Dual NIC setup on your Blue Iris Machine

[nowandthen]

Thanks to both of you, I'll give that a try. My IP address pool is set to start at 40. I'll be assigning the BI PC PCIe NIC an address lower than 40.

Is it better to use the PCIe NIC card to connect to my LAN and use the built-in NIC card car for my camera POE switch? IF it doesn't matter then I'll use the PCIe NIC for my camera POE switch.

 

[Sybertiger]

Thanks to both of you, I'll give that a try. My IP address pool is set to start at 40. I'll be assigning the BI PC PCIe NIC an address lower than 40.

Is it better to use the PCIe NIC card to connect to my LAN and use the built-in NIC card car for my camera POE switch? IF it doesn't matter then I'll use the PCIe NIC for my camera POE switch.

Probably doesn't matter but I think a lot of people use the built-in NIC for the POE switch because it's better integrated into the system and your POE switch is going to get a lot more traffic than the other NIC that connects to your home network.

 

[Flintstone61]

Wow. Great Job typing all this out and explaining it. I may give this a wack later.

 

[TL1096r]

Wow. Great Job typing all this out and explaining it. I may give this a wack later.

I am working on elaborating on adding a wifi cam to the dual NIC. Does anyone have any suggestions or share their setup using their wireless cam to connect to the second NIC?

-----For Wireless Cam Dual NIC setup-----

@SouthernYankee Quick Guide to Dual NIC with a wireless camera / Doorbell Camera.
Using a second NIC with a wireless camera is straight forward.
1) Get an access point, wire it to the switch that is on the second NIC, give it an IP address that is in the second NIC sub net range.
2) Set the access point to have a different SSID then your home WiFi, make sure that it is on a different channel than your home WiFi.
3) Configure the wireless camera to have an IP address in the second NIC sub net range.
4) Configure the wireless camera to have the same SSID and channel as the access point.

-----For Wireless Cam Dual NIC setup-----

 

[concord]

If you have old wifi router hanging around, a quick fix would be to plug the cam NIC into the one of the 4 ports, use one of the other ports to connect your poe switch. (Note that the WLAN port is not used). Then use the router to set up wifi to the cam.

 

[TL1096r]

If you have old wifi router hanging around, a quick fix would be to plug the cam NIC into the one of the 4 ports, use one of the other ports to connect your poe switch. (Note that the WLAN port is not used). Then use the router to set up wifi to the cam.

I will try to share more steps/screenshots for others.

I did not have another router so I bought this from the suggestion of @bp2008

https://www.amazon.com/gp/product/B004UBU8IE

I am receiving some additional advice/info from @SouthernYankee & @catcamstar and will share final result. So far it seems straightforward but additional information can't hurt.

I will be plugging the access point (router) into the switch on the dual NIC to set it up. Do you suggest something differently?

 

[concord]

I will try to share more steps/screenshots for others.

I will be plugging the access point (router) into the switch on the dual NIC to set it up. Do you suggest something differently?

Edit: Forgot to mention the device you linked to is just an access point, which would work for option #1. However, most routers will allow you to configure it as an access point instead (and a repeater).

There are two ways:
1) one is to make the router an access point and connect it to your cam switch, I assume that it is a managed switch with ability to assign IP addresses.
2) The other is to actually use the router as a router, without WLAN connection. The router will act as the DHCP server (or assign static IP addresses).

I used diagrams.net (free to use flow chart program) to produce #2 option, and I'm attaching the .xml file that can used on diagrams.net:

 

[SouthernYankee]

I prefer to connect the nic 2 to the unmanaged switch, then connect the assess point (router) to the switch. I try to not run unnecessary traffic through a router (access point) .

 

[TL1096r]

Thanks. SouthernYankee that is what I am doing. I see concord has it a bit differently.

I will try to take screenshots and add as much detail as possible from all the info I gathered from: southern/bp2008/catcam. Great minds here allowing me to get this small write-up together to give more detail.

Plug the new wifi (access point) into the switch that is connected to the 2nd NIC:
-> Turn off DHCP server
-> Change LAN address
-> Configure the wireless camera to have an IP address in the second NIC sub net range.
-> Unique SSID that is different than main router
-> Set WPA2 Password
-> Choose Channel 1, 6 or 11. Make sure it is a different channel than your main router. If all 3 are already in use, pick whichever is furthest away or used the least.
-> Turn off 40MHz mode. Only use 20MHz mode
-> Configure the wireless camera to have an IP address in the second NIC sub net range.


If I missed anything or you'd like to add anything please share.

 

[concord]

I prefer to connect the nic 2 to the unmanaged switch, then connect the assess point (router) to the switch. I try to not run unnecessary traffic through a router (access point) .

