Menu
What's new

Setting up VPN/VLAN and Dual NIC

M

MTL4

Pulling my weight
Joined
Mar 8, 2019
Messages
155
Reaction score
112
Location
Canada
tech_junkie said:
Its not really a loop because the camera network is a separate static network. Its not like the BI machine has its interfaces bridged.
The two common ways is using a bridging router or use managed switches at both ends with the ports divided into two vlans and a cable patched across. Either way Mac filtering should be used, but of course if someone physically gets a hold of the switch at the gate they can figure out how to clone the mac address of the myQ and gain access. That is why securing the switch at the gate is more important than mac filtering.

I also want to point out since the camera on the camera network is statically address, so its not going to know the gateway address and if it did, it couldn't communicate because its on a 256 ip address subnet.
Click to expand...
Yes exactly, there was no loops in the design I laid out on purpose so that it would all play nicely according to STP. According to the OP there is a very low probability of someone plugging into any of these ports at the pole (although the switch should still be physically secured). It seems far more important to secure everything against vandalism than a hacking attempt. The idea for the camera network is to deliberately keep it isolated behind the BI PC yet allow the internet data VLAN for MyQ to pass through the network on its way to the pole.
 
Last edited:
T

tech_junkie

Getting comfortable
Joined
Sep 2, 2022
Messages
530
Reaction score
478
Location
South Dakota
MTL4 said:
Yes exactly, there was no loops in the design I laid out on purpose so that it would all play nicely according to STP. According to the OP there is a very low probability of someone plugging into any of these ports at the pole (although the switch should still be physically secured). It seems far more important to secure everything against vandalism than a hacking attempt. The idea for the camera network is to deliberately keep it isolated behind the BI PC yet allow the internet data VLAN for MyQ to pass through the network on its way to the pole.
Click to expand...
Like I said both methods are valid. The difference is one is by vlan and the other is by a bridge router.
Since they want to know how to set it up without configuring any VLANs I showed them those examples.
 
You must log in or register to reply here.
Top