Request: Just a short video in the same vain as the IoT/VLAN segmentation videos for PFSense but specifically for the cameras. I noticed you had a separate VLAN for just the cameras so they don’t get internet. I understand that completely but am a little curious how you handle the NVR or whatever “controller” you have for the camera. I personally use Blueiris and am curious whether that box would be on the LAN or the CamVLAN…
Setup the Blue Iris the same as the Synology as I covered that in this video
1 Like
If you have a box with multiple NICs you just put one on the CAM vlan and the other on main vlan.
My rules are setup such that, my CAM vlan cannot access the other vlans and WAN but other vlans can access the CAM vlan if I want to view the footage.
If you only had one NIC just add an exception allowing access to the NVR IP and port. IMO if you suss out a suite of rules that can work on all your vlans adding the odd exception then it becomes much easier to troubleshoot when things fail.
1 Like
Thanks everyone! I actually have an old Synology 1813+ which was my everything box before i upgraded to a larger Unraid server. Do you have strong opinions between Synology and Blue Iris as an NVR? I originally went the Blue Iris route because i went down the rabbit hole with Deepstack and AI detection, but it was involved…(example Blue Iris + Deepstack BUILT IN! Full Walk Through - Go from beginner to expert in one video. - YouTube). Ideally i would like, eventually, events to be triggered on the Home Automation system from camera triggers, and curious if segmenting it on a 3rd VLAN would make that debilitatingly more difficult. to @neogrid suggestion: i think it has a single NIC, but i’ll check, i suppose adding a PCI double NIC wouldn’t be terrifically difficult. think it would be worth it?
If you have the same the synology box as the one I saw it has 4 ports round the back. As for a solution, you can run multiple options synology / Blue Iris etc at the same time so just compare them.
I have a QNAP box for my CAMs, what I have noticed over the years is that these “fancy” features are now being charged extra for, I don’t pay for them so I get so many false positives as to render the alerts useless, a leaf blowing past, a cat strolling … AI could be handy but not for the monthly fee.
If you do have 4 network ports you can them into a LAGG connection to your switch if you are worried about too much traffic (though I doubt you will saturate one link let alone two).
of course! what a great point! I believe you’re right. I think my old 1512+ had 2 ports and this one 4. I’ve only ever used 2, this whole world of segmenting is very new to me:)
That’s the second time you used LAGG, i will need to look into this further. I like the idea of having one NIC for LAN and one for CAMVLAN. I can’t fully conceptualize how i’d set that up, but obviously it’ll be possible with a little elbow grease.
As for the Deepstack. It’s opensource…for now. I paid for a lifetime subscription to BI so that’s a sunk cost at this point. It was involved but not impossible to set up (actually the BlueIris portion was more difficult) and it integrates with MQTT which i think is my key to integrating the cameras with my home automation. Just fyi…