Ip Cameras and network traffic

nambi

Young grasshopper
Joined
Jul 2, 2014
Messages
96
Reaction score
3
I'm planning on setting up an IPCAM system currently it will be small 6 cams, I will eventually expand to 26.

My current network at my office is a 192.168.1.* network, would I also use this this same subnet for my cameras?

or is it best practice to setup another subnet? If I put all cams on the same subnet, 192.168.1.* but the NVR and the cams are all on a seperate switch (POE) would this reduce overall network traffic on the whole network?


Thank You.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
10,524
Reaction score
8,625
Location
USA
Well another subnet does have its benefits. Makes it a fair bit harder for the cameras to open holes in your firewall with UPNP and whatnot. Also makes it harder for them to connect to the manufacturer's website for whatever reason cameras do that. I hate it when cameras do these things!

But it won't reduce "overall network traffic". Switches are smart enough to only send packets where they need to go, so the cameras will have practically no impact on the performance of the unrelated parts of the network.

One thing that would be advisable though with 26 cams is to use gigabit switches for the network backbone. Most importantly, the NVR should be connected to a gigabit switch. The NVR could easily exceed 100 Mbps of constant throughput and spike even higher whenever you start remote viewing. It is okay to have cheaper non-gigabit PoE switches for the cameras as long as they link back to a gigabit network so you aren't oversaturating any one link.
 

code2

Getting the hang of it
Joined
Mar 9, 2015
Messages
490
Reaction score
79
Location
The wild wild west
Well another subnet does have its benefits. Makes it a fair bit harder for the cameras to open holes in your firewall with UPNP and whatnot. Also makes it harder for them to connect to the manufacturer's website for whatever reason cameras do that. I hate it when cameras do these things!

But it won't reduce "overall network traffic". Switches are smart enough to only send packets where they need to go, so the cameras will have practically no impact on the performance of the unrelated parts of the network.

One thing that would be advisable though with 26 cams is to use gigabit switches for the network backbone. Most importantly, the NVR should be connected to a gigabit switch. The NVR could easily exceed 100 Mbps of constant throughput and spike even higher whenever you start remote viewing. It is okay to have cheaper non-gigabit PoE switches for the cameras as long as they link back to a gigabit network so you aren't oversaturating any one link.
You wouldn't need switches as stated above. But you will need another router to which will route the camera network to the main network for internet.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
10,524
Reaction score
8,625
Location
USA
No need for another router. To make another subnet you just assign the cameras addresses in a different range.
 

code2

Getting the hang of it
Joined
Mar 9, 2015
Messages
490
Reaction score
79
Location
The wild wild west
No need for another router. To make another subnet you just assign the cameras addresses in a different range.

I don't see how that will work with one router.

For example my router is issuing 10.0.1.x

On my cameras they are given a static that I choose example
10.0.1.125

changing the sub to say 10.0.2.125 does nothing but take it offline you need that second router.
 

nambi

Young grasshopper
Joined
Jul 2, 2014
Messages
96
Reaction score
3
I agree, my router is only going to assign a single range, unless I a second router on a managed switch then I don't see how this is doable.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
10,524
Reaction score
8,625
Location
USA
Lets assume your router's ip address is 192.168.1.1 which means when a device gets an automatic address assignment through DHCP, it is in the 192.168.1.x range. You can assign your cameras static IP addresses in the 192.168.2.x range, and they will effectively be in their own subnet separate from the rest of your devices that use DHCP.

The cameras will not be able to access the internet. In order for a PC or NVR to access the cameras, it will need to have an address in the 192.168.2.x range. PCs can have more than one address assigned to a single network interface, so the same PC can belong to both subnets without needing extra hardware. This can all be done without any extra hardware whatsoever. Of course this means there is no real isolation between the subnets, and any device on the network could be configured such that it belonged to both address ranges. A proper solution with another router or managed switch could be configured with better access control.
 

code2

Getting the hang of it
Joined
Mar 9, 2015
Messages
490
Reaction score
79
Location
The wild wild west
Lets assume your router's ip address is 192.168.1.1 which means when a device gets an automatic address assignment through DHCP, it is in the 192.168.1.x range. You can assign your cameras static IP addresses in the 192.168.2.x range, and they will effectively be in their own subnet separate from the rest of your devices that use DHCP.

The cameras will not be able to access the internet. In order for a PC or NVR to access the cameras, it will need to have an address in the 192.168.2.x range. PCs can have more than one address assigned to a single network interface, so the same PC can belong to both subnets without needing extra hardware. This can all be done without any extra hardware whatsoever. Of course this means there is no real isolation between the subnets, and any device on the network could be configured such that it belonged to both address ranges. A proper solution with another router or managed switch could be configured with better access control.

Thats a inefficient work around to be honest. In the end you may put what ever you want for static ip but you will need to have to change you IP on a main computer or have a second just for the cameras and to access them. Doing it the right way without having to do all that and this is by using a second router
 
Last edited by a moderator:

paarlberg

Getting the hang of it
Joined
Apr 21, 2014
Messages
353
Reaction score
67
With multiple subnets/vlans you will need a router in the middle capable of layer3 routing. Only a router can break up broadcast domains, so a non-layer3 switch will not do the trick. If your current router can support vlans, then you will be ok. If not, routing between the 2 networks will be broken and one will not have access to the internet.

You can pick up a really good Layer3 switch/router that will be able to handle the requirement for cheap <$200.
 

code2

Getting the hang of it
Joined
Mar 9, 2015
Messages
490
Reaction score
79
Location
The wild wild west
With multiple subnets/vlans you will need a router in the middle capable of layer3 routing. Only a router can break up broadcast domains, so a non-layer3 switch will not do the trick. If your current router can support vlans, then you will be ok. If not, routing between the 2 networks will be broken and one will not have access to the internet.

You can pick up a really good Layer3 switch/router that will be able to handle the requirement for cheap <$200.
Thats what we have been trying to tell him :) good thing you better at explaining the technical things then I am
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,343
Reaction score
5,283
Location
Denver, CO
my reccomendation for a router: Amazon.com: EdgeRouter Lite ERLite-3 512MB 3 Ethernet Ports Router: Computers & Accessories

wont need a switch that can do VLAN if you have a router with multiple interfaces.. this one has 3 interfaces, one for internet and the other two can be seperate subnets hooked to different switches.

I have the PoE version of that switch with my cameras on there own subnet (192.168.42.0/24) and firewall rules that only let my private subnet (192.168.4.0/24) through to access them.. the cameras dont have any internet access and guests on my public subnet cant see them.. I have to run a local NTP service to set the time on the cameras since they are blocked from internet.
 

Attachments

Last edited by a moderator:

paarlberg

Getting the hang of it
Joined
Apr 21, 2014
Messages
353
Reaction score
67
That would work as well. It handles the routing as/if needed.
 
Top