Cameras which support vlan tagging ?

Putto

n3wb
Joined
Oct 3, 2019
Messages
4
Reaction score
1
Location
Fiji
Hi,

Just wondering why hardly any camera vendors support vlan tagging. Does any body know brands that do ? I am curious as to why the camera vendors don't implement this.

Any comments feedback would be greatly appreciated. Thanks
 

DarkYendor

n3wb
Joined
Oct 17, 2019
Messages
5
Reaction score
5
Location
Australia
In network design, you don’t tag on end devices, you tag on edge switches.

Even if you tag on the camera, you still need to tag on the switch, so there’s not much benefit.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Ideally on network design the end device must authenticate itself before being allowed to communicate, otherwise just any old device could be plugged in to do what it likes.
 

The_E

Young grasshopper
Joined
Jan 28, 2018
Messages
46
Reaction score
19
Location
Canada
Ideally on network design the end device must authenticate itself before being allowed to communicate, otherwise just any old device could be plugged in to do what it likes.
Like DarkYendor said, it's typically network design and not the end devices that matter most. What method of authentication would one use on a Security Camera / IoT device or similar? If you had concerns that a bad actor could walk up and plug in something harmful, I'd suggest locking down your network using a layered approach.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
What method of authentication would one use on a Security Camera / IoT device or similar?
802.1x authentication using a Radius server is very common, and well supported.

If you had concerns that a bad actor could walk up and plug in something harmful, I'd suggest locking down your network using a layered approach.
Exactly, hence the need for strong authentication of the end device.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
@Putto I would prefer to employ my security settings on the internal side of the network than "trusting" the device enforces its own vlan. Imagine your cam (or any other IOT device) changes to vlan 1 (eg your network management vlan), and does crazy stuff. Same applies when an old/untrusted device (cfr post @alastairstevenson) hops into that slot. You enforce one specific vlan on your managed switch, whatever is put behind it, falls into that vlan. And you label that vlan "untrusted".
 

The_E

Young grasshopper
Joined
Jan 28, 2018
Messages
46
Reaction score
19
Location
Canada
802.1x authentication using a Radius server is very common, and well supported.
Agreed, sure... but 802.1X is a bit complex for this type of device and end user. I'm all for making our camera networks more secure, but that comes from a solid network behind them.

Lets have the manufacturers bring forth regular, secure firmware updates and eliminate buggy, insecure plug-ins first. I'm not as worried about someone disassembling my security camera to physically jack-in to the network. They could hack the WiFi faster, easier and more covertly.
 

Putto

n3wb
Joined
Oct 3, 2019
Messages
4
Reaction score
1
Location
Fiji
Thanks for your input everyone! Appreciate the reply's sorry for the delayed response! I found mobotix supports this now with their latest firmware :) mobotix.JPG
 

reflection

Getting comfortable
Joined
Jan 28, 2020
Messages
348
Reaction score
261
Location
Virginia
Cool. It's always nice to have the option of vlan tags on end devices. My desktop dual boots (ESXi and Win10) and is connected as a trunk to my switch. It would suck to have to change from access to trunk port on my switch everything I change my boot.
 
Top