So I've read many times the
wiki cliff notes and more confused than ever. Do I need to have a Vlan setup for my Dahua cameras?
My setup will consist of the following:
Modem ->Netgear WNDR4500 (upgrading this to Asus router w/VPN) ->Netgear unmanaged 24 switch ->BI PC ->BV-Tech 10 Port POE ->7 Dahua Cameras
I've read where some have used a second NIC but my Dell Optiplex 9020 does not have an extra slot to have one. So will VPN suffice? Or do i need to acquire a switch to setup Vlan?
Sorry, i'm very news to this and parts are coming and it feels like I dont have the proper equipment on hand and i'm starting to stress.
You don't have to go all way long with vlans on all network devices. You can go "full end vlan" where all you network devices are vlan-capable (and having even vlan tagging on the network card in your BI pc, if that one supports it - see as example
How do I set a virtual local area network (VLAN) tag with my network card in Windows? | FAQ | StarTech.com). By doing so, you can full "separate" all traffic in these vlans over all your devices, but it requires an upfront investment (eg. in managed switched).
So like all other members stated: you are not obliged to go for vlans, but there are possible in-betweens.
For me, you have the following options:
1) stick with 1 network card, which means you have one flat network
2) or- add 1 network card in the bi pc, which creates a "physically" separated network (plan to say), make sure there is no connection from the POE switch to your internet router. You'll use VPN to get to your BI pc (and you'll never can access your cams directly)
3) or add an Edgerouter (for example low end X for example), which is able to create vlans IN the edgerouter, but assign untagged vlan in/outputs on the ethernet ports. To these ports, you physically connect your POE switch (which falls into one vlan) and you connect your BI pc (which falls into another vlan). Within the Edgerouter you define only 1 rule for your BI pc (and other VPN devices if you want/like) to touch your internal CAM vlan. Note: your downstream devices (eg POE switch) do not need to be vlan-capable - which saves some bucks. Also note: EdgerouterX costs $50.
4) or go for all-way-long, in which you "upgrade" all your devices to managed systems which are vlan capable, but then if someone plugs in a device into a free-POE-switch slot, they'll end up in a dead-ended-vlan.
Do you need to go to level 4? No. But stating that vlans are overrated and not required is, in my humble opinion, not so 2019. It all depends to your requirements, the flexibility and the security level you want to achieve (and which makes you comfortable). The good news is: you have lots of options to pick from!
Hope this helps!
CC