Looking for some BI networking advice (with hardware implications)

Frankenscript

Known around here
Joined
Dec 21, 2017
Messages
1,288
Reaction score
1,197
Just checking in; BI has been working fine for a week, using the setup in my original post but without the extra "router working as an access point." I'll make an edit to the OP that the router there isn't needed, but could be useful if there was a need to hook up multiple PoE switches, or if there were wireless devices, and in that case it would just be working as an access point/switch and not actually a router.
 

Rhodesy

Getting the hang of it
Joined
Mar 8, 2018
Messages
175
Reaction score
36
Frankenscript et al,

I'm currently scratching my head on this and looking at Frank's map, your setup is:-

> cable modem > Asus router > BI PC > POE Switch > Cameras

I can setup:-

Cable modem > (I need more ports can insert/use a swithch before or after Asus?) > Asus router > BI PC > POE Switch > Cameras

Sent from my SM-G955F using Tapatalk
 

Frankenscript

Known around here
Joined
Dec 21, 2017
Messages
1,288
Reaction score
1,197
(I'm always amused people think my name is Frank... actually Frankenscript refers to my programming style... :) )

Anyway, there should be nothing between the cable modem and the LAN Router (an Asus, in my model). Typically the cable modem will only provision a single device, usually the router. So you want a direct connection from cable modem to Router. The key thing is that for my intended use case, the BI PC needs to have two network interfaces, so I can keep camera traffic off my main LAN.
 

Rhodesy

Getting the hang of it
Joined
Mar 8, 2018
Messages
175
Reaction score
36
Thanks Frank, that is helpful but I am still confused. (sorry about the Frank btw, it just seems easier not knowing any different):)

My home layout is shown in the attached file. As you can see, I have the internet coming in to a room that is little used. Then I currently send it to a Utility Cupboard where I use a cheap switch to send it to every room.

I'd like my BI PC to be in the Lounge but I am unsure of where and how to connect my other POE Switch (currently unused) & whilst I think I should be buying a router like the Asus that gets a mention, I'm not certain.

Please could you tell me where I should insert what products to successfully manage this conundrum?
 

Attachments

Frankenscript

Known around here
Joined
Dec 21, 2017
Messages
1,288
Reaction score
1,197
Hi Rhodesy,

(No worries about "Frank")

I'm a little confused about your proposed setup (layout 2, the more recent one).

You only need a single router (the one you mention being in the utility cupboard), which is what I learned after posting my original design in the first few posts of this thread.

It looks like in your design, the POE switch connects to the router, so any device on the main LAN network would be able to access your cameras, which is fine and pretty common, though this was explicitly what I wanted to avoid. I wanted my blue iris PC to be on my LAN, but the cameras to NOT BE on the LAN. I wanted them completely isolated from the internet. No way to them from the internet, and no way from them to get out to the internet.

But anyway, I'm following along fine, until I get to the router to obtain 2x outlets. Maybe you meant to put a switch there, not a router? I don't see a need for a router there. A switch would do the trick. I see your BI PC is there in the lounge and it should be fine.

So, I don't see anything unusual about what you propose other than the router/switch difference in the lounge. It's just not the way I would do it, because I want my cameras not to be on my LAN; I want the BI PC on the LAN but not the cameras directly.
 

Rhodesy

Getting the hang of it
Joined
Mar 8, 2018
Messages
175
Reaction score
36
Thanks very much for confirming it Frank.

Yes a switch would do in the lounge (not a router), I was just trying to obtain another ethernet outlet without going under floor for my cable at wrong side of the room.

That said, I've been re-reading the wiki notes all day today about LAN settings and exactly as you say it's safer to exclude them from the internet.

I may still go under the floor to extend that cable creat a second cat5 from utility cupboard to the pc in the lounge. Then I could isolate the camera switch correctly.

Rather than installing a Second NIC adapter on my pc, could I use my Startech USB to Ethernet?
Having said that, I like to do the proper job and they're only £30 ish.

Do you know if they fit the SFF Dell Optiplex?

There appears to be some sort of space, 2 slots on the motherboard & removable area on rear.
(Shown in image attached.)

I've emailed Andy on this forum today about some Dahua's and I've read so much I'm muddled but I'm getting there.

The end result is going to be so much better than my existing CCTV (see attached)

This project was initially to install my mum cctv at her new house.

Currently I'm so involved in it, I'm going to build it at home and then take the set up to hers where we're currently fixing the wiring so this has been great education for me and she will be very pleased.



