Newbie Vlan Question

Renro

Renro

n3wb
Jan 23, 2017
12
8
So I've read many times the wiki cliff notes and more confused than ever. Do I need to have a Vlan setup for my Dahua cameras?

My setup will consist of the following:
Modem ->Netgear WNDR4500 (upgrading this to Asus router w/VPN) ->Netgear unmanaged 24 switch ->BI PC ->BV-Tech 10 Port POE ->7 Dahua Cameras

I've read where some have used a second NIC but my Dell Optiplex 9020 does not have an extra slot to have one. So will VPN suffice? Or do i need to acquire a switch to setup Vlan?

Sorry, i'm very news to this and parts are coming and it feels like I dont have the proper equipment on hand and i'm starting to stress.
 
Renro said:
So I've read many times the wiki cliff notes and more confused than ever. Do I need to have a Vlan setup for my Dahua cameras?

My setup will consist of the following:
Modem ->Netgear WNDR4500 (upgrading this to Asus router w/VPN) ->Netgear unmanaged 24 switch ->BI PC ->BV-Tech 10 Port POE ->7 Dahua Cameras

I've read where some have used a second NIC but my Dell Optiplex 9020 does not have an extra slot to have one. So will VPN suffice? Or do i need to acquire a switch to setup Vlan?

Sorry, i'm very news to this and parts are coming and it feels like I dont have the proper equipment on hand and i'm starting to stress.
Click to expand...
No you don't need vlans.

If you want to isolate your cameras from the rest of your network, just put a second NIC in your BI PC and connect your PoE switch and cameras to that. You could even use a usb etherent adapter.

You don't have to isolate your cameras from other devices on your network, but it can be a good idea.

What form factor is your 9020? What's in the PCI-E slot(s)?
 
  • Like
Reactions: Renro
tangent said:
No you don't need vlans.

If you want to isolate your cameras from the rest of your network, just put a second NIC in your BI PC and connect your PoE switch and cameras to that. You could even use a usb etherent adapter.

You don't have to isolate your cameras from other devices on your network, but it can be a good idea.

What form factor is your 9020? What's in the PCI-E slot(s)?
Click to expand...


I’d like to isolate my cameras if possible as it has been mentioned in this forum. But to answe your question, the 9020 is a SFF and based on the specs I’ve seen not extra PCI-E slot is on the motherboard.

But with regards to using a usb Ethernet adapter as my second NIC is genius. Is this something that actually functions as a second PCI-E. If so, that would definetly work to isolate my cameras.
 
Renro said:
I’d like to isolate my cameras if possible as it has been mentioned in this forum. But to answe your question, the 9020 is a SFF and based on the specs I’ve seen not extra PCI-E slot is on the motherboard.

But with regards to using a usb Ethernet adapter as my second NIC is genius. Is this something that actually functions as a second PCI-E. If so, that would definetly work to isolate my cameras.
Click to expand...
You dont need to isolate the cameras from the network, you can simply block internet access for them. Done. I would avoid usb ethernet.
 
  • Like
Reactions: Renro
I googled Dell Optiplex 9020 SFF, and it looks like it should have two PCI slots (PCI Express x16 and PCI Express x4). You could put in a 2nd card in one of those.
 
  • Like
Reactions: Renro
You do probably need a low profile nic or low profile adapter for a nic (some nic's include this in the box). If it's USFF then it wouldn't have any slots or accommodate 3.5" drives
 
Renro said:
So I've read many times the wiki cliff notes and more confused than ever. Do I need to have a Vlan setup for my Dahua cameras?

My setup will consist of the following:
Modem ->Netgear WNDR4500 (upgrading this to Asus router w/VPN) ->Netgear unmanaged 24 switch ->BI PC ->BV-Tech 10 Port POE ->7 Dahua Cameras

I've read where some have used a second NIC but my Dell Optiplex 9020 does not have an extra slot to have one. So will VPN suffice? Or do i need to acquire a switch to setup Vlan?

Sorry, i'm very news to this and parts are coming and it feels like I dont have the proper equipment on hand and i'm starting to stress.
Click to expand...

You don't have to go all way long with vlans on all network devices. You can go "full end vlan" where all you network devices are vlan-capable (and having even vlan tagging on the network card in your BI pc, if that one supports it - see as example How do I set a virtual local area network (VLAN) tag with my network card in Windows? | FAQ | StarTech.com). By doing so, you can full "separate" all traffic in these vlans over all your devices, but it requires an upfront investment (eg. in managed switched).

So like all other members stated: you are not obliged to go for vlans, but there are possible in-betweens.

For me, you have the following options:
1) stick with 1 network card, which means you have one flat network
2) or- add 1 network card in the bi pc, which creates a "physically" separated network (plan to say), make sure there is no connection from the POE switch to your internet router. You'll use VPN to get to your BI pc (and you'll never can access your cams directly)
3) or add an Edgerouter (for example low end X for example), which is able to create vlans IN the edgerouter, but assign untagged vlan in/outputs on the ethernet ports. To these ports, you physically connect your POE switch (which falls into one vlan) and you connect your BI pc (which falls into another vlan). Within the Edgerouter you define only 1 rule for your BI pc (and other VPN devices if you want/like) to touch your internal CAM vlan. Note: your downstream devices (eg POE switch) do not need to be vlan-capable - which saves some bucks. Also note: EdgerouterX costs $50.
4) or go for all-way-long, in which you "upgrade" all your devices to managed systems which are vlan capable, but then if someone plugs in a device into a free-POE-switch slot, they'll end up in a dead-ended-vlan.

Do you need to go to level 4? No. But stating that vlans are overrated and not required is, in my humble opinion, not so 2019. It all depends to your requirements, the flexibility and the security level you want to achieve (and which makes you comfortable). The good news is: you have lots of options to pick from! :)

Hope this helps!
CC
 
  • Like
Reactions: iseeker and Renro
That has 2 low profile PCI-e slots. Note the link above takes to to a similar, larger, mini-tower item since the auction has ended
 
  • Like
Reactions: Renro
You must log in or register to reply here.
Top Bottom