Hi @NoMadMan,

 

I think the VIGI NVR's have a DHCP server option, so maybe one is active.  Try unplug both NVRs and reboot the switch to see if the issue goes away.

@D_C Good point! I'll have someone pull both recorder cables from the switch

  @D-C I unplugged both NVRs and rebooted the gateway. devices are still defaulting to 192.168.188.xxx. please see screenshots

 

Caption

 

Caption

 

  @D-C thanks for the feedback!

 

The SG2210P was reset. The device name was set back to its MAC address. But it still manages to aquire the IP 192.168.188.xxx. So it cannot be adopted. There is only VLAN1 set to 192.168.0.1/24. In fact I deleted the original one and created this one just in case. Thanks for recommending pulling the other cables and leaving the controller, gateway, and SG2210P. I will have someone so this in the morning. There is an unmanaged Omada 18-port POE+ switch down stream from the SG2210P. It is used to the distribute EAP225s to the villas spread across the propery.

 

I've booked a flight for Dec 11 before this started. So I guess it will have to wait if there is nothing I can do on remote. Option A is doable and this will be done in the morning. I've asked everyone not to do any banking transactions until the issue is resolved.

 

I suspect:

 

1. someone/staff plugged in an old router (192.168.188.1/24) thinking it's a switch and didn't tell me

2. a guest plugged in their own network gear and is trying to collect data from other guests

  @D-C 

 

Someone thought it was a good idea to plug in a 5G CPE router to the gateway thinking it was plug and play and they could use it as a 3rd ISP option. I hadn't enabled Port3/wan as wan yet so it and the gateway were running DHCP. The CPE router also has an internal battery so no matter how many gateway restarts, all APs and switch would keep the 192.168.188.0/24 IPs. I had them unplug and hide the CPE router in a locked drawer.

  @NoMadMan 

 

As long as all your devices and clients are downstream of the switch, you can prevent this in the future by enabling this option in vlan settings

 

@NoMadMan, Glad it wasn't anything malicious.  @GRL's sugguestion should help in the future.  This will not apply to your unmanaged switch, so someone could unplug an AP and plug in their own device; the scope however should be limited to down stream devices.

 

Other thoughts...

• Disable ports on managed switches that are not used.  I don't think you can disable router ports, but you could create a vlan that's not used and assign it to the port.
• Speaking of vlans, consider using them to isolate management, camera, guest, etc. network traffic.

  @NoMadMan 

 

You can disable router ports.  Manage the gateway, ports > untick "Enable" on each unused ports

 

Thank you so much for the tips and the assist @GRL & @D-C!

 

I discovered the Legal DHCP Servers option way too late while I was crossing my t's and dotting my i's making sure I didnt make a mistake. I will definately enable that option. I have disabled the unused ports on the gateway and managed switch. I will train the room cleaners to check the villa cables when they clean the villas. I'm always conserned someone can jack in whenever they want thinking they can get faster internet or "whatever".

 

Yes, I will definately apply vlans to guests, admin, POS, and cameras. As well as implimenting vouchers and train the office staff how to add and use them. 

 

Regards!