VLAN & NICs & Switch "Sharing"

R

rfj

Pulling my weight
Oct 26, 2014
414
123
I currently have a managed (don't use the managed part) 48-port non-PoE switch (Switch #1) and a 16 port unmanaged PoE switch which is connected to the 48-port switch. All devices including the cameras are on the same subnet. I used to have issues with the cameras being hacked which I was able to stop by disabling UPnP and the router. However, I would like to put the cameras on a different VLAN. For that I will buy a new managed PoE switch. I will need to use some of the ports on the new switch for other non-camera devices, i.e. devices that should be on the same subnet as the devices connected to switch #1. So below is how I image this works. But I am not a networking guy so I am not sure if what I draw really works and/or if there are any concerns with such a setup.

Switch #1 is on subnet 192.168.1.xxx and only has non-camera devices.
Switch #2 has two VLANs.
VLAN #1 will "extend" the number of ports available for subnet 192.168.1.xxx and is connected to Switch #1
VLAN #2 will be on a separate subnet 192.168.2.xxx and will only have cameras connected.
VLAN #2 is connected to NIC #2 on the BI PC. From the internet, the camera streams can be accessed via BI

Any input is appreciated.


VLANSetup1.png
 
Looks fine from what you have on the drawing so far. Technically, you don't need Vlans configured on the switch. Just put the cameras on the new switch and configure the 2nd NIC on the BI machine on the new 192.168.2.X with all the cameras. That would work just fine as well while at the same time removing the complexity of VLANs from the equation.
 
  • Like
Reactions: rfj and TonyR
+1^^^.
Like this....

Network Topology 2NICs.JPG
 
  • Like
Reactions: rfj
I have a similar setup as you, from what you show in your diagram. Before recently switching to Blue Iris, I had been using Synology Surveillance Station on a Ubiquiti Unifi router and switch. I had already configured the Vlans on the Unifi router, so I left them in place when I switched to Blue Iris.
1673400187759.png
 
  • Like
Reactions: rfj and TonyR
mikeynags said:
Looks fine from what you have on the drawing so far. Technically, you don't need Vlans configured on the switch. Just put the cameras on the new switch and configure the 2nd NIC on the BI machine on the new 192.168.2.X with all the cameras. That would work just fine as well while at the same time removing the complexity of VLANs from the equation.
Click to expand...
So you are saying I can put devices that belong into different subnets on the same switch and not configure any VLAN. The switch then will figure out itself that something coming from a device that is in subnet #1 needs to be switched to the port that connects to switch #1. And if a camera that is in subnet #2 is communicating then the switch will now it needs to connect it to the port where NIC #2 is? So basically, I don't even need a switch that supports VLANs. The only advantage with VLANs is that for instance when there is a broadcast for subnet #2 then it only needs to check with ports that are associated with VLAN #2. And I guess it adds some additional security as the physical port is associated with a particular VLAN.
 
Technically yes - but the way we typically see this put together is having all the of the hosts that need to talk to each other be on the same switch & VLAN and the cameras would be on a different switch along with the 2nd NIC on your BI PC all on a different VLAN or let's call it different subnet.
 
  • Like
Reactions: rfj
@mikeynags Thanks. Ideally, I would also set it up this way but I try to keep the switches down to 2, hence one of them has to 'host' both the cams and some other devices.
 
You must log in or register to reply here.
Top Bottom