Newbie Vlan Question

Renro

n3wb
Joined
Jan 23, 2017
Messages
12
Reaction score
8
So I've read many times the wiki cliff notes and more confused than ever. Do I need to have a Vlan setup for my Dahua cameras?

My setup will consist of the following:
Modem ->Netgear WNDR4500 (upgrading this to Asus router w/VPN) ->Netgear unmanaged 24 switch ->BI PC ->BV-Tech 10 Port POE ->7 Dahua Cameras

I've read where some have used a second NIC but my Dell Optiplex 9020 does not have an extra slot to have one. So will VPN suffice? Or do i need to acquire a switch to setup Vlan?

Sorry, i'm very news to this and parts are coming and it feels like I dont have the proper equipment on hand and i'm starting to stress.
 

tangent

IPCT Contributor
Joined
May 12, 2016
Messages
4,342
Reaction score
3,524
So I've read many times the wiki cliff notes and more confused than ever. Do I need to have a Vlan setup for my Dahua cameras?

My setup will consist of the following:
Modem ->Netgear WNDR4500 (upgrading this to Asus router w/VPN) ->Netgear unmanaged 24 switch ->BI PC ->BV-Tech 10 Port POE ->7 Dahua Cameras

I've read where some have used a second NIC but my Dell Optiplex 9020 does not have an extra slot to have one. So will VPN suffice? Or do i need to acquire a switch to setup Vlan?

Sorry, i'm very news to this and parts are coming and it feels like I dont have the proper equipment on hand and i'm starting to stress.
No you don't need vlans.

If you want to isolate your cameras from the rest of your network, just put a second NIC in your BI PC and connect your PoE switch and cameras to that. You could even use a usb etherent adapter.

You don't have to isolate your cameras from other devices on your network, but it can be a good idea.

What form factor is your 9020? What's in the PCI-E slot(s)?
 

Renro

n3wb
Joined
Jan 23, 2017
Messages
12
Reaction score
8
No you don't need vlans.

If you want to isolate your cameras from the rest of your network, just put a second NIC in your BI PC and connect your PoE switch and cameras to that. You could even use a usb etherent adapter.

You don't have to isolate your cameras from other devices on your network, but it can be a good idea.

What form factor is your 9020? What's in the PCI-E slot(s)?

I’d like to isolate my cameras if possible as it has been mentioned in this forum. But to answe your question, the 9020 is a SFF and based on the specs I’ve seen not extra PCI-E slot is on the motherboard.

But with regards to using a usb Ethernet adapter as my second NIC is genius. Is this something that actually functions as a second PCI-E. If so, that would definetly work to isolate my cameras.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I’d like to isolate my cameras if possible as it has been mentioned in this forum. But to answe your question, the 9020 is a SFF and based on the specs I’ve seen not extra PCI-E slot is on the motherboard.

But with regards to using a usb Ethernet adapter as my second NIC is genius. Is this something that actually functions as a second PCI-E. If so, that would definetly work to isolate my cameras.
You dont need to isolate the cameras from the network, you can simply block internet access for them. Done. I would avoid usb ethernet.
 

Walrus

Getting comfortable
Joined
Nov 19, 2018
Messages
593
Reaction score
449
Location
Ontario
I googled Dell Optiplex 9020 SFF, and it looks like it should have two PCI slots (PCI Express x16 and PCI Express x4). You could put in a 2nd card in one of those.
 

tangent

IPCT Contributor
Joined
May 12, 2016
Messages
4,342
Reaction score
3,524
You do probably need a low profile nic or low profile adapter for a nic (some nic's include this in the box). If it's USFF then it wouldn't have any slots or accommodate 3.5" drives
 

Walrus

Getting comfortable
Joined
Nov 19, 2018
Messages
593
Reaction score
449
Location
Ontario
Link to what you bought? Might be able to tell from there.
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
So I've read many times the wiki cliff notes and more confused than ever. Do I need to have a Vlan setup for my Dahua cameras?

My setup will consist of the following:
Modem ->Netgear WNDR4500 (upgrading this to Asus router w/VPN) ->Netgear unmanaged 24 switch ->BI PC ->BV-Tech 10 Port POE ->7 Dahua Cameras

I've read where some have used a second NIC but my Dell Optiplex 9020 does not have an extra slot to have one. So will VPN suffice? Or do i need to acquire a switch to setup Vlan?

Sorry, i'm very news to this and parts are coming and it feels like I dont have the proper equipment on hand and i'm starting to stress.
You don't have to go all way long with vlans on all network devices. You can go "full end vlan" where all you network devices are vlan-capable (and having even vlan tagging on the network card in your BI pc, if that one supports it - see as example How do I set a virtual local area network (VLAN) tag with my network card in Windows? | FAQ | StarTech.com). By doing so, you can full "separate" all traffic in these vlans over all your devices, but it requires an upfront investment (eg. in managed switched).

So like all other members stated: you are not obliged to go for vlans, but there are possible in-betweens.

For me, you have the following options:
1) stick with 1 network card, which means you have one flat network
2) or- add 1 network card in the bi pc, which creates a "physically" separated network (plan to say), make sure there is no connection from the POE switch to your internet router. You'll use VPN to get to your BI pc (and you'll never can access your cams directly)
3) or add an Edgerouter (for example low end X for example), which is able to create vlans IN the edgerouter, but assign untagged vlan in/outputs on the ethernet ports. To these ports, you physically connect your POE switch (which falls into one vlan) and you connect your BI pc (which falls into another vlan). Within the Edgerouter you define only 1 rule for your BI pc (and other VPN devices if you want/like) to touch your internal CAM vlan. Note: your downstream devices (eg POE switch) do not need to be vlan-capable - which saves some bucks. Also note: EdgerouterX costs $50.
4) or go for all-way-long, in which you "upgrade" all your devices to managed systems which are vlan capable, but then if someone plugs in a device into a free-POE-switch slot, they'll end up in a dead-ended-vlan.

Do you need to go to level 4? No. But stating that vlans are overrated and not required is, in my humble opinion, not so 2019. It all depends to your requirements, the flexibility and the security level you want to achieve (and which makes you comfortable). The good news is: you have lots of options to pick from! :)

Hope this helps!
CC
 

tangent

IPCT Contributor
Joined
May 12, 2016
Messages
4,342
Reaction score
3,524
That has 2 low profile PCI-e slots. Note the link above takes to to a similar, larger, mini-tower item since the auction has ended
 
Top