Dual NIC setup on your Blue Iris Machine

I am iut of town and get home tomorrow and will try this. Currently vlan2 is only 1 port. I will add a 2nd and try this. Hopefully it works.
Thank you

Keep in mind that the vlans on your switch are local in your situation. So it's just like you have two PoE switches. You are not doing anything fancy. You can think of vlan2 as switch2 and vlan3 as switch3.

You will have to re-IP your BI nic1 to be on the 192.168.1.x network along with your r7800 router. 192.168.42.x goes away. 192.168.1.x lives in VLAN2 (or think of it was switch2). 192.168.36.x lives on VLAN3 (or think of this as switch3).
 
Keep in mind that the vlans on your switch are local in your situation. So it's just like you have two PoE switches. You are not doing anything fancy. You can think of vlan2 as switch2 and vlan3 as switch3.

You will have to re-IP your BI nic1 to be on the 192.168.1.x network along with your r7800 router. 192.168.42.x goes away. 192.168.1.x lives in VLAN2 (or think of it was switch2). 192.168.36.x lives on VLAN3 (or think of this as switch3).
This makes sense. (I'm a newbie but trying to learn). Thank you. I will try this when I get home
 
These problems are exactly why I went with physical isolation rather than virtual isolation.
 
This makes sense. (I'm a newbie but trying to learn). Thank you. I will try this when I get home

No worries. Easiest way to think about it is that each vlan is its own switch. Instead of buying two switches, you have one switch that acts like two.

To make it easy, configure your switch once and forget about it. Let's say you have a 24-port switch. Configure ports 1-8 in one vlan and ports 9-24 in another vlan. Now you have "two" switches (an 8-port and a 16-port switch). Everything that you plug into port 1-8 will be able to talk to each other. Similarly ports 9-24 will talk to each other. This will keep things simple.
 
No worries. Easiest way to think about it is that each vlan is its own switch. Instead of buying two switches, you have one switch that acts like two.

To make it easy, configure your switch once and forget about it. Let's say you have a 24-port switch. Configure ports 1-8 in one vlan and ports 9-24 in another vlan. Now you have "two" switches (an 8-port and a 16-port switch). Everything that you plug into port 1-8 will be able to talk to each other. Similarly ports 9-24 will talk to each other. This will keep things simple.
Hmm, didn't work. I think it is how my vlans are configured (someone walked me through. I'm trying to figure
No worries. Easiest way to think about it is that each vlan is its own switch. Instead of buying two switches, you have one switch that acts like two.

To make it easy, configure your switch once and forget about it. Let's say you have a 24-port switch. Configure ports 1-8 in one vlan and ports 9-24 in another vlan. Now you have "two" switches (an 8-port and a 16-port switch). Everything that you plug into port 1-8 will be able to talk to each other. Similarly ports 9-24 will talk to each other. This will keep things simple.
hmmm... well didn't work. I believe it has something to do with how my vlans are configured. I didn't set them up, I am trying to figure out how to change it.
vlan3 (192.168.36.x) has an access list, denying all but vlan2.
vlan2 (192.168.42.x) plugged into nic 2.
vlan1 (192.168.1.x) is same as standard network with my router. plugged into nic 1.

I tried plugging nic 2 into vlan3 (changed the nic2 ip to 192.168.36.36 to fit into the proper subnet). could not view cameras. (I found this odd)
as long as nic2 is plugged into vlan2, cameras work great. until I enable nic1 (plugged into vlan1). then after sometime, cameras turn off until I disable nic1.
It is not instant that the cameras stop working, so while both nics enabled, I turned off the wifi on my phone and tried to view my cameras though app, it couldn't connect. so there is another aspect that I am not grasping here either.
to clarify, I typically have nic1 disabled so the cameras run fine. I can view the cameras through the app if I am connected to my wifi (192.168.1.x) which is set as vlan1 on the switch. but not if I am away from home. with nic1 disabled, and nic2 plugged into vlan2, this tells me the vlans must be working to some degree, if I can view them on wifi via my phone...
 
Here's a drawing for you. The top picture is with one physical switch and two vlans to create two logical switches. The bottom picture is with two physical switches. Looks very similar once you get over the blue rectangle representing the physical switch, right?

Functionally the same. In your case, vlan3 would be vlanA below. The vlan id doesn't matter, what matters is that all your cameras are in the same vlan as nic2.

Make sure you reboot after you change your IP so that BI will restart the session with your cameras (using the new IP).

1610417657618.png
 
  • Like
Reactions: sebastiantombs
Here's a drawing for you. The top picture is with one physical switch and two vlans to create two logical switches. The bottom picture is with two physical switches. Looks very similar once you get over the blue rectangle representing the physical switch, right?

Functionally the same. In your case, vlan3 would be vlanA below. The vlan id doesn't matter, what matters is that all your cameras are in the same vlan as nic2.

Make sure you reboot after you change your IP so that BI will restart the session with your cameras (using the new IP).