I agree with that and using static IP Addresses; recommend updating the host file on the BL server so names can be used instead of IP addresses, easy way of keeping a list too.

The original doorbell cam didn't have the ability to assign an IP Address, so the quick way of setting it up was with an old netgear router, set the DHCP to a different IP range, register the doorcam, assign an IP via MAC address, then take it off the internet and connect the BL server NIC#2 to the netgear router. It's been working fine, however if I get more cams than the current 4 cams, I'll be changing it, assuming the netgear AP mode will allow DHCP. It's the only wifi cam I have thats on all the time. Play with a Wyze cam once in a awhile.

 

[TL1096r]

We are NOW in the wiki:

IP Cam Talk Wiki

Thank you for viewing our wiki! If you would like to contribute, please [URL='https://ipcamtalk.com/misc/contact']contact us[/URL]...

ipcamtalk.com

 

[TL1096r]

For setting up the Dual NIC with wifi. Do you think a wifi repeater or bridge will help create a better signal?

 

[SouthernYankee]

use a repeater to extend your access point if needed. You only have one network on the NIC 2 camera network. And one network one NIC 1 your home network

What's the Difference Between a Wireless Repeater and a Wireless Bridge? | PC Dreams

The main difference between a wireless repeater and a wireless bridge is that a repeater simply extends the range of a network while a bridge ties two networks together. A client bridge links computer

pcdreams.com.sg

 

[TL1096r]

use a repeater to extend your access point if needed. You only have one network on the NIC 2 camera network. And one network one NIC 1 your home network

What's the Difference Between a Wireless Repeater and a Wireless Bridge? | PC Dreams

The main difference between a wireless repeater and a wireless bridge is that a repeater simply extends the range of a network while a bridge ties two networks together. A client bridge links computer

pcdreams.com.sg

I will try the repeater if the signal is not good.

Thanks

 

[Teeauu]

I've been using VLAN's for years and when I updated my routers in the last year I found out that some things I've done in OpenWrt on some of the newish TP-Link routers didn't work the same. This morning before the sun came up (and it was still relatively cool in the atic) I finally pulled another drop to the other side of the house, got rid of the camera router and hooked the camera switch up to a new NIC in the camera PC. Done!

 

[TL1096r]

I've been using VLAN's for years and when I updated my routers in the last year I found out that some things I've done in OpenWrt on some of the newish TP-Link routers didn't work the same. This morning before the sun came up (and it was still relatively cool in the atic) I finally pulled another drop to the other side of the house, got rid of the camera router and hooked the camera switch up to a new NIC in the camera PC. Done!

If I ever get around to VLANS I will try to make a similar DIY. So far DUAL NIC is the easiest.

 

[Teeauu]

If I ever get around to VLANS I will try to make a similar DIY. So far DUAL NIC is the easiest.

Dual nics are simpler and in my case faster. GB switches and a GB network seem to work faster than a GB router and switches.

 

[mrc545]

Would explicitly blocking outbound WAN access to the specific cameras via ACL on a router's built-in FW accomplish the same thing?

 

[Teeauu]

If you are a network engineer you could use ACL's and block the cameras by MAC. The best thing to do in this case would be to have an allowed none rule and then specifically allow the devices that you want to have internet access. The nice thing about two NIC's are that there is no DG so the cameras can't get to the internet at all and it is an easy solution with nothing to remember once you are done, in other words you don't have to remember to allow or disalow Internet access to a device. I have about 25 camera and am constantly adding or deleting or upgrading cameras and this solution works like a charm.

 

[mrc545]

If you are a network engineer you could use ACL's and block the cameras by MAC. The best thing to do in this case would be to have an allowed none rule and then specifically allow the devices that you want to have internet access. The nice thing about two NIC's are that there is no DG so the cameras can't get to the internet at all and it is an easy solution with nothing to remember once you are done, in other words you don't have to remember to allow or disalow Internet access to a device. I have about 25 camera and am constantly adding or deleting or upgrading cameras and this solution works like a charm.

Thanks for the clarification. I wasn't sure if some cameras have some kind of sneaky backdoor, like an alternate MAC or IP or something that it can use to get out. I don't trust anything.

My router has a dumbed-down version of an ACL in the form of a parental control blacklist. I tested it out on another PC, and it's airtight. It's actually more simple for me, since I have aliases for all of my client devices configured in a custom client list on my rtr. So I just select the cams in a drop-down, and select the option to block WAN access persistently. This is faster for me than going into each camera and changing the IP to a different subnet, and is also convenient because I have a couple of wireless ones that I'd have to bridge to do the dual-NIC option otherwise.