I am not a networking expert, but I am slowly learning. Is there any way to separate the LAN of Blue Iris cameras from the rest of the office LAN? In other words, can the switch that connects to all of the cameras go into one LAN port on the BI computer, and then the port from an additional NIC on the BI computer go into the main network? I would REALLY like to separate the two for security and bandwidth reasons. We would still like to be able to access the BI computer locally via RDP, but it is not necessary to be able to access the individual cameras' configuration interfaces from the main LAN.
Can the cameras connected to BI be on their own LAN coming off of the BI computer?
- Thread starter loglobal
- Start date
rotorwash
Getting the hang of it
Re: Can the cameras connected to BI be on their own LAN coming off of the BI computer
It should. People dual-home servers all the time. If you are going to use the camera to encode the date/time into the stream, you are going to want to make sure the cameras have a way to get to an NTP server so their times are in sync. Also, you will have to hard code IP addresses into cameras instead of using DHCP.
Re: Can the cameras connected to BI be on their own LAN coming off of the BI computer
Surely you an set up windows to serve dhcp on that segment. Same with ntp I'd assume.
nayr
IPCT Contributor
Re: Can the cameras connected to BI be on their own LAN coming off of the BI computer
yeah but you avoid potential heartache by not having two dhcp servers running on the same network..
normally I am all for DHCP w/Static Maping.. but this is a case where simpler is better.. he could do something stupid like setup a gateway on his walled garden network and screw up his routes on the dual honed box.. or get cables mixed up and plug a 2nd dhcp server into his main network w/out realizing it.
back in the day before nice switches would kill rouge dhcp services automatically it was a huge pita to find and terminate rouge dhcp services heh..
yeah but you avoid potential heartache by not having two dhcp servers running on the same network..
normally I am all for DHCP w/Static Maping.. but this is a case where simpler is better.. he could do something stupid like setup a gateway on his walled garden network and screw up his routes on the dual honed box.. or get cables mixed up and plug a 2nd dhcp server into his main network w/out realizing it.
back in the day before nice switches would kill rouge dhcp services automatically it was a huge pita to find and terminate rouge dhcp services heh..
rotorwash
Getting the hang of it
Re: Can the cameras connected to BI be on their own LAN coming off of the BI computer
I was going to mention that, but thought better of it because of the reasons nayr mentioned. The DHCP server would have to be bound to the camera network. I'm much more familiar with a linux dhcp server, and don't know what options exist for windows. Maybe in this example, keep it simple is the best approach.
FrankOceanXray
Getting the hang of it
- Joined
- Aug 10, 2016
- Messages
- 224
- Reaction score
- 18
Re: Can the cameras connected to BI be on their own LAN coming off of the BI computer
By doing this walled garden approach (@nayr), there is still a method to port forward or remotely view? And if so, once that is done, is the walled garden really anymore secured or by setting up PF or remote viewing have you in effect killed off the security?
I really have no desire to have remote viewing ATM.. it may change.. but all my cameras are for exterior.. just a nice to know whats going on while I am home and record if I need to look back. I am thinking of a standalone LAN in the home just for cameras.
By doing this walled garden approach (@nayr), there is still a method to port forward or remotely view? And if so, once that is done, is the walled garden really anymore secured or by setting up PF or remote viewing have you in effect killed off the security?
I really have no desire to have remote viewing ATM.. it may change.. but all my cameras are for exterior.. just a nice to know whats going on while I am home and record if I need to look back. I am thinking of a standalone LAN in the home just for cameras.
nayr
IPCT Contributor
Re: Can the cameras connected to BI be on their own LAN coming off of the BI computer
VPN into your LAN Segment.. forwarding ports from the internet defeats the purpose entirely.
VPN into your LAN Segment.. forwarding ports from the internet defeats the purpose entirely.
Re: Can the cameras connected to BI be on their own LAN coming off of the BI computer
My internet is cable and I use their modem/router for my cameras on 192.168.44.* with static IP addresses. The cable router feeds my Sonic Wall router that serves our domain. It's on 192.168.0.* My cheap Tenvis cameras connect automatically but the more expensive Dahua IPC-H FW 4300S won't. I'm pretty sure there is some fine tuning that will make it work but haven't got there yet.
