Dahua NVR5232-4KS2 - anything I should know?

[Daybreak]

Howdy,
The NVR5816/5832/5864-16P-4KS2 has 1 GIG port, and 16 10/100POE ports.
The NVR5816/5832/5864-4KS2 NON-POE, has 2 GIG ports. The ports are fully addressable. (trunking or independent)

 

[BLKMGK]

Sounds liek I'll have two ports unless I screwed up and got the POE. I can work with that either way, thanks for the clarification!

 

[ipnoob]

Sounds liek I'll have two ports unless I screwed up and got the POE. I can work with that either way, thanks for the clarification!

No you have one port, unless you got a 54 or above model.

 

[Daybreak]

Sounds liek I'll have two ports unless I screwed up and got the POE. I can work with that either way, thanks for the clarification!

Howdy,
After looking over the unit you are purchasing,.... it looks to be just 1 10/100/1000 port.

 

[BLKMGK]

Hmm, if that's the case I may not be able to VLAN these maybe. I had expected to put them on their own subnet and and keep the traffic separate. The vendor hasn't shipped yet and asked for a 20day extension (cough) so I might be able to back out. I think I can still work with this though and may just be misunderstanding how I can network it together, I'm fairly ignorant when it comes to something like VLAN. Really appreciate folks digging into the specs and helping out!

 

[nayr]

mine's running on a vlan with one ethernet port; whats the problem? an isolated subnet on a separate switch is not a vlan.. putting the NVR on two subnets dont really offer much security for either.. it should be on the same isolated lan as the cameras with a router filtering traffic between subnets.

if you dont know what your doing; then dont do it.. its not going to make you more secure if you dont understand how to handle it.. its like shooting into the dark when you hear a bump at night; you just killed your wife/kid.. (ie self defeating)

 

[BLKMGK]

I'm looking to learn, it's half the reason for swapping out all of my switches for VLAN capable hardware. I'd like the cameras on their own IP space and potentially a VLAN but also to be able to remote view via a VPN that will get an address in my normal space. Don't think I can dual home with a single NIC. The POE boxes seem to do that themselves with cameras and I ASSumed - oops. I can certainly firewall them from accessing the 'net but wasn't how I had planned it is all.

As this is for my home and for me alone, I can make mistakes. ;-)

 

[nayr]

you also need a vlan capable router, and with that there is no need for 'dual homing' anything.. devices are put on separate networks and the router, well it routes between vlan's and enforces any traffic policies you want.. (ie, block all traffic but specific ports to NVR from specific IP ranges)

just having vlan switches without a router to handle your multiple networks is kinda pointless.

 

[BLKMGK]

Seems I've got more reading to do. I can designate ports for VLAN and tag them with my hardware but sounds like that isn't enough. My PFSense box can tag and work with VLAN too but it's at the edge and shouldn't see this traffic. I could spin up something on the ESX sever but I'd prefer to keep traffic away from that since if a break-in does occur it'll be a likely casualty. If I must run a router I will, sounds like I have some learning to do. Certainly more complex than I've attempted before and possibly needlessly so but I don't mind stretching a bit. Thanks!

 

[nayr]

its your edgerouter's job to do this.. thats what mine is doing, I even have my router running as a router on a stick

im running tons of VLAN's, I isolate and firewall everything off.. Ive got one vlan for IPCameras, one for VoIP Phones, one for HomeAutomation, a kid friendly network, a public network, a routed internet network, an admin network, and a network for my wife's work equipment.. oah and I have my LAN Network with all the laptops/desktops/phones/tablets/printers/etc.

my edgerouter handles em all, it lets some networks talk to others, some networks talk to the internet only (with or without internet filtering), and other networks not talk to anything at all.

 

[BLKMGK]

Going to have to learn and bend my mind around it. I collapsed lots of my stuff into an ESX server off of desktop and other computers but not my firewall despite that being "easy". The firewall is PFSense and run on fanless x86 hardware with AES acceleration for a VPN if I can ever get it setup correctly.

