How do you setup dual LAN?

Discussion in 'IP Cameras' started by czrabode, Jul 29, 2018.

Share This Page

  1. czrabode

    czrabode n3wb

    Joined:
    Jul 22, 2018
    Messages:
    25
    Likes Received:
    0
    Location:
    USA
    Hi. As suggested by the Cliff Notes, I got another NIC card and installed it in my Dell OptiPlex so I can do the dual-LAN setup that is recommended. I plan on creating an secure and non-secure network.

    But my question is, after I plug in the POE to the other ethernet port, what do I do next?

    Is there an old thread outlining this or any reference? Or maybe you can describe it to me?

    Thanks!
     
  2. Mr_D

    Mr_D Getting comfortable

    Joined:
    Nov 17, 2017
    Messages:
    582
    Likes Received:
    502
    Location:
    Southern California
    Go into Control Panel and edit the properties of the 2nd NIC to assign it an IP address and subnet mask. For example, you could make it 192.168.80.10 with a subnet mask of 255.255.255.0. All of your cameras will need to be on the same network as the PC, so they could use 192.168.80.20, 192.168.80.21, etc. with the same subnet mask. You can leave the gateway and DNS entries blank. I'm assuming the 2nd NIC is solely for connecting to an isolated network containing your cameras which do not need Internet access.
     
    bp2008 likes this.
  3. SouthernYankee

    SouthernYankee IPCT Contributor

    Joined:
    Feb 15, 2018
    Messages:
    1,727
    Likes Received:
    960
    Location:
    Houston Tx
    Stating the obvious. I have the second NIC connected to a POE switch. All the cameras connect to that switch or switches off that switch. Keep the networks physically seperate except for the BI pc.
     
  4. czrabode

    czrabode n3wb

    Joined:
    Jul 22, 2018
    Messages:
    25
    Likes Received:
    0
    Location:
    USA
    Thanks. That took care of it. Any suggestions on setting up the Windows 10 firewall on the Blue Iris PC?


    Sent from my iPhone using Tapatalk
     
  5. Mr_D

    Mr_D Getting comfortable

    Joined:
    Nov 17, 2017
    Messages:
    582
    Likes Received:
    502
    Location:
    Southern California
    I just left mine at the defaults. It's behind your router which is your actual firewall.
     
    bp2008 likes this.
  6. catcamstar

    catcamstar Getting comfortable

    Joined:
    Jan 28, 2018
    Messages:
    742
    Likes Received:
    439
    The fun part in this setup: how to reach the (web)interfaces of the "secured" devices? You might want to have a tablet/phone VPNwise connect to the "secured" part, which implies some routing/NAT'ing/loopback ;-)
     
  7. Mr_D

    Mr_D Getting comfortable

    Joined:
    Nov 17, 2017
    Messages:
    582
    Likes Received:
    502
    Location:
    Southern California
    Yeah that's why I setup a separate subnet for the cameras and BI so my firewall controls what crosses in/out. BI can access the Internet. I can access BI or the cameras from my main subnet. The cameras cannot access the Internet except for hitting one time server by IP address.
     
  8. czrabode

    czrabode n3wb

    Joined:
    Jul 22, 2018
    Messages:
    25
    Likes Received:
    0
    Location:
    USA
    Unfortunately, my Google WiFi router has a rudimentary firewall. Do you have any suggestions on how I should set up my Windows 10 firewall on my Blue Iris computer prevent the cameras from accessing the internet?
     
  9. Mr_D

    Mr_D Getting comfortable

    Joined:
    Nov 17, 2017
    Messages:
    582
    Likes Received:
    502
    Location:
    Southern California
    The Google Wifi firewall is fine. It's main job is to reject unsolicited traffic coming from the Internet.

    The cameras can't access the Internet through the BI PC because Windows 10 is not a router. Even if it were, configuring the cameras with a blank gateway and DNS address would keep them from reaching the Internet.
     
    catcamstar likes this.
  10. danieldbird

    danieldbird n3wb

    Joined:
    Mar 17, 2019
    Messages:
    19
    Likes Received:
    7
    Location:
    New Zealand
    What NIC card did you get fort he Dell Optiplex? I just bought a Dell Optiplex 9020, but the chassis is slim and I can't find a NIC card for it .
     