Sent from my SM-G955F using Tapatalk
 

Rhodesy

Getting the hang of it
Joined
Mar 8, 2018
Messages
175
Reaction score
36
Wait a minute....

The isolating cameras from the internet setup means that the BI app cannot be used to remotely view cameras?

BI App viewing is essential for me. Remote desktop is far from perfect on the mobile phone.

Sent from my SM-G955F using Tapatalk
 

awsum140

Known around here
Joined
Nov 14, 2017
Messages
1,254
Reaction score
1,128
Location
Southern NJ
You can use either a PCI network card or a USB adapter. Either one will do the trick. The blue or black connector will work fine for an additional PCI network card. I use a USB network adapter when I want to configure a new camera, much easier than constantly fooling with the IP configuration on the BI machine.

Using the second NIC card and attaching it to the PoE switch will allow a totally different network IP address configuration for your cameras while the built-in network interface will connect to your regular network. You'll still be able to remote in since the PC is actually on both networks simultaneously. I'll also assume you'll be using a VPN, or other appropriate secure access tools, to do that remote access. Having the cameras on a different network IP range will add security to them. Cameras are an easy target for hackers.

Hope that makes sense.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Wait a minute....

The isolating cameras from the internet setup means that the BI app cannot be used to remotely view cameras?

BI App viewing is essential for me. Remote desktop is far from perfect on the mobile phone.

Sent from my SM-G955F using Tapatalk
one has nothing to do with the other.
the cameras can be isolated the blue iris server not.
you dont need dual cards to accomplish this.
there are many threads discussing options like vlan or simply blocking internet access to the cams.
 

Frankenscript

Known around here
Joined
Dec 21, 2017
Messages
1,288
Reaction score
1,197
Exactly as @fenderman says. It's the BI server that needs to be on your LAN, not the cameras. As he says, there are various ways to skin this cat. I chose to isolate the cameras on a completely different network, connected to a second NIC on the BI PC, because it was easy, I understood the principals involved (VLANs are still outside my comfort zone, for now), and because one of the most important things to me about my configuration was NOT to use up any of my main house LAN throughput on the camera routine streams. It's easy to suggest I didn't really need to be concerned about that, but it was something that was important to me, so I chose the route I went down, and am thrilled with how it has worked out.

For most people the decision, if they want to isolate the cams from the internet, comes down to "completely separate network" as I've done, or VLANs as described elsewhere. Lots of folks are familiar with VLANs and have equipment to support it so this is probably the most common way to do it.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Exactly as @fenderman says. It's the BI server that needs to be on your LAN, not the cameras. As he says, there are various ways to skin this cat. I chose to isolate the cameras on a completely different network, connected to a second NIC on the BI PC, because it was easy, I understood the principals involved (VLANs are still outside my comfort zone, for now), and because one of the most important things to me about my configuration was NOT to use up any of my main house LAN throughput on the camera routine streams. It's easy to suggest I didn't really need to be concerned about that, but it was something that was important to me, so I chose the route I went down, and am thrilled with how it has worked out.

For most people the decision, if they want to isolate the cams from the internet, comes down to "completely separate network" as I've done, or VLANs as described elsewhere. Lots of folks are familiar with VLANs and have equipment to support it so this is probably the most common way to do it.
if the BI machine is connected to the same switch there is nothing going through your router/network
 

Rhodesy

Getting the hang of it
Joined
Mar 8, 2018
Messages
175
Reaction score
36
Thanks for the responses and info guys.

2 x 5231's paid for earlier + brackets & shipping from @EMPIRETECANDY with the foreign exchange paid, cost me £275.17.

I was sorely tempted with higher MP cams as we will have outside lights too but these will defo come in somewhere.
 

Bubs

Getting comfortable
Joined
Dec 26, 2016
Messages
84
Reaction score
21
Hay please take a look at what I got so far and tell me if it will work and where I should connect VPN sever and lastly if leave the WIFI on the gateway turned on what access to the network would it have (talk about run on sentence)


Thanks in advance

please be gentle still leaning
 

Attachments

Frankenscript

Known around here
Joined
Dec 21, 2017
Messages
1,288
Reaction score
1,197
Looks good to me but I'm not a VLAN expert.

You might get more replies by starting a new thread around the VLAN approach you are suggesting. As long as your switched hardware supports it, what you proposed looks ok.

Sent from my ONEPLUS A3000 using Tapatalk
 
Top