nvr5216-16p-4ks2e Vs NVR5216-4KS2

Night-Owl

Pulling my weight
Joined
Jan 14, 2018
Messages
309
Reaction score
112
Hello,

I am planning on buying either
nvr5216-16p-4ks2e or
NVR5216-4KS2 with only difference being Poe ports that I don't use. However I do subnet by putting cameras on 192.168.1.x and the NVR on 192.168.0.x being that 192.168.0.x has access to the internet. As I set the NVR switch to 192.168.1.x they NVR can see the cameras and all is well plus as the NVR is set to 192.168.0.x I can access via gDMSS etc. Do you know if this would be still viable if I bought the one without the Poe ports, I am assuming that as the Poe ports seem to be on a switch, it will not be and hence I will need to go with the one with the ports just for this for this function ?.

Thank you
 

catcamstar

Known around here
Joined
Jan 28, 2018
Messages
1,659
Reaction score
1,193
Hang on, you are mixing up a couple of things.

First of all, IF you would put the NVR at 192.168.0.x subnet and the camera's on 192.168.1.x, then you DO need to have a routing (router?) which allows your NVR to reach the camera's and vice versa. In that router, you MUST be able to LIMIT internet access (outbound & inbound) to the 192.168.1.x subnet. Preferably you block internet access too for the NVR, as you would maybe only want the push notificiations (TCP/2195) to leave your home LAN.

If you DO NOT have a router which allows subnet separation & routing, I'd ditch this idea and go for a full blown VLAN based solution. Because in your setup, anyone in your home LAN with some networking knowledge can hook up to your cameras. My suggestion is to look at the Ubiquity Edgerouter series, it is capable of not only doing vlans, but also VPN which you also do require to secure your network.

On the other hand, the POE port based NVR makes your life much easier, the NVR has an internal router and hosts a 10.x.x.x subnet for your cams only. It does provide "local" yet temporal access for direct access of the camera (eg firmware update). What matters the most is that you do only have to take care of ONE IP ADDRESS in your camera environment. Which makes accessing it much easier (eg in VPN you can allow only access to that IP address and not your NAS for example). On the disadvantage side: ALL physical cablings have to be terminated within the back of this NVR, where-as a network-linked non-POE connected can be deployed at the other side of the world.

But in the end, it's a choice, you have tons of decisions to make regarding the layout of your physical & logical network, your security preferences or refusal-of.

Hope this helps!
CC
 

Night-Owl

Pulling my weight
Joined
Jan 14, 2018
Messages
309
Reaction score
112
Hang on, you are mixing up a couple of things.

First of all, IF you would put the NVR at 192.168.0.x subnet and the camera's on 192.168.1.x, then you DO need to have a routing (router?) which allows your NVR to reach the camera's and vice versa. In that router, you MUST be able to LIMIT internet access (outbound & inbound) to the 192.168.1.x subnet. Preferably you block internet access too for the NVR, as you would maybe only want the push notificiations (TCP/2195) to leave your home LAN.

If you DO NOT have a router which allows subnet separation & routing, I'd ditch this idea and go for a full blown VLAN based solution. Because in your setup, anyone in your home LAN with some networking knowledge can hook up to your cameras. My suggestion is to look at the Ubiquity Edgerouter series, it is capable of not only doing vlans, but also VPN which you also do require to secure your network.

On the other hand, the POE port based NVR makes your life much easier, the NVR has an internal router and hosts a 10.x.x.x subnet for your cams only. It does provide "local" yet temporal access for direct access of the camera (eg firmware update). What matters the most is that you do only have to take care of ONE IP ADDRESS in your camera environment. Which makes accessing it much easier (eg in VPN you can allow only access to that IP address and not your NAS for example). On the disadvantage side: ALL physical cablings have to be terminated within the back of this NVR, where-as a network-linked non-POE connected can be deployed at the other side of the world.

But in the end, it's a choice, you have tons of decisions to make regarding the layout of your physical & logical network, your security preferences or refusal-of.

Hope this helps!
CC
Hi,

Sorry I should have made clear I do not have a router which allows subnet separation & routing, I have recently bought 1 Manageable Poe switch that does allow vlans and that works fine but I have a cable going down to my man cave and that has on it cameras and internet, so I can not add that to the vlan without blocking internet I need. Hence at the moment I changed the 10. Address that was the NVR switch to a 192.168.1.x address, of course I could have changed all my cameras to the 10. Address range and achieved same thing. Hence my question if I choose a NVR without a POE switch inbuilt I will lose the functionality to use that inbuilt POE switches seperate subnet and be forced to get a better router that allows vlans etc or run another cable down to the man cave so I can seperate the cameras from the camera vlan ?. So I am thinking the £50 extra cost for the one with the inbuilt POE switch is still cheaper than buying a new router or less painfull than digging up 50 metres of garden to route an extra ethernet cable down to the man cave ?
 
Top