  11. Mr_D

    Mr_D Getting comfortable

    Joined:
    Nov 17, 2017
    Messages:
    582
    Likes Received:
    502
    Location:
    Southern California
    Just search for a low profile PCI Express Ethernet adapter.
     
    danieldbird likes this.
  12. IAmATeaf

    IAmATeaf Pulling my weight

    Joined:
    Jan 13, 2019
    Messages:
    487
    Likes Received:
    246
    Location:
    United Kingdom
    This or do what I did and get the hacksaw and files out to make it fit :D Joking aside I had an old card lying around which is why I "modded" it not suggesting you do the same unless you feel really comfortable doing it. All I did was install it into the machine, with a perm marker draw a line where I would need to bend the metal to form a tab. Then I removed the flat plate itself from the card, bent it over, cut off the excess and then reshaped the newly bent over tab using the cut off pieces tab as a template.
     
    Netwalker and danieldbird like this.
  13. danieldbird

    danieldbird n3wb

    Joined:
    Mar 17, 2019
    Messages:
    19
    Likes Received:
    7
    Location:
    New Zealand
    Thanks guys, managed to pick up a second-hand Intel gigabit NIC for $10. Same one on amazon was $166NZD? What the..
     
  14. TL1096r

    TL1096r Pulling my weight

    Joined:
    Jan 28, 2017
    Messages:
    565
    Likes Received:
    115
    Good advice but in the Dahua configuration tool it will not allow you to leave the gateway blank. What would you put there to make it work?
     
  15. Mr_D

    Mr_D Getting comfortable

    Joined:
    Nov 17, 2017
    Messages:
    582
    Likes Received:
    502
    Location:
    Southern California
    Any IP address on the same subnet that isn't a router would work. So 192.168.20.254 for example. Just exclude that IP from your DHCP scope if you have a DHCP server and don't configure any hosts to use that IP address.
     
    TL1096r likes this.
  16. IAmATeaf

    IAmATeaf Pulling my weight

    Joined:
    Jan 13, 2019
    Messages:
    487
    Likes Received:
    246
    Location:
    United Kingdom
    I just the default gateway on the cams to .1, server is .30 and cams start at .50 There is no dhcp server on the dedicated cam lan so everything is static.
     
  17. catcamstar

    catcamstar Getting comfortable

    Joined:
    Jan 28, 2018
    Messages:
    742
    Likes Received:
    439
    I care to disagree: there are other threads in this forum where people have discovered that an NVR (? or was it an IPC) was using "brute force" to find an internet hole: if it couldn't reach the internet through the 'left blank/non working' gateway, it started scanning the network until it found a working internet gateway.

    So be warned: this absolutely was a good idea in 2001, but in 2019, we have to be smarter! Secure your network, no matter what. Dual NIC, vlan, mother-in-laws, it doesn't matter. Protect your gear.

    Hope this helps!
    CC
     
    TL1096r likes this.
  18. IAmATeaf

    IAmATeaf Pulling my weight

    Joined:
    Jan 13, 2019
    Messages:
    487
    Likes Received:
    246
    Location:
    United Kingdom
    If the person gets onto the same lan yes they can scan but if the cams are on a separate lan then without any routing they can scan all they like. In my case the only way to access the cams is via the BI pc so they’d need to get onto that before they could access the cams.

    On another note, does this sort of thing actually happen on a domestic installation? Can’t see why a hacker would even want to waste their time unless it’s just for laughs.
     
    TL1096r likes this.
  19. VorlonFrog

    VorlonFrog Known around here

    Joined:
    Aug 3, 2015
    Messages:
    999
    Likes Received:
    588
    Location:
    Charlotte
    Some people have more $$$ than sense.
     
  20. catcamstar

    catcamstar Getting comfortable

    Joined:
    Jan 28, 2018
    Messages:
    742
    Likes Received:
    439
    One little botnet is indeed for the laughs, but imagine 10.000 "smart"fridges colliding into a botnet to some federal institution. That an "evil" laugh :)

    But then again, I fully agree with you: dual nic is much easier, yet if you want to configure a cam without "screen" access to the BI pc, you are "lacking" flexibility. And yes, you could do RDP on that BI pc, but then you have to "open services" on that BI pc which makes that again "high" vulnerable. I already wrote it many times on this forum, and to @TL1096r : there is no ideal networking configuration, it all depends on the requirements, the budget, the flexibility, the learning curve etc. Yes, an 8th grader could setup a dual nic BI pc setup and be satisfied with it, going for vlans and managed switches is not something you would do a Sunday afternoon if you never had seen a single firewall rule, nor TCPIP stack configurations.
     
    TL1096r likes this.