Dahua - Unifi USG VLAN

davw · Feb 15, 2021

Hi I have a Dahua NVR and 2 x IPC-HDW5231R
Just got a Unifi USG but have an unmanaged Netgear POE Switch
To improve security is it advisable to create a VLAN and stick the Dahua gear in it?
Any guides on how to do this please?
Or what is the best way to stay safe.
cheers

Ep1phany · Feb 16, 2021

davw said:
Hi I have a Dahua NVR and 2 x IPC-HDW5231R
Just got a Unifi USG but have an unmanaged Netgear POE Switch
To improve security is it advisable to create a VLAN and stick the Dahua gear in it?
Any guides on how to do this please?
Or what is the best way to stay safe.
cheers

I use a USG. My cameras are all on their own vlan / subnet so they can't see the rest of my network. I use firewall rules on the USG to drop connections from that vlan to everything else including the internet. Works fine.

With a Unifi USG you still need a managed switch to configure different vlan's and subnets to specific ports on the switch.

Just search for a vlan tutorial for the USG, or a more general tutorial about vlans. It doesn't have to be specific for Dahua.
You'll also have to review how to create firewall rules on the USG.

Hope that helps, sorry I don't have any saved tutorials to share with you.

mikeynags · Feb 16, 2021

You'll need a managed switch that supports VLANs. You can put in firewall rules on the USG to block the cameras from phoning home. If you are a fan of Unifi gear, look at the Cross Talk solutions, Lawrence Technology Systems or Wille Howe Youtube pages. They cover some extensive topics on the entire Unifi line and also things like setting up VLANs.

davw · Feb 17, 2021

thanks guys. not looking to spend on a managed switch yet.
anything i can do with what i have?

Also is putting a vpn on usg do-able?

mikeynags · Feb 17, 2021

davw said:
thanks guys. not looking to spend on a managed switch yet.
anything i can do with what i have?

Also is putting a vpn on usg do-able?

Yes - here is a link to some instructions on setting it up from Unifi

UniFi - USG/UDM: Configuring L2TP Remote Access VPN

Overview Readers will learn how to set up an L2TP VPN server on the USG and UDM models using RADIUS authentication. NOTES & REQUIREMENTS: Applicable to the latest firmware on all USG an...

help.ui.com

DLONG2 · Feb 17, 2021

davw said:
thanks guys. not looking to spend on a managed switch yet.
anything i can do with what i have?

Also is putting a vpn on usg do-able?

An 8 port 60W PoE Ubiquiti switch runs about $108. You could assign one of the eight ports as the camera VLAN.

eyeontheprize · Feb 18, 2021

DLONG2 said:
An 8 port 60W PoE Ubiquiti switch runs about $108. You could assign one of the eight ports as the camera VLAN.

could I just plug in the NVR to the one port, assign the vlan and call it a day? would I need the other Ubiquiti routers, etc?

McBud · Feb 18, 2021

eyeontheprize said:
could I just plug in the NVR to the one port, assign the vlan and call it a day? would I need the other Ubiquiti routers, etc?

I have the US-8-60W and thing runs hot. 101F on the bottom of the unit with only the power plug connected to it. I think you may need the USG to setup the switch.

STGMavrick · Feb 23, 2021

Ep1phany said:
I use a USG. My cameras are all on their own vlan / subnet so they can't see the rest of my network. I use firewall rules on the USG to drop connections from that vlan to everything else including the internet. Works fine.

With a Unifi USG you still need a managed switch to configure different vlan's and subnets to specific ports on the switch.

Just search for a vlan tutorial for the USG, or a more general tutorial about vlans. It doesn't have to be specific for Dahua.
You'll also have to review how to create firewall rules on the USG.

Hope that helps, sorry I don't have any saved tutorials to share with you.

I do the same as you. Vlan specific to all cameras + NVR. Camera firewall rules are switch port based to drop all traffic except to the USG for NTP sync. NVR port shares the same rules as the main network vlan.

davw · Feb 25, 2021

@STGMavrick - do you have a unifi managed switch to be able to do this?

Juristo · Feb 25, 2021

davw said:
thanks guys. not looking to spend on a managed switch yet.
anything i can do with what i have?

Also is putting a vpn on usg do-able?

Do you have a Raspberry Pi? You could install Pihole and blacklist the domains you see it reaching out to. That's what I'm doing until I figure out this VLAN stuff.

Ep1phany · Feb 25, 2021

davw said:
@STGMavrick - do you have a unifi managed switch to be able to do this?

You don't need a unifi switch. I use a USG and a bunch of switches which are not. You just need a switch that can be managed enough for VLAN support.

bob2701 · Feb 25, 2021

How about $29 for a managed switch??

Check out the Mini Flex.

Switch Flex Mini

A compact, five-port, Layer 2 PoE switch that can be powered with PoE or a 5V USB-C adapter*. Features: (1) GbE, PoE RJ45 input (4) GbE RJ45 ports Managed with the UniFi Network application: Version 5.12.5 and later *Only single-unit packages include the 5V, 1A USB-C power adapter.

store.ui.com

davw · Feb 26, 2021

hi i have just set up pihole
still trying to work it out

davw · Feb 26, 2021

i currently have Virgin Media Modem > USG > POE switch 1 with 2 IP cams and 1 Unifi AP connected > cable running to loft space attached to another POE switch connected to NVR and another unifi AP
where would the USW flex go?

Search

Dahua - Unifi USG VLAN

davw

Getting the hang of it

Ep1phany

n3wb

mikeynags

Known around here

davw

Getting the hang of it

mikeynags

Known around here

UniFi - USG/UDM: Configuring L2TP Remote Access VPN

DLONG2

Known around here

eyeontheprize

n3wb

McBud

n3wb

STGMavrick

Young grasshopper

davw

Getting the hang of it

Juristo

n3wb

Ep1phany

n3wb

bob2701

Getting comfortable

Switch Flex Mini

davw

Getting the hang of it

davw

Getting the hang of it