Dual NIC setup on your Blue Iris Machine

staind204

Getting the hang of it
Joined
Nov 15, 2022
Messages
68
Reaction score
37
Location
US
I am really struggling with this setup. I wanted to use a Ubiquiti Flex Switch so I would only need to run one ethernet to my attic. I wanted to terminate the ethernet from my basement switch to a 2nd switch w POE injector to the Flex switch in the attic and then run wires to the outdoor cams.

However with the "dual nic" setup, I can't get my Unifi Flex Switch Online. My "second" switch has 1 ethernet going from the switch to the BI PC. The 2nd ethernet goes into a POE injector then into the Flex switch and onto the camera.

The problem is since the Flex switch is coming off the 2nd switch (not hooked into the primary switch with router/internet access), it can never get an IP. I am unable to log into the GUI of the flex switch because it can't get to the router to get an IP. Unfortunately if I can't manage the switch, I cant get it to power the cam. Is there any workaround for this or do I just have to get rid of the flex switch and buy an unmanaged POE? I really want to use the flex switch so I can run less wires but I just can't figure this out and am extremely frusterated.
 

Teeauu

Getting the hang of it
Joined
Apr 30, 2017
Messages
60
Reaction score
28
I am really struggling with this setup. I wanted to use a Ubiquiti Flex Switch so I would only need to run one ethernet to my attic. I wanted to terminate the ethernet from my basement switch to a 2nd switch w POE injector to the Flex switch in the attic and then run wires to the outdoor cams.

However with the "dual nic" setup, I can't get my Unifi Flex Switch Online. My "second" switch has 1 ethernet going from the switch to the BI PC. The 2nd ethernet goes into a POE injector then into the Flex switch and onto the camera.

The problem is since the Flex switch is coming off the 2nd switch (not hooked into the primary switch with router/internet access), it can never get an IP. I am unable to log into the GUI of the flex switch because it can't get to the router to get an IP. Unfortunately if I can't manage the switch, I cant get it to power the cam. Is there any workaround for this or do I just have to get rid of the flex switch and buy an unmanaged POE? I really want to use the flex switch so I can run less wires but I just can't figure this out and am extremely frusterated.
Ok so shotgunning here. Can you not either provide a static IP to the switch, or make one IP available in DHCP and let the switch grab that?
 

staind204

Getting the hang of it
Joined
Nov 15, 2022
Messages
68
Reaction score
37
Location
US
I think the problem is the Flex Switch can't get to the router with the "dual nic" setup. The "POE flex switch" needs to be hanging off the isolated switch going to the NVR BI PC's 2nd NIC (it can't get to my router handing out addresses which I think is by design, anything off my isolated/CAM switch should not get out).
 

staind204

Getting the hang of it
Joined
Nov 15, 2022
Messages
68
Reaction score
37
Location
US
A POE switch cannot 'power' a cam through another switch. You need to plug each cam into the POE switch, then connect the POE switch to your other switch.

See below
View attachment 146801
Thanks but I have a poe injector. I think I got it figured out. I was able to get the POE flex switch online by using my regular network. I got in and gave it a static ip in my 2nd NIC/cam address range. Then i plugged it into the switch going to my nvr nic and i could ping the new address but the ubiquiti software still couldnt see it. I completely turned off windows firewall and it worked. So lastly I had to go back in and allow the ubiquiti software access in win defender so I could re-enable the firewall. I still have more testing to do but atleast I can get to my flex switch now.
 

staind204

Getting the hang of it
Joined
Nov 15, 2022
Messages
68
Reaction score
37
Location
US
Once we have added 192.168.1.50/24 and re-ip'd the camera away from their default address, is there any reason to leave 192.168.1.50/24 on the 2nd NIC? Can it be safely removed? Any risk to leaving it?
 

twojciac

n3wb
Joined
Dec 30, 2022
Messages
2
Reaction score
1
Location
Frisco, TX, USA
Using two NICs keeps things simple with physical mapping of networks, but this is all achievable using VLANs if you have a smart or managed switch.

