IP cam network separation?

T

TobiasF

Young grasshopper
Nov 10, 2024
70
8
Germany
For simplicity currently my IP cams are on my "standard network" together with by Blue Iris server and other devices. I want to separate the network of the IP cams but I am not yet sure which direction to go.

a) I could put al IP cams in a dedicated VLAN and connect this additionally to the BI machine that also is connected to the standard network incl. domain controller.

The advantage is that I do not need to do anything specific on the standard network to get access DC or BI.
I lose the simple possibility to directly connect to the IP cams.

b) I could run both, IP cams and BI in a dedicated sub-net and do L3 routing incl. access control between the networks.
The advantage is that I do not lose the direct access the IP cams but I need a more complex network configuration.

c) A combination of a and b. I leave BI on the standard network and put the IP cams in a separate network like a. But route the "cam network" on a layer 3 switch to the standard network and use access lists for control. By doing so I can get the advantage of a and b.

visualization of c
(symbolic view. Functions of L3 routing and L2 switching could be combined in one device)
1766168143893.png
Any recommendation?
How are you doing it?
 
Last edited:
Cams are on their own switch(es) along with a cable to the BI server NIC #1. There is a second NIC (#2) in the BI server that connects to the "standard network".

This allows access to the BI services. I also run Tight VNC server on the BI NIC#2 interface, which allows me to remote in to the BI desktop and then connect to the camera GUI when I do not want to sit at the keyboard/monitor of the BI machine.
 
  • Like
Reactions: gwminor48 and alastairstevenson
SpacemanSpiff said:
Cams are on their own switch(es) along with a cable to the BI server NIC #1. There is a second NIC (#2) in the BI server that connects to the "standard network".
Click to expand...
Thank you.
This is what I describe with (a). If they are directly physically connected or via VLAN I consider as the same network connection scenario.
 
TobiasF said:
Thank you.
This is what I describe with (a). If they are directly physically connected or via VLAN I consider as the same network connection scenario.
Click to expand...

No, dual NIC and VLAN are two separate methodologies all together.

With a VLAN, every device is going thru that router. One has to set up the router to manage the VLAN. Some VLAN routers are more complicated than others to set up.

With a dual NIC, the cameras are off on one ethernet card and completely isolated from the other system.

I have more than 4 POE switches scattered around and still dual NIC. No other home devices are connected to the switches the cameras are connected to.

The dual NIC is cheaper and faster, and depending on the number of cameras, better than VLANs (although true VLAN users will refute it).

For example, the EdgeRouter X is claimed to be somewhere between 800Mbps to 1Gbps, but you see tests all over where people are only getting in the 700Mbps range.

On my isolated NIC, my cameras are streaming non-stop almost 500Mbps. This is full-on, never stopping to take a breath. Even if someone has a gigabit router, a 3rd to over half of non-buffering 24/7 data will impact its speed.

I would just as soon not have that much video data going thru a device if it doesn't need to. Has to slow the system down.

1766171396877.png
 
  • Like
Reactions: alastairstevenson and TobiasF
wittaj said:
No, dual NIC and VLAN are two separate methodologies all together.
Click to expand...

Thank you for the picture and the explanation.
The point of having a physically separated network is clear to me.

I guess my statement regarding VLAN and physical network as equal was misleading. I was referring to my three scenarios a, b and c. THe physical separation brings additional advantages as you have described.
 
  • Like
Reactions: alastairstevenson
If you have the knowledge & resources, you certainly could provision a single managed switch into multiple VLANS, use two NIC's in the BI machine and keep the two networks separate. However, if the one switch fails... everything connected to it stops, as well.

Instead, many here will use several smaller switches, and if one fails... significantly less chance of 'everything' ceasing operation
 
  • Like
Reactions: TobiasF
You must log in or register to reply here.
Top Bottom