How to setup 20 cameras?

[aMike101]

I'm using PFsense and was wondering how you guys setup your IP cameras, Pfsense is 192.168.1.1 DHCP range is from 192.168.1.2 -192.168.1.49

Do you set static IP for each camera such as 192.168.1.50 -192.268.1.70

 

[TonyR]

I'm using PFsense and was wondering how you guys setup your IP cameras, Pfsense is 192.168.1.1 DHCP range is from 192.168.1.2 -192.168.1.49

Do you set static IP for each camera such as 192.168.1.50 -192.268.1.70

Yes, since .50 to .70 it outside the range of its DHCP pool.
Personally, for my network I set my router's DHCP pool from .2 to .199 and take .200 to .254 for my static needs.....YMMV

 

[aMike101]

I can't use 192.168.2.xxx can i.

 

[TonyR]

I can't use 192.168.2.xxx can i.

Being that it's in a different subnet and not being a pfsense user, I will let someone who is answer your question.
That being said, if it's capable of VLAN operation then you could likely accomodate that.

Are you wanting to isolate your cameras from the Internet?

 

[mattp]

I'm using PFsense and was wondering how you guys setup your IP cameras, Pfsense is 192.168.1.1 DHCP range is from 192.168.1.2 -192.168.1.49

Do you set static IP for each camera such as 192.168.1.50 -192.268.1.70

I use 2 IP addresses for my Blue Iris setup. 192.168.1.* is my home network and 192.168.2.* is my camera network. The computer has an ethernet plug on the motherboard that I use for the cameras on the 192.168.2.* (all static IP). I added a separate ethernet card to the computer to connect to my home network.

It's preferable to do it this way to isolate the camera system from the internet...At least that's what I read on here.

 

[concord]

As mattp stated above, the easiest is to use two network cards (which I do also).

However, with PFSense, the alternative is to use VLANs using one network interface on your pfsense box or if your box has multiple network interfaces, use one of the extra interfaces for camera network. Then deny all (access to outside network) on camera VLAN/network, then only allow traffic from your Blue Iris system to camera network only. Also, you will need to set up the NTP server. There are plenty youtube videos that can help, here are the docs:

Virtual LANs (VLANs) — VLAN Configuration | pfSense Documentation

docs.netgate.com

Services — NTPD — NTP Server Configuration | pfSense Documentation

docs.netgate.com

 

[aMike101]

Firewall is the the easiest way to block what do i need a NTP server for?

 

[mattp]

Firewall is the the easiest way to block what do i need a NTP server for?

I suppose you don't, but some like to have the time pulled from the server (which syncs to the correct time). That way if there's ever an issue (need footage for legal reasons) the timestamps match. Over time the cameras will lose the correct time.

 

[concord]

Firewall is the the easiest way to block what do i need a NTP server for?

If you plan to turn on the time/date information of each camera, they tend to drift. To keep the time on your cameras up to date. When setting up the cam, you can point to the NTP server (I believe it uses port 123). Note that others that use the two network card method install a NTP server program on their BI system.

NetTime - Network Time Synchronization Tool

 

[mikeynags]

I suppose you don't, but some like to have the time pulled from the server (which syncs to the correct time). That way if there's ever an issue (need footage for legal reasons) the timestamps match. Over time the cameras will lose the correct time.

Many here run this NTP server. Real easy to setup.

NetTime - Network Time Synchronization Tool

Sent from my iPhone using Tapatalk

 

[mattp]

Many here run this NTP server. Real easy to setup.

NetTime - Network Time Synchronization Tool

Sent from my iPhone using Tapatalk

I think that's the one I'm running.

 

[The Automation Guy]

pfSense can run a NTP service at the firewall level. That's what I do and then I point the individual devices to it. There are lots of times that I don't want devices on the network accessing the firewall, but I'll allow certain ports through as needed (NTP, DNS, etc, etc). So while my cameras can't access the firewall or GUI, devices can pull NTP data from port 123 so that all of my cameras are on the correct time and in sync with each other.