Assume your home network is the default, VLAN 1. You can create a second VLAN, we'll use VLAN 2 for this example, where the cameras will connect. All the typical ports will remain in VLAN 1 and you will configure the switch to use VLAN 2 for any ports connecting to cameras. Then on the port connecting to your NVR you will set up a 802.1q trunk. You will then have a physical Ethernet interface and two virtual interfaces for each VLAN. The rest of the guide is applicable, the same overall architecture where you'd setup a default gateway for the interface connecting to VLAN 1 and leave the gateway off VLAN 2's interface.
 

IReallyLikePizza2

Known around here
Joined
May 14, 2019
Messages
1,852
Reaction score
4,441
Location
Houston
Using two NICs keeps things simple with physical mapping of networks, but this is all achievable using VLANs if you have a smart or managed switch.

Assume your home network is the default, VLAN 1. You can create a second VLAN, we'll use VLAN 2 for this example, where the cameras will connect. All the typical ports will remain in VLAN 1 and you will configure the switch to use VLAN 2 for any ports connecting to cameras. Then on the port connecting to your NVR you will set up a 802.1q trunk. You will then have a physical Ethernet interface and two virtual interfaces for each VLAN. The rest of the guide is applicable, the same overall architecture where you'd setup a default gateway for the interface connecting to VLAN 1 and leave the gateway off VLAN 2's interface.
I do both, cameras all go on their own VLAN which is heavily firewalled off, and my Blue Iris machine has 2 NIC's, one for the camera VLAN and one for my main LAN, both switchports just untagged access ports

The problem with doing trunks in Windows is that is HOT GARBAGE
 

reflection

Getting comfortable
Joined
Jan 28, 2020
Messages
348
Reaction score
261
Location
Virginia
A POE switch cannot 'power' a cam through another switch. You need to plug each cam into the POE switch, then connect the POE switch to your other switch.
I have three of these. They work pretty well. No issues so far. As long as your cameras don't use too much power (no PTZ), and your PoE switch is decent, you can plug this in to your PoE switch (which will power this device) and then connect cameras to it. I have a Cisco PoE switch and set the port to "power inline static" to pin the port to 30W. Then I have up to 4 cameras connected to it. No issues with IR either.

This allows me to run one CAT6 from my main PoE switch to my garage and feed 4 cameras. Sure beats running four CAT6 cables from the main PoE switch.

Edit. Forgot the link. 4 Ports POE Extender 10/100M RJ45 25.5W Extend 120M IEEE 802.3af for IP Camera | eBay
 
As an eBay Associate IPCamTalk earns from qualifying purchases.

twojciac

n3wb
Joined
Dec 30, 2022
Messages
2
Reaction score
1
Location
Frisco, TX, USA
The problem with doing trunks in Windows is that is HOT GARBAGE
Blue Iris is the only reason I run Windows, otherwise I've been a Linux and MacOS guy. But I've got an Intel NIC and using PROSet it was simple to setup a trunk and the vlan subinterfaces. Not sure how Realtek or any of the other vendors are. I try to stick with Intel whenever I can.
 

IReallyLikePizza2

Known around here
Joined
May 14, 2019
Messages
1,852
Reaction score
4,441
Location
Houston
Blue Iris is the only reason I run Windows, otherwise I've been a Linux and MacOS guy. But I've got an Intel NIC and using PROSet it was simple to setup a trunk and the vlan subinterfaces. Not sure how Realtek or any of the other vendors are. I try to stick with Intel whenever I can.
What version of Windows?

That's good to know, I usually just avoid it. The use case is pretty limited now with most things with VM's in the real world
 

reflection

Getting comfortable
Joined
Jan 28, 2020
Messages
348
Reaction score
261
Location
Virginia
I tried Intel PROSet on my desktop machine but had problems with trunks. When it work, it worked fine. But it kept losing its config and I had to reconfigure the trunk. I finally gave up on it. Maybe it was because VMware Workstation or VirtualBox or HyperV resetting the config.

For BlueIris within ESXi, it was easy enough to create a new interface, so never had to configure a trunk on the BlueIris VM, just on the ESXi host.
 

TL1096r

IPCT Contributor
Joined
Jan 28, 2017
Messages
1,223
Reaction score
465
Wow this is thread to be 4 years old this July... Thanks for everyone that added to this thread.

