VLAN vs. multiple LANs
A networking question for you experts...I've been using SS for several years without issues (self-installed/self-taught but its working) and planning a home network upgrade with a rack, new switches, M1 Mini, etc., so I've been reading about network security and isolating IP cams, as Ben mentions in his tutorials.
Specifically regarding the "Segregating IP cameras on their own LAN" section on the Bensoft web site:
1. On page 2, the diagram shows two LAN subnets - one for cameras and one for "other stuff," each with their own switch. Are these the equivalent of VLANs, meaning I could just use one large enough PoE switch for everything and create two VLANs by switch management?
2. If I could, in fact, do that, how is the Mini configured to be accessible to each subnet?Would I still need two ethernet ports and have each one configured to its own VLAN port number?
3. The Mac Mini World web site says I can add multiple IP addresses by System Preferences - Network - clicking + and filling in the details. I assume that configures a different physical port than the single ethernet port, like an ethernet adapter attached to one of the USC-C ports?
Suggestions and advice are welcome! Thanks in advance...
Specifically regarding the "Segregating IP cameras on their own LAN" section on the Bensoft web site:
1. On page 2, the diagram shows two LAN subnets - one for cameras and one for "other stuff," each with their own switch. Are these the equivalent of VLANs, meaning I could just use one large enough PoE switch for everything and create two VLANs by switch management?
2. If I could, in fact, do that, how is the Mini configured to be accessible to each subnet?Would I still need two ethernet ports and have each one configured to its own VLAN port number?
3. The Mac Mini World web site says I can add multiple IP addresses by System Preferences - Network - clicking + and filling in the details. I assume that configures a different physical port than the single ethernet port, like an ethernet adapter attached to one of the USC-C ports?
Suggestions and advice are welcome! Thanks in advance...
Comments
-
You can indeed use VLANs to achieve the benefits described in our blog post Segregating IP Cameras on their own LAN. The reason why our article recommends physically separate networks is because this layout is easy to understand and set up, and it also has benefits in terms of speed (bandwidth is not shared between the separate networks). On the other hand, VLANs can be complicated to set up, especially for the average user.
You don't need multiple cables/ports to connect your Mac to multiple VLANs. I think the best setup here (assuming your switch supports this) is to set up "tagged VLANs", whereby each VLAN is associated with a particular tag that your switch will provide. In the switch, the port to which you connect the Mac should be configured as a member of all VLANs, and you set up virtual interfaces in macOS, each with the tag to the VLAN(s) you want the Mac to be able to connect to. -
Thanks - makes sense to me. Looks like I can go either way to accomplish the same thing. I do, however, like your diagrammed method of using two physical switches (one "regular" and one PoE) to physically separate the different LAN sections. If one goes out, the other would still be operational and my entire network wouldn't be dependent on a single piece of hardware. Plus, as you mentioned, it may be more cost effective to only buy as large of a PoE switch as I need for the IP cameras.
-
Yes, those are also very good points about redundancy and cost. Overall, there are many advantages of going the route of two physically separate networks and I personally prefer this configuration. The main downside is the requirement for two Ethernet interfaces on the Mac, though this is quite easy to overcome with USB adaptors.