View attachment 79446
I will try it again and reboot the pc after plugging nic2 into vlan3. If that works, I can just ignore my vlan2, using 1 and 3. My concern in my situation is the acces list for vlan3. I tried removing this list but all of the cli commands I found online weren't working for me. Thank you for your continued assistance. I appreciate it
 
  • Like
Reactions: sebastiantombs
I will try it again and reboot the pc after plugging nic2 into vlan3. If that works, I can just ignore my vlan2, using 1 and 3. My concern in my situation is the acces list for vlan3. I tried removing this list but all of the cli commands I found online weren't working for me. Thank you for your continued assistance. I appreciate it
so I just tried plugging nic2 into vlan3. set nic2 to ip 192.168.36.34 to mach the vlan3 ip range. i left the default gateway to 192.168.42.254. rebooted pc. cams not working.
I changed default gateway to 192.168.1.1 (router), reboot pc. cams not working.
deleted default gateway and left blank. rebooted pc. cams not working...
here is the "access list" attached to vlan3 (cameras) that I am concerned is the issue:
ip access-list extended "cams"
  • 10 permit ip 192.168.36.0 0.0.0.255 192.168.42.254 0.0.0.255
  • 20 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
 
so I just tried plugging nic2 into vlan3. set nic2 to ip 192.168.36.34 to mach the vlan3 ip range. i left the default gateway to 192.168.42.254. rebooted pc. cams not working.
I changed default gateway to 192.168.1.1 (router), reboot pc. cams not working.
deleted default gateway and left blank. rebooted pc. cams not working...
here is the "access list" attached to vlan3 (cameras) that I am concerned is the issue:
ip access-list extended "cams"
  • 10 permit ip 192.168.36.0 0.0.0.255 192.168.42.254 0.0.0.255
  • 20 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
Where and which direction is your access applied? Try to remove your access list (try appending a "no" to the front of the line).
Try unplugging nic1. Make sure nic2 is connected to the same vlan as the cameras. In other words, make it as if you have a single switch with a single nic and see if you can get to the cameras.
 
Last edited:
I've been slowly improving my network and skills. I run Blue Iris on my media server that is on my main LAN, all cameras are on a dead VLAN already but have been thinking about adding a second NIC to my media server for BI.

Would it make sense to add a second NIC and bind it to the camera VLAN? So that if I was to access UI3 it wouldn't be an IP of my main LAN and if so would that conflict with BI being able to ge sunrise/sunset schedule and updates?

I'll eventually repurpose my main PC as a dedicated BI system when I decide to upgrade in a few years.
 
I've been slowly improving my network and skills. I run Blue Iris on my media server that is on my main LAN, all cameras are on a dead VLAN already but have been thinking about adding a second NIC to my media server for BI.

Would it make sense to add a second NIC and bind it to the camera VLAN? So that if I was to access UI3 it wouldn't be an IP of my main LAN and if so would that conflict with BI being able to ge sunrise/sunset schedule and updates?

I'll eventually repurpose my main PC as a dedicated BI system when I decide to upgrade in a few years.
I would think you want to bind the UI3 webserver to the IP of the NIC on your main LAN. That way, BI and the cams have the dead VLAN to live on and you can access the web front-end from the main LAN.
 
I would think you want to bind the UI3 webserver to the IP of the NIC on your main LAN. That way, BI and the cams have the dead VLAN to live on and you can access the web front-end from the main LAN.

My VLANs are setup with 1 way communication i.e main VLAN can access cam VLAN but not the other way around. I'm able to access all my cams webUI from my main VLAN, this is why I was thinking of isolating it further. This isn't a dedicated BI server so it can't be entirely on the cam VLAN with just UI3 bind to the main VLAN, but i see your point.
 
My VLANs are setup with 1 way communication i.e main VLAN can access cam VLAN but not the other way around. I'm able to access all my cams webUI from my main VLAN, this is why I was thinking of isolating it further. This isn't a dedicated BI server so it can't be entirely on the cam VLAN with just UI3 bind to the main VLAN, but i see your point.
Sounds like you should be good to go either way. If you go with the dual NIC model, you may be able to do away with the VLAN ACLs which keep your cams from getting out. Sounds like a 6 of one, half dozen of the other which means you have options - which is a good thing :)
 
So I am quite new to networking and IP Cameras and I want to fully understand how to complete this dual NIC setup. Thanks to TL1096r for the guide and everyone else who has replied in this thread. I have a few burning questions/uncertainties that I would like to clarify with you folks after reading through this thread from start to finish:
  1. So essentially we are assigning the IP Camera NIC a subnet that has to be different to the router IP Address and every other subnet under the router (meaning devices that are connected to the internet). This ensures the router does not connect through the IP Camera NIC and is separated from the main network.
  2. When assigning an IP Address for each camera we must ensure that the last 3 digits of the address are within the range 0-254 and they also must not conflict with any default one of the camera manufacturer. E.g. for the Dahua cameras '.108'
  3. Is the only way to change the IP address of the cameras through the default address assigned to each camera (via the GUI)?
  4. Does BI handle the NTP for the cameras or do I need to download a program like NetTime as suggested by the OP?
  5. Finally, I am using a SFF Dell PC and it currently has a PCI-E wireless NIC. Is it fine to use the motherboard NIC for the IP camera network and the wireless NIC to connect the BI PC to the internet (router)?
Thanks in advance everyone! :)
 