If anyone has a good write-up for setting up VLANS on a specific brand's managed switch please share it here. It would be a setup from a dual NIC setup.

Thanks
 

Michael11

Getting the hang of it
Joined
Jan 13, 2023
Messages
59
Reaction score
53
Location
Florida
I read the entire thread. Thank you everyone!

The few questions I have before attempting dual NIC setup on the machine coming Friday is... 1) Do we need to do anything with IPv6 such as disabling it during the first step when we click on IPv4 and properties? My router shows activity on IPv6 so I want to follow the steps in order. I know I can check after the fact to see if the cameras are isolated, but it'd be nice to know upfront. 2) I was planning on running security software on my BI machine, maybe that's in a different forum. I don't see why it would be an issue, and it would help with the discussion of Windows getting compromised from a camera.

1674084018981.png
 

Virga

Getting the hang of it
Joined
Feb 13, 2023
Messages
125
Reaction score
84
Location
USA
Great thread, of course will have to re-read.
Key realization for me is that it is not just the BI PC that has to be isolated, but the entire eco-system of cameras.

The first thing that stood out for me is that I'll need to change how my cameras are physically connected.
I have an ISP modem-only (currently Starlink, soon to be replaced by Spectrum/Charter), my own router, and three switches including one PoE switch plugged into my Unifi Dream Machine router.
All ethernet runs are home runs to the same location.
IP cameras and other PoE devices connect to the PoE switch (which connects to the router).

Looks like this needs to change if I am reading/understanding the diagrams correctly,
The cameras need to connect to the PoE switch, which needs to connect ONLY to the BI PC.
For other PoE devices I'll have to make new arrangements, either a second PoE switch or port injectors.
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,436
Reaction score
47,561
Location
USA
Great thread, of course will have to re-read.
Key realization for me is that it is not just the BI PC that has to be isolated, but the entire eco-system of cameras.

The first thing that stood out for me is that I'll need to change how my cameras are physically connected.
I have an ISP modem-only (currently Starlink, soon to be replaced by Spectrum/Charter), my own router, and three switches including one PoE switch plugged into my Unifi Dream Machine router.
All ethernet runs are home runs to the same location.
IP cameras and other PoE devices connect to the PoE switch (which connects to the router).

Looks like this needs to change if I am reading/understanding the diagrams correctly,
The cameras need to connect to the PoE switch, which needs to connect ONLY to the BI PC.
For other PoE devices I'll have to make new arrangements, either a second PoE switch or port injectors.
That is correct.

The 2nd NIC can be had for under $20, so most will just do that. The advantage is a little more physical separation and ease of replacement.

That is correct - the purpose of the dual NIC is to place all of the cameras on one NIC and then the internet to the BI computer with the other NIC.

From this graphic courtesy of @samplenhold, you will notice the cameras are on one IP subnet (192.168.2.xxx) while everything else is on IP subnet 192.168.1.xxx subnet.

Doing so in this format prevents the cameras from talking to the internet. The BI PC will basically act as a firewall.


1675981682130.png
 
As an Amazon Associate IPCamTalk earns from qualifying purchases.

Virga

Getting the hang of it
Joined
Feb 13, 2023
Messages
125
Reaction score
84
Location
USA
I take it that no routing is needed below the BI PC because the cameras are assigned static IPs.
From your post in a different thread yesterday (where you provided a link to this thread), NIC#1 in above @samplenhold diagram could be a Wifi NIC connecting to Wireless Access Points which connect to the 192.168.1.xxx switch,
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,436
Reaction score
47,561
Location
USA
I take it that no routing is needed below the BI PC because the cameras are assigned static IPs.
From your post in a different thread yesterday (where you provided a link to this thread), NIC#1 in above @samplenhold diagram could be a Wifi NIC connecting to Wireless Access Points which connect to the 192.168.1.xxx switch,
That is correct - no router or routing is needed since you are manually assigning the IP addresses to the cameras.

Yes, under your scenario NIC1 would be the wifi NIC connected to your router.
 

SourTurtle

n3wb
Joined
Jul 10, 2023
Messages
1
Reaction score
0
Location
Arkansas
With this setup, would it be bad to run other programs that interact with or are used by devices on the main network on the Blue Iris PC? If so, what's the concern?
 
Top