My internet is cable and I use their modem/router for my cameras on 192.168.44.* with static IP addresses. The cable router feeds my Sonic Wall router that serves our domain. It's on 192.168.0.* My cheap Tenvis cameras connect automatically but the more expensive Dahua IPC-H FW 4300S won't. I'm pretty sure there is some fine tuning that will make it work but haven't got there yet.
Re: Can the cameras connected to BI be on their own LAN coming off of the BI computer
I am just now replying because I have been trying to wrap my head around how this all works instead of asking basic questions where the answer is potentially under my nose. But I cannot seem to grasp it.
So let's say the motherboard's network port on the computer running Blue Iris is plugged into the main network. The Blue Iris computer is, for the purpose of this discussion, just another workstation on the network.
Next, a NIC is installed into the computer. I have only done this in the context of firewalls, so I am not familiar with how Windows handles a second card, but I presume it is automatically detected. And this is the port that will go to the switch that the network of cameras is connected to. But what does the setup in Windows look like and how does it work?
I am just now replying because I have been trying to wrap my head around how this all works instead of asking basic questions where the answer is potentially under my nose. But I cannot seem to grasp it.
So let's say the motherboard's network port on the computer running Blue Iris is plugged into the main network. The Blue Iris computer is, for the purpose of this discussion, just another workstation on the network.
Next, a NIC is installed into the computer. I have only done this in the context of firewalls, so I am not familiar with how Windows handles a second card, but I presume it is automatically detected. And this is the port that will go to the switch that the network of cameras is connected to. But what does the setup in Windows look like and how does it work?
Re: Can the cameras connected to BI be on their own LAN coming off of the BI computer
The computer w/BI is normally connected to network 1 (192.168.0.*)(wired NIC)(company domain). When I work on cameras, I disconnect from the wired and connect to the wireless, network 2 (192.168.44.*). After configuring cameras I disconnect from network 2 and reconnect to network 1 where I set up the camera in BI with network 2 static IP address. This works fine on the cheap Tenvis cameras but the Dahua won't show unless the wireless connection is active. I can operate with both cards connected but prefer not to.
The computer w/BI is normally connected to network 1 (192.168.0.*)(wired NIC)(company domain). When I work on cameras, I disconnect from the wired and connect to the wireless, network 2 (192.168.44.*). After configuring cameras I disconnect from network 2 and reconnect to network 1 where I set up the camera in BI with network 2 static IP address. This works fine on the cheap Tenvis cameras but the Dahua won't show unless the wireless connection is active. I can operate with both cards connected but prefer not to.
Re: Can the cameras connected to BI be on their own LAN coming off of the BI computer
After doing some reading, I think I've figured this out. Am I correct in assuming that one network card would be configured as usual (let's say it's 192.168.0.x), and the second one would manually be configured with 192.168.1.x, and so long as the third octet matches (well, one and two must match as well), I will be able to see it? In other words, when I do something on the computer under 192.168.0.x, the computer knows to use the NIC configured for such (say, when connecting to a server on 192.168.0.x), and when I plug a camera configured for, say, 192.168.1.110 into Blue Iris, it knows to use the second NIC configured for such? Note that this short thread is what I am going off of.
After doing some reading, I think I've figured this out. Am I correct in assuming that one network card would be configured as usual (let's say it's 192.168.0.x), and the second one would manually be configured with 192.168.1.x, and so long as the third octet matches (well, one and two must match as well), I will be able to see it? In other words, when I do something on the computer under 192.168.0.x, the computer knows to use the NIC configured for such (say, when connecting to a server on 192.168.0.x), and when I plug a camera configured for, say, 192.168.1.110 into Blue Iris, it knows to use the second NIC configured for such? Note that this short thread is what I am going off of.
wcrowder
Getting the hang of it
Re: Can the cameras connected to BI be on their own LAN coming off of the BI computer
The computer running Blue Iris shouldn't be used for any thing else, ie. It is a blue iris "SERVER". Learn what a vlan is, your off the shelf consumer "router" can probably do it.
Watch these first before you start learning vlan's...
1.
2.
3.
The computer running Blue Iris shouldn't be used for any thing else, ie. It is a blue iris "SERVER". Learn what a vlan is, your off the shelf consumer "router" can probably do it.
Watch these first before you start learning vlan's...
1.
2.
3.