NVR with multiple ethernet interfaces? Or at least vlans?

[richms 0]

Im not keen on running the lan cables outside to cameras with full access to my internal lan.

 

Obvious solution would be to get a NVR with serveral ethernet interfaces on it. I looked at a dahua which had 4 ports that did power over ethernet, but unfortunatly it seemed to be on the same IP range as the internal network. I didnt have time to see if it was bridging traffic between the ports, but you would assume it was with it having the same IP range.

 

Other option is if I could get a second IP up on the NVR with a tagged vlan, which I could then untag on my POE switch to the ports I am putting cameras onto. and keep the untagged interface on the NVR connecting to the LAN for viewing and admin of the NVR.

 

I have talked to a couple of installers of gear, but they seem to think there is no problem putting lan cables and cameras where they could get tampered with when connected to the internal LAN with servers and stuff on it, so really dont know what the best practice for installations is.

[hxdrummerxc 0]

From my understanding don't most of these Network DVR's allow you to hook up IP cameras in two ways......? Directly to the DVR ports, or via ip address from anywhere on your LAN.

 

 

If so, you could do this........ Instead of connecting the cameras to the DVR directly, just run them all to a switch on your LAN. Then set up MAC address security on that switch. So for each port the only device allowed through the switchport is the MAC address of that specific camera that you specified. So if anyone gets access to one of those cables, and they plug their laptop or whatever in, the MAC address security is going to block out their device since it doesn't match the MAC address of the camera.

 

MAC address-security is what you need. EVERY device with a NIC has a unique mac address. Securing each port to the corresponding camera MAC address would probably be the most secure and simple way to do what you need.

[richms 0]

They do have seperate interfaces, but it seems to just be a dumb switch with power internal to them, the cameras get local lan IPs and are accessable from any of the PCs on the lan.

 

Ideally the cameras would not be accessable from the lan, just the NVR's web interface. If the NVR could bring up a second IP interface that was tagged then I could just do it all on the switch, but for some reason none seem to do basic network security practices.

[jeromephone 6]

we installed a speco system a couple of months ago that had 8 poe ports and a separate lan port.

 

The cameras are on 192.168.1.20-28 and the nvr is on the common network call it 10.0.0.50 for example

 

in order to get to the cameras you have to log into the nvr or access individual cameras from the nvr itself.

 

I like to physically separate camera traffic from the larger network if possible.

[TechnicalTony 0]

We do a couple of units that do that, albeit as a plug and play option. Handy for that purpose, especially in locked down networks