This is a good idea, but using a separate VLAN is still useful even if you have two network cards. For example, if you want to use the same network switch for other devices too. Configure the switch ports used by the cameras, and the switch port used by the second network card, to use the camera VLAN untagged and as the PVID.
Hmmmm....you'd think it'd be South Korea since that's Samsung's home base.
I'm new to this and would like to understand this better. I can see how I would want the cameras to have no access to the Internet. But if I want to access my recordings remotely through Blue Iris, that's OK, right? IOW, the cameras send the feed to BI. I don't access the cameras remotely, but can still view the feeds via BI. Is that considered safe?
Yes.
This is a good diagram.
Can you explain a little more? I'm setting up my home network and don't want to go back to way it was (just using the Blue Iris wizard to setup up remote access) I have Hik cameras, don't really want to mess with VLANs. I'm tech/pc savvy to a point, What would you recommend? 2 Network cards and how would that setup be/look like? THANKS!
This is very helpful and intersting. I'm looking to re-setup my home network and concerned about the cameras exposed to internet, not so much for someone to watch them but to gain gateway to my home network. In this scenario above, that will elimate that totally? Will also still be able to view the cameras while outside my home network via BI, which will be secure and say someone may be able to watch but never access the cameras/home network direclty?
If nothing else, use the tools in your router to block the camera IP's from accessing the internet. Every router is different, but there will be a way to block IP's on your lan from getting out to "phone home" or provide a target for some hacker.
Z-Wave and Zigbee are essentially automatically secure, as there's no way the devices can directly reach the internet. Z-Wave and Zigbee are totally separate networks. Proprietary controllers / gateways can access the internet, but the best practice for Zigbee is to use a PoE Zigbee coordinator like the SLZB-06 (SLZB-06 Zigbee Ethernet PoE LAN USB WiFi Adapter CC2652P | Zigbee2MQTT | Home Assistant | SMLIGHT | SMLIGHT Official Homepage) along with Zigbee2MQTT and something like Home Assistant. I'm less familiar with Z-Wave as most of my smart devices use Zigbee.
Check if your motherboard has two Ethernet ports - some of the higher-end ones do. If not, buy another NIC. A Gigabit NIC is around $15 (e.g. ) but these days you may as well buy a 2.5Gbps NIC since they're not much more expensive (e.g. ) and you may want to update your home network to 2.5Gbps or higher one day.
Thanks, was hoping to avoid VLANs as I’m not too familiar with them. I’ll be using Home Assistant, will I be able to integrate or use AI or Motion triggers from BI for HA? I did that years ago with Vera
Yeah, that will work fine. I'm using Blue Iris for my NVR, and have automations configured in both Home Assistant and Node-RED. Blue Iris can send MQTT events on alerts (i.e. when motion is detected), then Home Assistant and Node-RED can listen for that.
VLANs are really not complicated, but do require network switches and routers that support them. If you have inexpensive consumer grade network equipment, you might not be able to utilize VLANs even if you wanted to.
Got one more ? - Are you running Home Assistant and BI on same PC? Or using Raspberry Pi? Trying to figure out which route to go...
