Setting up a subnet

Optimus Prime · Oct 29, 2017

Is there a thread that explains how to setup a subnet so my cameras are able to reach he internet? I've tossed my old AMD2600 and built an i7 KabyLake machine. For the next 6 months, it will be my primary computer, as well as my NVR.

Is putting cameras on another subnet as simple as changing the cameras to another IP scheme, and adding a second IP Address to my NIC? Do I need to use a different Subnet Mask? Or, do I just zero out the gateway in each camera?

Thanks for your help.

firelizard · Oct 29, 2017

I guess my first question is why do you want to create a separate subnet?

Optimus Prime · Oct 29, 2017

Great question! My understanding, unless I have misread, is that the general advice is that your home cameras should be on a different subnet. Have I mis understood?

username · Oct 31, 2017

You need another nic for a different subnet. If your NVR is a standalone device, it is providing that extra nic.

Your NVR needs to be on same subnet as cameras, or you need to provide routing info to your system. If you are doing this for security, and I presume you are, then maybe you want your NVR on the same subnet as camera's, isolated from your KabyLake.

An example of 2 subnets is 192.168.0.1 (typical router address) and subnet mask of 255.255.255.0 which gives you lan IP addresses from 192.168.0.1->.254. A 2nd subnet could be, for example, 192.168.10.1 and subnet mask of 255.255.255.0 (also written as 192.168.10.1/24) You need another nic to do that. And you need a way to tell your upstream connection, depending on how your system is set up. For example, I have a 4 port router, it has 4 nic's. 1 nic for upstream and 3 nic's for internal use. The router takes care of sending the data to the correct nic.

One area I don't understand and maybe you might find useful is to research vLan's. I don't know if they need a 2nd nic. I never tried to figure out how they work.

My cameras are not accessible from the internet, my NVR is on my lan network but a firewall blocks it from accessing the internet. I can use a VPN to get into my system and access software to view my camera's. I generally don't do that.

There may be other ways to do what you want but I am only familiar with what I wrote above. And I'm not 100% certain of the accuracy of my comments.

bp2008 · Oct 31, 2017

Optimus Prime said:
Is there a thread that explains how to setup a subnet so my cameras are able to reach he internet? I've tossed my old AMD2600 and built an i7 KabyLake machine. For the next 6 months, it will be my primary computer, as well as my NVR.

Is putting cameras on another subnet as simple as changing the cameras to another IP scheme, and adding a second IP Address to my NIC? Do I need to use a different Subnet Mask? Or, do I just zero out the gateway in each camera?

Thanks for your help.

The best way to keep the cameras off the internet is to have them on a physically separate network that has no internet access at all. By physically separate I mean connecting your PoE switch to the Kaby Lake NVR via a second NIC, and not connecting the PoE switch to the rest of your network.

That said, you don't need separate hardware to have a second subnet just for the cameras (you can add a second IP address to your NIC, like you suggested, so that one NIC can talk to both subnets). This provides no physical separation of the networks, but it should serve to keep the cameras off the internet at least.

MickPB · Apr 17, 2020

Kicking a really old thread here but it seems to be an oldy that is a goody. I want to move my cameras off the subnet that is connected to the router and the internet. I am using BLue Iris on Win of course and I don't mind (actually prefer) using manually assigned IP adresses, I have a spare NIC and wiring aleary in place to connect the extra NIC to the POE that is just for cameras. Are there any special settings required for that that network card. Anything else I need to look out for?

Thanks!

PS If anyone is wondering the cameras did seem to create enough traffic on a rainy day to affect file transfer times for other network resources. I do have them pretty cranked up for resolution and frame rate though.

Frankenscript · Apr 17, 2020

Hi @MickPB ,

I chose to do this "separate subnet" via secondary NIC as well. I wanted a completely separated network with the cameras having no path to the internet, and as well I didn't want camera bandwidth to impact file transfers around the house.

Getting it set up was remarkably easy. I plugged the second NIC into the computer, and configured it so that it would use the subnet 192.168.254.x. I set the properties for the IP and mask like this:

That was about it.

Into the NIC I configured this way, I plugged a cable that went to a plain old gigabit switch. Into that switch, I've connected a POE switch that feeds a bunch of cameras kinda nearby, as well as a couple of runs that go to OTHER places in the house where there are POE switches that feed cameras.

Other things to think about:
I had to reprogram existing cameras that were set to be on a different subnet (from my original NVR, before I Went to Blue Iris) to work on this subnet: I used a laptop that I configured manually to be on whatever subnet those cameras were originally on. That way, the laptop could talk to the cameras, reprogram them to be the IP address I wanted them to be, then have them reboot. After rebooting the cameras wouldn't see the laptop any more (since they are on another subnet now) but as soon as I hooked them up to my BI PC, they connected fine to BI.

Also, I set the BI PC to serve as a time server so the cameras could pull time periodically to stay synced. I used the built in time server function of Windows 10, and configured which port it uses, and pointed the cameras there. Good luck! Let us know how it goes.

SouthernYankee · Apr 17, 2020

Dual NIC setup on your Blue Iris Machine

In making your system more secure this is a great option to eliminate your cameras calling home / connecting to the internet This is a great place to start to setup a bit more secure network and learn more about IP/Subnets etc. before adding dual NICs: Router Security - Subnets and IP addresses...

ipcamtalk.com

MickPB · Apr 18, 2020

Thanks for the guidance. This was $20 and less than an hour well spent. I added the NIC and connected it to the POE Switch and left the POE switch connected to the router via non POE switch and was able to log in to each camera with the existing IP address and re-assign it a new static address on the same subnet as the new network card. Easy in BlueIris to change IP by camera and see them come back online.

Cameras load much faster,
File transfers are faster.
Cameras no longer access internet but I can enable a bridge if there are updates that I want.

I would recommend documenting the IP addresses if in case there is ever a need to re setup the PC and Blue Iris.

I would recommend this as part of a basic install for BI!

Optimus Prime · Apr 18, 2020

I just received my managed switch. Probably tomorrow I'll start digging in and learing how to use it.

When I create my vLan, will I likely be able to segment a set of the ports to virtually separate the network? Say ports 30-48, and accomplish the same as having a separate physical switch?

Now that I have one switch that can handle delivering POE and host all my devices, I'm not going to have a physically separate switch for the cameras but I can add a physically separate NIC to the BI Machine.

This is for my home, not a business or mission critical setup.

MickPB · Apr 18, 2020

No idea. Didn't try the vLAN. I wanted the traffic off my router as well. I don't have any other devices on the switch. Just cameras

Search

Setting up a subnet

Optimus Prime

Getting the hang of it

firelizard

n3wb

Optimus Prime

Getting the hang of it

username

Getting the hang of it

bp2008

MickPB

Getting the hang of it

Frankenscript

Known around here

SouthernYankee

Dual NIC setup on your Blue Iris Machine

MickPB

Getting the hang of it

Optimus Prime

Getting the hang of it

MickPB

Getting the hang of it