 

[aMike101]

If you plan to turn on the time/date information of each camera, they tend to drift. To keep the time on your cameras up to date. When setting up the cam, you can point to the NTP server (I believe it uses port 123). Note that others that use the two network card method install a NTP server program on their BI system.

NetTime - Network Time Synchronization Tool

The time BI puts on my cameras is sync from my PC so i don't get why you would ever need a NTP server?

 

[mattp]

The time BI puts on my cameras is sync from my PC so i don't get why you would ever need a NTP server?

Good question. Reading through this forum there is a thought that if the computer places the overlay, then the video is "altered" and could be inadmissible because it has been tampered with. If the camera places the timestamp, it's not "altered" video. That's the logic, but I don't know if there have been cases where video has been thrown out because a BI computer timestamped the video...Anyone have any examples of this happening?

 

[Flintstone61]

When I upload my videos to the Ramsey County Sheriff portal, there have been no complaints either way. Most of my Condo Cams are using the BI time overlay so that the seconds are exactly the same as subjects pass from scene to scene or camera to camera.....When I was using the camera's time with occasional internet connection drop outs, they'd be screwy, plus the daylight savings time in the cam would Murphy's Law me when crucial evidence was needed.
Some people dont like my methodology....fuck it.

 

[mikeynags]

The time BI puts on my cameras is sync from my PC so i don't get why you would ever need a NTP server?

Keep in mind, there is a performance hit to having BI put the time in the overlay. I have my cameras all time stamp themselves and I remove the overlays from all the cameras. That's why I run NTP - in addition to everything else on my network that needs NTP.

 

[JNDATHP]

For low level misdemeanors I wouldn’t expect a challenge from a defense lawyer. That being said, if a defense lawyer needs/wants the camera footage thrown out, and they can show that BI altered the video to put a time stamp overlay on the video, they will usually succeed in many jurisdictions.

 

[The Automation Guy]

I'm using PFsense and was wondering how you guys setup your IP cameras, Pfsense is 192.168.1.1 DHCP range is from 192.168.1.2 -192.168.1.49

Do you set static IP for each camera such as 192.168.1.50 -192.268.1.70

That is how I do it. It certainly isn't the easiest way of doing it, but I like to have my individual devices set up for DHCP in case something goes wrong and I need to troubleshoot. This way I know the device will present itself on any network (perhaps I am bench testing a flaky device, etc). However I also really like the idea of having a "known" assigned IP address for each device as well. This way I know that I can always log into my device's GUIs on a known IP address that won't change if the power goes out and/or the network is reset for some reason.

Therefore I set my devices up for DHCP, but then I reserve static IP addresses using pfSense (but this technique works on any router). Of course this takes more time to set up each device initially, and honestly it is probably a waste of time to do it this way, but it's how I handle it - right or wrong. I usually set my DHCP range for something small and at the end of my IP range - perhaps 230-254, The rest of the IP range is used for these reserved/static IP addresses. If you really do go in and assign these reserved/static addresses for all your devices, you will find very few devices use DHCP - usually just new or guest devices. Therefore your DCHP range can be pretty small. I usually only have 3-8 devices using DHCP on my network at any given time (and I have about 100 devices with reserved static IP addresses spread out across 7 different VLANs) .

I did try to think about my IP ranges and reserved devices before I started and haven been able to hold on to these plans for the most part. For example on my camera VLAN, each side of the house gets an IP range and I reserve individual cameras in that range. So the front of the house might be 11-20, the right side 21-30, back 31-40, left side 41-50, interior cameras 51-60, etc, etc, etc. You could also break it up into rooms if needed, etc, etc, etc. There is no need to do this, but I like the structure it provides. Personally I don't want to see devices assigned IP addresses in random order based on when I purchased the device. I want to see devices grouped together in what I would consider a logical order.

There is no right or wrong way of doing this and my way is probably NOT normal.