New to Hikvision NVR built in internal switch settings/stuff?

[MichiganBroadband.com]

I'm working on and experiencing my first Hikvision NVR: DS-7616NI-K2 / 16P
This is an older unit, firmware from 2017.

I'm having difficulty getting my head around the built in internal 16 port POE switch.
It appears to NOT be bridged to the single LAN port (unit management network).
And I am not finding any kind of settings for the built in switch, what/how this network it is connected to the NVR on (how the cameras reach the NVR).
From what I can see this is just an isolated standalone switch (sorta).

If I simply bridge it to an external switch, also having the Lan1 connector of the NVR plugged into this external switch, the cameras can reach the NVR on it's LAN1 management network just fine.
But I am not seeing how this internal switch gets any kind of (internal) connectivity to the NVR, (if not physically bridged back to the Lan1 port) seems there are no settings for this.
Maybe there's an internal "link" but I do not see it in the settings.

I have also turned off "Platform Access Mode" as 1. I'm not familiar with it and 2. I seems to be a cloud related service which I do not intend to use, nor use this NVR outside of a private LAN.

As is it looks like I'm going to be just fine using it bridged to an external switch, there seems to be no DHCP or anything else present on this internal switch.
And if there is any kind of management of this built in switch available, I have not found it.

Thought I should go ahead and post here in case I am totally missing something I should know about or be aware of.
But in my test config everything is bridged back to the Lan1 management port of the NVR and seems to be working fine that way.
But If I remove the physical ethernet bridge back to the internal 16 port switch this switch/network has no connectivity back to the NVR.

Any pointers would be greatly appreciated!
-Steve

 

[wittaj]

By default, the NVR POE ports are assigned a different subnet to isolate them from the internet. Usually in the 10.x.x.x subnet.

 

[MichiganBroadband.com]

By default, the NVR POE ports are assigned a different subnet to isolate them from the internet. Usually in the 10.x.x.x subnet.

Thanks for the reply!
This makes sense, however I am not seeing any settings for this second subnet (as admin) on the NVR.
Is this something that is hardcoded and is it documented? (I'm currently scraping the manuals for any info on this).
There is no reference to another network (10.x.x.x) within the admin/config interface.
Or any clue as to what IP address the NVR may be reachable from on such a network.
The NVR appears only to be reachable on it's single port (Lan1) interface and no existence of another network on the build in switch.
Thanks!!

 

[wittaj]

Calling @alastairstevenson who is our Hikvision expert.

 

[MichiganBroadband.com]

Thanks for the help!
I have since read and discovered the NVR appears to be "hardcoded" on a network address of 192.168.254.1 and services a LAN of 192.168.254.0/24 (guessing)
On the 16 port POE switch (isolated from it's Lan1 port).
There is NO reference to or ability to configure this network that I can find in the NVR admin interface.
This is older firmware from 2017.

 

[MichiganBroadband.com]

There is absolutely no reference anywhere within the interface to this second network aside from Lan1. There's only a Lan1 tab in the interface.
No reference to 192.168.254.X or that it is also listening on 192.168.254.1 on the switch network. and no ability to view or change any of it.
I'm assuming it's hardcode with new way to change any of it.
Also assuming the netmask is a /24 but have no way to view or change its settings for this network.

 

[MichiganBroadband.com]

Lan Interface options only, nothing else pertaining to the internal/switch network in advanced.
Displayed is the Lan1 interface, Internet facing.
Changing to static IP or different network range does not change the no visibility and inability to view/change any of the internal network aspects.

 

[alastairstevenson]

There is absolutely no reference anywhere within the interface to this second network aside from Lan1. There's only a Lan1 tab in the interface.
No reference to 192.168.254.X or that it is also listening on 192.168.254.1 on the switch network. and no ability to view or change any of it.
I'm assuming it's hardcode with new way to change any of it.
Also assuming the netmask is a /24 but have no way to view or change its settings for this network.

On the older firmware, you'll find the network settings for the PoE ports base address can be set using the VGA/HDMI interface.
It's not available in the web GUI interface.
Best not to mess with it, and certainly not connect to the LAN as you could create a network loop.
To connect to the cameras web GUI, enable 'Virtual Host', see below.

I'm having difficulty getting my head around the built in internal 16 port POE switch.
It appears to NOT be bridged to the single LAN port (unit management network).

There are effectively 2 NICs in the NVR, the LAN interface, and the base address for the PoE ports.
Both of these are managed by the Linux kernel of the NVR.
When you enable 'Virtual Host' in the NVR web GUI, the Linux kernel 'ip_forward' facility (not to be confused with 'port forwarding') is enabled, and a NAT facility (using Linux xtables / iptables) is established between the 2 NICs.
Enable this under Network | Advanced settings | Other tab in the NVR web GUI.
This allows NATted access to the PoE-port-connected cameras via the NVR LAN interface using a link in the right-hand 'Connect' or 'Join' column of the NVR web GUI Camera Management page.

 

[alastairstevenson]

This is an example of the older iptables invocation in the NVR 3.4.96 K51 firmware :
iptables -t nat -A PREROUTING -p tcp --dport 65001 -j DNAT --to-destination 192.168.1.100:80

 

[alastairstevenson]

I'm working on and experiencing my first Hikvision NVR: DS-7616NI-K2 / 16P
This is an older unit, firmware from 2017.

Available here is the latest, 2022, K51 firmware for the older hardware K-series models.
** Warning ** Do not update straight to that from an old V3.x version as a configuration corruption can occur.
There is a specific upgrade path that must be followed.

https://www.hikvisioneurope.com/eu/portal/?dir=portal/Technical%20Materials/02%20%20NVR/00%20%20Product%20Firmware/05%20K-series/05---76%2077NI-K2%20K4

 

[MichiganBroadband.com]

The entire part I was not getting was that some of this stuff can't be accessed or configured from the web interface.
----
This entire project was/is for an end client who had lost touch with whoever installed this thing.
They did not have any passwords or anything and half the cameras were "not working".
The box was beeping like crazy, (because somebody removed the hard disk).

My job was just to get this thing under control for them until they get something better (probably from us).
It's back in service and working.
Had to obviously reset the admin password and add a Hard disk to it.
Got a good handle on the internal switch/second network now as well.
I don;t dare mess with updating the firmware for the moment as it's working and I don't think they intend to keep this box for too long.
I have no clue if it's a real Hikvision NVR or some kind of a Chinese clone.
Although I was able to reset the admin the password though Hikvision's automated support/email.
So maybe that's an indication that it's real and firmware could be upgraded.

Thanks sooo much for all of the help here!
They key thing I was missing was that the second network stuff was not accessible from the web interface.
I also had to reset the login "pattern" as that was also unknown.

 

[MichiganBroadband.com]

I also replaced the lithium button cell as it's voltage was low, down to around 2V.