber) and a couple of POE+ ports for the APs and a camera wired into the switch for security in the area of the switch.

Then POE injectors for the wifi cameras and they should be able to get the connection to the AP nearest each one.

stevenkan said:

Ah, now I remember one reason why I didn't buy a pair of these to try out. They're passive POE only. Yes, they come bundled with a POE injector, but I'm going to have a managed POE switch there anyway, for the cameras, so it just seems a bit messy to also have a POE injector.

I've searched, and it seems like nearly all PTP bridge products are passive POE. Anyone know why that is?

Click to expand...

Could be many reasons:

1) Passive PoE is cheap, simple, reliable, and works just fine for the use case
2) Many outdoor radios also probably needed more wattage than active PoE could provide before PoE+ and PoE++ became a thing
3) Outdoor radios were often attached to infrastructure that had 12V, 24V, or 48V systems already in place, so being able to simply inject that onto the cabling without needing any active electronics was seen as an advantage

Just spit-balling, I work with these kinds of radios a lot and they are almost all passive PoE but that doesn't necessarily mean I have special insight into why manufacturers persist in the use of passive PoE for these products. I'm quite used to having injectors all over the place in my closets, you get used to it.

stevenkan said:

Ah, now I remember one reason why I didn't buy a pair of these to try out. They're passive POE only. Yes, they come bundled with a POE injector, but I'm going to have a managed POE switch there anyway, for the cameras, so it just seems a bit messy to also have a POE injector.

I've searched, and it seems like nearly all PTP bridge products are passive POE. Anyone know why that is?

Click to expand...

Do you already have the switches already? Some of them can probably be configured to provide 24V passive PoE, but I don't know if it's worth seeking out specifically.
Or you can use the TP-Link EAP211 kit and connect the cameras off of the wireless point directly. You'd need to power them separately I think but it still brings you down to simple 12V DC outputs.

Do you have roof access (like this guy in the Apple Maps image)? If you could get access to the SW corner of your building it would cut out one hop.
I'm an Omada user, so I'd put a EAP-610 Outdoor on that SW corner if I could. Call that Spot D.
I would have a TL-SG2210P as my core switch. Or SG2210MP if I need more PoE power.
1 port to BI server. You can hook up an OC200 in-line to this as well if you don't want to run the Omada Controller on a VM.
1 port with outdoor ethernet to a TL-SG2005P to Point C. That switch can take PoE in and deliver it out on the remaining 4 ports to the cameras there. So you don't even need an interior connection/power source there.
-- Alternate option, run outdoor fiber to that point and use a media converter+local switch or TL-SG2210P at that spot to power your cameras. But that's extra hardware to handle something we already solved.
1 port to the EAP-610 Outdoor at Spot D
4-5 ports for your local cameras on the balcony.
1-2 SFP ports to go back to your home network.

Then a EAP211 on each side of link A pointed at the EAP-610. (So A->D and B->D). They can be controlled with the Omada software so they don't have to be configured separately.

To solve the use case of the business network connection across Link A separate from the camera network, I'd configure 1 client port on each of the EAP211s with a specific VLAN and not configure connectivity between that VLAN and any other port on your Omada network. I think that will give you the isolation you need. I think that works.
Or maybe it's better to just get a separate P2P kit and hook those up directly to the owner's network and keep it completely separate from the camera infrastructure, and you can just contribute the skill of installing them.

stevenkan said:

so it just seems a bit messy to also have a POE injector

Click to expand...

There are also PoE to 24V adapters available. But yeah ^ switches with 24/48V option are preferredkell, from Mikrotik and Unifi for example.

For a small network like this one, I would have thought that a cloud-based setup such as Meraki GO or Aruba ION would make sense. Being able to see the configuration and status of all of your switches in a single "pane" really, really helps with setup and troubleshooting. The other advantage is that if they get reset for some reason, they will re-load their proper configuration from the cloud. Both product lines are the lower-end products from companies that make enterprise-level gear so they are very solid.
I've found Netgear switches to be glitchy with PoE (they have problems negotiating PoE+ aka 802.11at withj some devices), and they generally have a really opaque and awkward UI for setting up things like VLANs or viewing VLAN assignments.
We've had tons of hardware failures with TP-Link when we tried them out a few years back. They may or may not be better now, but they are probably the cheapest device manufacturer for a reason.
Whatever you do, though, I strongly suggest choosing one single product line and sticking with it. You then have a single vendor to check for firmware updates, you have a single consistent thought process and CLI/GUI for configuring things, and and a single consistent set of quirks with how they work. Mixing vendors in an attempt to value-engineer a network leads to a lot of hair pulling and frustration later down the road, especially if you don't have a 100% solid network engineer who has the tools and skills to troubleshoot things down the road.

Regarding the Nanostation AC my understanding is that Ubiquiti wants the AirMax AC product line to go away in favor of the LTU product line-up. The LTU stuff looks to be a mostly clean-sheet design that removes the legacy compatibility with Airmax.

At least that's my understanding, happy to hear any other perspectives.

I do like the UISP management in general. It's pretty solid and has features that punch way outside it's weight class like netflow collection.