I am a little rusty at this as I haven't monkied with my BI system since I got it up and running a while back. But, if I understand you correctly, hook your Tapo to your regular house wireless. Access your Tapo over your household lan. Find where you can change the Tapo IP. Now put in the IP you want your Tapo to be on your second nic. Save. You will loose your Tapo over your household lan. Reboot Tapo. Should show up on BI. I am assuming you have some sort of wireless ap hooked to your BI network. I utilized an old router I had sitting around. Someone please correct me if I messed up my explanation... haven't done this in a couple of years.
I am using my Tapo cameras fine, but the issue I have is when trying to use the dual NIC option. The instructions say to manually give them an IP, but you can't do that with these cameras. These are not like Amcrest or Dahuas that have a gui were you can change their IPs.
Instead of using a dedicated AP. (such as: Amazon.com : Computer Networking Wireless Access Points). Use the wireless functions of a router. The router will assign the ip address to your camera. Or, depending on the router, you can assign a static ip to the camera in the router settings. Again, those who are more familiar, please correct me if I am wrong here.
As an Amazon Associate IPCamTalk earns from qualifying purchases.
Broachoski
Getting comfortable
If you added a NIC for the cameras, BI can still access cameras on either NIC. The one with internet access just will not be as secure.
I do have an Asus RT-AC68U router and I can set it to be an AP or Wireless router.. but since the instruction said AP, I was confused because in Access Point, the router does not assign an IP automatically.
I will try the 2nd router again using the Wireless Router Mode
As an Amazon Associate IPCamTalk earns from qualifying purchases.
I always disable internet access to all my cameras via the router. So no cameras ever see the outside of my LAN.
Now.. one quick caveat... on my BL machine, I do not have a 2nd NIC per say..but I can use the Ethernet Port as the 2nd NIC and use a Wireless adapter to have interment access. that seemed to work the first time I tried but I was just not seeing the wireless cameras.
I have a weird setup as my main modem and router are on one side of the house and the BL machine and main PCs are on the other side of the house... take a look at this...
This is my setup.. hope it makes sense...the side of the house were the main Modem and Router are I also have a POE switch for my 5MP cameras. Then I ran an Ethernet cable to the outside of the house all the way to the other side as shown below.
Can I use that Ethernet cable that’s providing internet to the Blue Iris machine and the other PCs on the other side, to use it for the 2nd NIC setup?
I am saying that because the BI machine and the other PCs on the other side of the house can have Internet via wifi from the main router so they don't HAVE to use that Ethernet cable.
So I was thinking of connecting the 2nd Router to that POE switch (in Area 1)using that Ethernet cable and connect it to the BI machine’s Ethernet port since it will be using a wireless adapter for Internet Access anyway.…would that work?
I have a weird setup as my main modem and router are on one side of the house and the BL machine and main PCs are on the other side of the house... take a look at this...
This is my setup.. hope it makes sense...the side of the house were the main Modem and Router are I also have a POE switch for my 5MP cameras. Then I ran an Ethernet cable to the outside of the house all the way to the other side as shown below.
Can I use that Ethernet cable that’s providing internet to the Blue Iris machine and the other PCs on the other side, to use it for the 2nd NIC setup?
I am saying that because the BI machine and the other PCs on the other side of the house can have Internet via wifi from the main router so they don't HAVE to use that Ethernet cable.
So I was thinking of connecting the 2nd Router to that POE switch (in Area 1)using that Ethernet cable and connect it to the BI machine’s Ethernet port since it will be using a wireless adapter for Internet Access anyway.…would that work?
Now.. one quick caveat... on my BL machine, I do not have a 2nd NIC per say..but I can use the Ethernet Port as the 2nd NIC and use a Wireless adapter to have interment access. that seemed to work the first time I tried but I was just not seeing the wireless cameras.
I have a weird setup as my main modem and router are on one side of the house and the BL machine and main PCs are on the other side of the house... take a look at this...
This is my setup.. hope it makes sense...the side of the house were the main Modem and Router are I also have a POE switch for my 5MP cameras. Then I ran an Ethernet cable to the outside of the house all the way to the other side as shown below.
Can I use that Ethernet cable that’s providing internet to the Blue Iris machine and the other PCs on the other side, to use it for the 2nd NIC setup?
I am saying that because the BI machine and the other PCs on the other side of the house can have Internet via wifi from the main router so they don't HAVE to use that Ethernet cable.
So I was thinking of connecting the 2nd Router to that POE switch (in Area 1)using that Ethernet cable and connect it to the BI machine’s Ethernet port since it will be using a wireless adapter for Internet Access anyway.…would that work?
Now you have me looking at how my network is set up. Let me put on my thinking cap. BTW, I use ZeroTier for remote access
if you install a 2nd nic in bi machine it needs cable back to the poe switch , if you go this way. this 2nd nic will not have access to the internet. fyi...I am not familiar with openvpn, as far as how to use it.
From this graphic courtesy of @samplenhold, you will notice the cameras are on one IP subnet (192.168.2.xxx) while everything else is on IP subnet 192.168.1.xxx subnet.
Your BI WiFi card is the equivalent of NIC#1 below (sans the Ethernet cable)
Your 2nd BI NIC will connect to the PoE switch hosting your camera connections (much like the image below)
Success! - After fiddling around, I was able to get it to work using the the wifi/Ethernet combo! So the Ethernet cable is connected from the 2nd Router to the Ethernet Port on the Blue Iris machine and I am using a wireless adapter for internet access instead of a 2nd NIC (which I guess would be a 2nd NIC)!
Although I did notice that I was only able to view the cameras on the Blue Iris app if used a 5ghz wifi adapter. If I used a 2.4ghz I wasn't able to view the app...even if I changed the IP on the server tab.. took me a while to realize that only using the 5ghz connection would work.
Although I did notice that I was only able to view the cameras on the Blue Iris app if used a 5ghz wifi adapter. If I used a 2.4ghz I wasn't able to view the app...even if I changed the IP on the server tab.. took me a while to realize that only using the 5ghz connection would work.
Since all my cameras have internet access disabled anyway. what is the main purpose of having this setup?...just curious.
Just because you have internet access disabled for the cameras doesn't mean that the backdoor exploits are stopped if the cameras are still able to "touch" the internet.
It is just good practice to not have the cameras pass thru the router to get to BI. Routers are notorious for not being able to handle the constant data demands of these cameras - unlike Netflix, these cameras do not buffer. My cams are 350Mbps data demands, so even thru a gigabit router, over a third of its capacity is gone if I had them run thru the router.
So the dual NIC completely isolates the cameras from the internet - they can't talk to the internet and a backdoor exploit cannot happen either.
Now I have to figure out how to control my IOT devices like light switches if I connect them to the 2nd Router while being connected to my main wifi.
Keep in mind that the downstream router has full access to the main router. That doesn't isolate anything on the 2nd router from being able to access the main router.
The ideal situation is to have a VLAN switch with the wifi router connected to one of the ports. But that can get complicated.
Another solution, albeit not as "programmable" is to put all IOT devices on the guest wifi of the main router.
Yeah, this Asus RT-86U (Main Router) I have..because I also have Pihole setup... if I disable Intranet access on the guest network. it blocks devices from connecting to the network. (this is an issue with Pihole). If I can't disable Intranet on the Guest Network, then there is no difference between the Guest Network and the Main Wifi Network because all devices connected to the Guest Network will be able to see all devices including access to the GUI...which is why blocking Access to Intranet was effective in the past, but not anymore as it breaks the connection due to Pihole. I need to think of a solution for this. So far the folks from Pihole have not been able to figure out why this is the case.