My reasoning was I didn't like a single point of failure that would trash my whole setup lol. A setup similar to what you've done with fewer networks would be perfect, just have to bend my head around it. Learn best by doing so the cameras will be the first separate network. ESX will do tons of virtual networking too but I've done little of that so far. Bends the mind a little is all, I'm used to flat networks and I know I'm ignorant. I'd love a good resource to read if you have one!

In any case my hope is to separate the cameras from everything but still be able to remote view via the NVR and possibly BI. If I can do that I can separate other traffic too as needed.

Okay, this is helping and I better see your point!

 

[nayr]

what happens when your switch goes down? there's always a point of failure.. presuming the switch is up and the cameras and video recorders are all on the same network, it wont matter much if your router is down.. they will still be recording, but they wont be accessible from any other network until you get that router back up.. its not like you can even remote in if your router is down.

I learned this stuff from paper books; because back then they hadent invented the ebook.. heh

 

[BLKMGK]

This helped even more, it's sort of what I'm trying to do actually except not voip. Did voip but not enough users lol, loved Asterisk. I'm old enough to remember BBS, just not a network guy. Sadly I didn't discover Linux very early along ;-)

Point taken on the switch going down, thankfully not had that issue but I know one way to break VLAN is by flooding or overloading a switch so it's not perfect security for sure and as I understand it wasn't supposed to be but I digress even further..

 

[nayr]

that was pretty decent; the router is just another trunk/tagged device like the switch chaining.. its the firewall between the subnets, because you will want to allow certain devices to talk.. ie devices on LAN to access your video recorder, but not allowing video recorder to access LAN.. I also have a rule so my primary workstation can also access the cameras directly, so I can login to each camera and play with its settings.. but they are still well isolated, only the traffic I explicitly define is allowed to get past the firewall.

and this is where understanding, and verifying via testing comes into play.. if you dont set up this stuff right; then it can be defeated easily.

 

[TechBill]

Looking to buy a Dahua NVR, looked at the 4 series 4K but the 5 series 4K isn't much more expensive and claims to be able to handle higher bitrates. Do NOT need 32 cameras, likely not even 8, but the prices between them are little enough that I might as well - unless that can cause issues? Any reason to go with the 4 series? Starting in a few hours there will be a "Singles Day" buying day in China and Aliexpress vendors look to be teeing up for it and I'm waiting for it Thoughts before I pull the trigger? I may still use BlueIris alongside but was wanting something more appliance-like I think. This would be my first NVR, I'll be populating it with Dahua cameras.

DaHua 4K Video Surveillance NVR NVR5208 4KS2 NVR5216 4KS2 NVR5232 4KS2 8/16/32 Channels H.265-in Surveillance Video Recorder from Security & Protection on Aliexpress.com | Alibaba Group

Have you received it yet? I was told by the other seller that only Dahua "Ultra" series have the IVS features. Those Ultra only are offered in 32+ cams and I only want 8 or 16 cams NVR.

The one you are looking at is the Dahua "Pro" series and seller told me there no IVS on the pro series. I don't think Seller was just trying to sell me the Ultra series because he can get the Pro series as well too.

If you received it, please let us know if it have a IVS features in its firmware.

Thank you
Bill

 

[nayr]

Ive got a 4216-4k; basically a lite model and it has IVS on a specific firmware version.. know the older 4216 (non-4k) also has a firmware for it too.

 

[TechBill]

Ive got a 4216-4k; basically a lite model and it has IVS on a specific firmware version.. know the older 4216 (non-4k) also has a firmware for it too.

Is firmware widely available for download if the NVR I received doesn't have a IVS menu in it?

Bill

 

[nayr]

no

 

[TechBill]

no

So it come down to which seller you buy it from? Like shooting at a crap table hoping the odd is on your side

Bill

 

[TechBill]

I found a seller with NVR5232 but no PoE and single Ethernet port only but seller page spec claim it have IVS feature in it. I sent off a PM to the seller asking them to take a picture of the IVS configuration menu to verify it does have IVS.

Bill