Might be a stupid question...but I'm good at those! Connecting to camera on different subnet/vlan

[Holbs]

My cameras and Blue Iris server are on their own subnet of 192.168.4.x
My main network & main PC is on their own subnet of 192.168.1.x
I have always used Windows remote desktop into the Blue Iris server to access the camera GUI for camera configuration changes.
I have a Ubiquiti UDM router and Ubiquiti managed switch.
For the life of me...I can not figure this out.
If I simply type in 192.168.4.x for all 19 of 20 cameras, I get connection time out. For a single camera at 192.168.4.18, I get the camera login/password GUI page.
I did try to research if firewall rules were needed. Some say yes...some say no. Something about Inter-VLAN should be allowed by default.
Inter-VLAN must work because I can see UI3 with the 192.168.4.x/port# and things work as they should.
I have to finally get around to fine tuning camera day/night schedule and images and fine tuning things away from default. Using Windows remote desktop gives horribly slow FPS. I could use Google remote desktop. I could also simply change the IP of my computer to the 192.168.4.x network.
Just would be simpler to log onto camera login/password GUI page directly from my Main PC, as I can do with that single camera at 192.168.4.18 but none of the other 19 cameras in the same vlan subnet.

 

[samplenhold]

Hate to say it, but this is why I just used two NICs in my BI server and my office desktop. No VLANs to configure, no rules to worry about.

I know that does not help you out though. Sorry.

 

[Holbs]

Hate to say it, but this is why I just used two NICs in my BI server and my office desktop. No VLANs to configure, no rules to worry about.

I started off with the i7-4770 tower case and 2 NIC cards. Maybe that is why kept thinking I needed to log into Blue Iris machine to get access into the IP cameras

 

[saltwater]

Your post piqued my interest as I've got the same type of setup and hadn't yet accessed the camera GUI from my main computer (on a different subnet). Up until now I've been using my BI computer as that's on my desk next to me; I'm still configuring things. Anyway, I have a UDM Pro and a Ubiquity 24 port switch. My BI computer and cameras are on their own subnet .30.x or vlan 30. From my main computer on subnet .1.x I was able to log into my ten cameras and in the process recorded the login details into my Roboform password manager.

Check your switch port profile for the one camera you can access against another camera you can't access.

 

[saltwater]

Your post piqued my interest as I've got the same type of setup and hadn't yet accessed the camera GUI from my main computer (on a different subnet). Up until now I've been using my BI computer as that's on my desk next to me; I'm still configuring things. Anyway, I have a UDM Pro and a Ubiquity 24 port switch. My BI computer and cameras are on their own subnet .30.x or vlan 30. From my main computer on subnet .1.x I was able to log into my ten cameras and in the process recorded the login details into my Roboform password manager.

Check your switch port profile for the one camera you can access against another camera you can't access.

Correction: I spoke too soon, I typed the above without looking at the Unifi dashboard. Check your switch Port Profile for the port of your main computer; mine is set to 'All' as opposed to the other VLANs created. I suppose that doesn't explain why you can at least access one camera but not the rest.

 

[Holbs]

Correction: I spoke too soon, I typed the above without looking at the Unifi dashboard. Check your switch Port Profile for the port of your main computer; mine is set to 'All' as opposed to the other VLANs created. I suppose that doesn't explain why you can at least access one camera but not the rest.

ah. maybe that is why only 1 camera is accessible. I forgot to change that port profile from all to camera subnet. Now to find out if changing from only camera subnet to all is a security concern.
- just check - Nope. This switch port is on port 18 with the camera subnet profile.

 

[VorlonFrog]

Change your NETMASK value from 255.255.255.0 to 255.255.0.0 on your PC/Mac.
This will allow you to see both networks.
My network-fu is pretty rusty at this point, but I think you could actually use 255.255.250.0

The reason this works is is because both network prefixes are the same 192.168.x.y values.

 

[Holbs]

Change your NETMASK value from 255.255.255.0 to 255.255.0.0 on your PC/Mac.
This will allow you to see both networks.
My network-fu is pretty rusty at this point, but I think you could actually use 255.255.250.0

The reason this works is is because both network prefixes are the same 192.168.x.y values.

I think I might of found out why. USER ERROR! The camera network configuration gateway. Because these cameras used to be on a dual-NIC card Blue Iris server setup, I changed all the gateways to point to one that doesn't exist. I think I forgot to change this one as it was the last one I purchased as a dedicated Weather Cam. Yep, changed all gateways to what they should be (192.168.4.1) and now they are accessible from different subnet.

 

[VorlonFrog]

I think I might of found out why. USER ERROR! The camera network configuration gateway. Because these cameras used to be on a dual-NIC card Blue Iris server setup, I changed all the gateways to point to one that doesn't exist. I think I forgot to change this one as it was the last one I purchased as a dedicated Weather Cam. Yep, changed all gateways to what they should be (192.168.4.1) and now they are accessible from different subnet.

Yup, invalid gateway is one of the best ways to keep a pesky internet-aware camera from accessing the web. Glad you nailed it down!!

 

[saltwater]

I think I might of found out why. USER ERROR! The camera network configuration gateway. Because these cameras used to be on a dual-NIC card Blue Iris server setup, I changed all the gateways to point to one that doesn't exist. I think I forgot to change this one as it was the last one I purchased as a dedicated Weather Cam. Yep, changed all gateways to what they should be (192.168.4.1) and now they are accessible from different subnet.

Glad you worked it out.

 

[Holbs]

I like to post my mistakes so that other newer folks may learn from my ooopsies.

 

[SyconsciousAu]

Remember to put in a rule that excludes your CCTV vlan from the internet.

Once you have the rule in place the easiest way to check is to attempt a manual firmware update check. It should time out.




Alternatively you could SSH into the camera and ping an outside address, though the current SSH password for dahua eludes me.