Dahua - Unifi USG VLAN

davw

davw

Getting the hang of it
Mar 7, 2017
147
30
England
Hi I have a Dahua NVR and 2 x IPC-HDW5231R
Just got a Unifi USG but have an unmanaged Netgear POE Switch
To improve security is it advisable to create a VLAN and stick the Dahua gear in it?
Any guides on how to do this please?
Or what is the best way to stay safe.
cheers
 
davw said:
Hi I have a Dahua NVR and 2 x IPC-HDW5231R
Just got a Unifi USG but have an unmanaged Netgear POE Switch
To improve security is it advisable to create a VLAN and stick the Dahua gear in it?
Any guides on how to do this please?
Or what is the best way to stay safe.
cheers
Click to expand...

I use a USG. My cameras are all on their own vlan / subnet so they can't see the rest of my network. I use firewall rules on the USG to drop connections from that vlan to everything else including the internet. Works fine.

With a Unifi USG you still need a managed switch to configure different vlan's and subnets to specific ports on the switch.

Just search for a vlan tutorial for the USG, or a more general tutorial about vlans. It doesn't have to be specific for Dahua.
You'll also have to review how to create firewall rules on the USG.

Hope that helps, sorry I don't have any saved tutorials to share with you.
 
You'll need a managed switch that supports VLANs. You can put in firewall rules on the USG to block the cameras from phoning home. If you are a fan of Unifi gear, look at the Cross Talk solutions, Lawrence Technology Systems or Wille Howe Youtube pages. They cover some extensive topics on the entire Unifi line and also things like setting up VLANs.
 
  • Like
Reactions: keneil01
thanks guys. not looking to spend on a managed switch yet.
anything i can do with what i have?

Also is putting a vpn on usg do-able?
 
davw said:
thanks guys. not looking to spend on a managed switch yet.
anything i can do with what i have?

Also is putting a vpn on usg do-able?
Click to expand...
Yes - here is a link to some instructions on setting it up from Unifi

help.ui.com

UniFi - USG/UDM: Configuring L2TP Remote Access VPN

Overview Readers will learn how to set up an L2TP VPN server on the USG and UDM models using RADIUS authentication. NOTES & REQUIREMENTS: Applicable to the latest firmware on all USG an...
help.ui.com help.ui.com
 
  • Like
Reactions: davw
davw said:
thanks guys. not looking to spend on a managed switch yet.
anything i can do with what i have?

Also is putting a vpn on usg do-able?
Click to expand...

An 8 port 60W PoE Ubiquiti switch runs about $108. You could assign one of the eight ports as the camera VLAN.
 
eyeontheprize said:
could I just plug in the NVR to the one port, assign the vlan and call it a day? would I need the other Ubiquiti routers, etc?
Click to expand...

I have the US-8-60W and thing runs hot. 101F on the bottom of the unit with only the power plug connected to it. I think you may need the USG to setup the switch.
 
Ep1phany said:
I use a USG. My cameras are all on their own vlan / subnet so they can't see the rest of my network. I use firewall rules on the USG to drop connections from that vlan to everything else including the internet. Works fine.

With a Unifi USG you still need a managed switch to configure different vlan's and subnets to specific ports on the switch.

Just search for a vlan tutorial for the USG, or a more general tutorial about vlans. It doesn't have to be specific for Dahua.
You'll also have to review how to create firewall rules on the USG.

Hope that helps, sorry I don't have any saved tutorials to share with you.
Click to expand...

I do the same as you. Vlan specific to all cameras + NVR. Camera firewall rules are switch port based to drop all traffic except to the USG for NTP sync. NVR port shares the same rules as the main network vlan.
 
davw said:
thanks guys. not looking to spend on a managed switch yet.
anything i can do with what i have?

Also is putting a vpn on usg do-able?
Click to expand...

Do you have a Raspberry Pi? You could install Pihole and blacklist the domains you see it reaching out to. That's what I'm doing until I figure out this VLAN stuff.
 
How about $29 for a managed switch?? :rolleyes:

Check out the Mini Flex.

store.ui.com

Switch Flex Mini

A compact, five-port, Layer 2 PoE switch that can be powered with PoE or a 5V USB-C adapter*. Features: (1) GbE, PoE RJ45 input (4) GbE RJ45 ports Managed with the UniFi Network application: Version 5.12.5 and later *Only single-unit packages include the 5V, 1A USB-C power adapter.
store.ui.com store.ui.com
 
  • Like
Reactions: sebastiantombs
i currently have Virgin Media Modem > USG > POE switch 1 with 2 IP cams and 1 Unifi AP connected > cable running to loft space attached to another POE switch connected to NVR and another unifi AP
where would the USW flex go?
 
You must log in or register to reply here.
Top Bottom