  • Like
Reactions: Flintstone61
So I am quite new to networking and IP Cameras and I want to fully understand how to complete this dual NIC setup. Thanks to TL1096r for the guide and everyone else who has replied in this thread. I have a few burning questions/uncertainties that I would like to clarify with you folks after reading through this thread from start to finish:
  1. So essentially we are assigning the IP Camera NIC a subnet that has to be different to the router IP Address and every other subnet under the router (meaning devices that are connected to the internet). This ensures the router does not connect through the IP Camera NIC and is separated from the main network.
  2. When assigning an IP Address for each camera we must ensure that the last 3 digits of the address are within the range 0-254 and they also must not conflict with any default one of the camera manufacturer. E.g. for the Dahua cameras '.108'
  3. Is the only way to change the IP address of the cameras through the default address assigned to each camera (via the GUI)?
  4. Does BI handle the NTP for the cameras or do I need to download a program like NetTime as suggested by the OP?
  5. Finally, I am using a SFF Dell PC and it currently has a PCI-E wireless NIC. Is it fine to use the motherboard NIC for the IP camera network and the wireless NIC to connect the BI PC to the internet (router)?
Thanks in advance everyone! :)
Answers below:

1.) Yes - make each NIC different. For example NIC 1 can be 192.168.1.100 with a subnet mask of 255.255.255.0 and a gateway of 192.168.1.1. NIC 2 can be 192.168.50.100 with a subnet mask of 255.255.255.0 but make sure there is NO default gateway set on NIC 2.

2.) You are correct.

3.) You are partially correct. Some vendors like Hik and Dahua make a config tool that you can run on your PC to make changes without having to log onto the camera GUI

4.)Yes - Download NetTime and point the cameras to the BI server for NTP (this should be set to the IP of NIC 2.)

5.) Yes - while that will work, wired works best. You can find cheap USB ethernet adapters online and then have 2 hard-wired connections. Link to an inexpensive one on amazon:
 
As an Amazon Associate IPCamTalk earns from qualifying purchases.
@InductionForced see diagram below. Realize that the IP addresses are just an example. You do not need to use the exact numbers shown.

Also, what @mikeynags said.

To elaborate on #4, BI does not handle the NTP for cams. It will display your BI system time on each cam's display if you set it that way. If you set up NTP on your BI computer, you then point each cam's NTP stings to that application via the cam's web browser.

Network Topology 0.JPG Network Topology 4.JPG
 
I have a different NIC problem.

I bought a very cheap HP NC360T dual port network card, splitting my cameras into two streams. Works fine. I then bought a Dell Intel I350-T4 quad port network card to use instead so that I could use three streams instead of cascading a switch.

Although the quad port card also works, it reduces the available memory in the PC (as shown in settings/system/about/installed RAM) from 16GB to 8GB. This is reversible in that it shows 16GB when I swap back to the NC360C. What goes on?
 
I have a different NIC problem.

I bought a very cheap HP NC360T dual port network card, splitting my cameras into two streams. Works fine. I then bought a Dell Intel I350-T4 quad port network card to use instead so that I could use three streams instead of cascading a switch.

Although the quad port card also works, it reduces the available memory in the PC (as shown in settings/system/about/installed RAM) from 16GB to 8GB. This is reversible in that it shows 16GB when I swap back to the NC360C. What goes on?
Solved it! It occurred to me I could google the problem and discovered that the I350-T4 together with a family of other PCIe-16 cards block the SMbus signals (whatever they are), disabling one of the two DIMM slots. So, if you only have one stick in this slot, the PC does not even boot and beeps. This happened to me whilst diagnosing the problem.

Fortunately there’s a fix which is to mask the two SMbus pins on the card (signals not needed). I cut the tracks on the board instead but was too heavy handed and went straight through to a middle layer (multilayer board). More copper tracks were exposed but seem to have got away with it - the ethernet ports still work and I once again have 16GB of RAM.
 
I have wired cameras that are on a separate NW as described here. One network for camera streams. One for everything else. I prefer to keep a physical separation,

I did however get a wifi camera for Christmas. I am planning to play with the motion for a little while but really wanted this to take a few snaps when BI is triggered.

Are there options that I can add a camera from the WWW network?
 
Even that wireless cam will have an IP address. Just add a new cam in BI and put the IP address, ID and password in and click find/inspect. I actually have a couple of wireless cams set up just like that.

If you are not using a dual NIC, then place the new cam on your CAM network. You probably will have to get an AP for it. If you are using a dual NIC on the BI machine, BI will find the cam.