Subscriber Discussion

FLIR 16 Channel NVR, Problems Communicating Through The Router To Cameras In Another Building

SW
Steven Wirz
Apr 19, 2017

I had to use FLIR because the client has two other locations that have FLIR NVR's.  The unit is a 16 channel with 8 POE ports for local cameras and has two NIC cards with only one port on the back for the Internet connection.  Tech support sucks and will not support any devices outside of the NVR appliance.  

There are two buildings on the property.  Seven cameras go directly into the NVR/POE ports on the back of the NVR and are working fine and I have four cameras in the other building with a POE switch.  From the POE switch in the remote building the NVR can see all four of those cameras but no video.  I was told by tech to plug the gateway (actually there is no gateway in place right now), NVR and the Ethernet from the switch from the other building into the router at the head end and set up the DMZ.  I did that and still cannot see the cameras from the other building at the head end.  

The cameras are set to 10.1.1.___ and the gateway address is 10.0.0.___.  I keep getting told that I have a subnet issue. The two subnets are 255.255.255.0.  I've never set up a DMZ before and I'm not THAT well versed in networking, I'm used to having two having two Ethernet ports, one for the cameras and one for the gateway.  I am thinking that the subnets need to be 10.0.0.0.  

At this point there is no gateway going to the Internet so I am using a Linksys router with an address of 10.0.0.2 in anticipation of the gateway (probably Comcast) being 10.0.0.1.  

If anyone can lead me in the right direction of my guess that the correct subnet to use on both NIC cards and how to set up the DMZ on the Linksys router.  The DMZ seemed pretty straight forward but the first 3 octets are fixed so I put the MAC of the camera NIC into the setting instead.  

Hopefully that is enough information for you guys.  Thanks in advance!

 

Avatar
Brian Karas
Apr 19, 2017
IPVM

What do you mean you can "see" the cameras but not video? Do they respond to a ping?

What is the physical network topology between the two buildings? (A Cat cable, fiber, something else?).

 

SW
Steven Wirz
Apr 19, 2017

Thanks for the reply, the battery in my laptop was dying when I sent the original request.  Between the buildings is CAT 5E, the distance is almost 300' checked with my wire tester.  

When I use the "Discover Devices" tool on the NVR the NVR will show the four remote cameras IP addresses, MAC's and the model of the camera.  If I plug my laptop into the router at the head end I cannot get a reply from the remote cameras pinging them.

If I ping the cameras from the POE switch at the remote building where the four cameras are I do get a reply.

 

U
Undisclosed #1
Apr 19, 2017
IPVMU Certified

What exactly do you mean by gateway?  As in default gateway?  The device or the addresses?

Are the (physical) networks dedicated to just to things under your control, can you make whatever you want?

Just as a point of information, the cameras on the 8-Poe ports are not normally pingable thru the other interface on the NVR.  They have no route between them.  The discover app can find them because it straddles both networks.

Avatar
Brian Karas
Apr 19, 2017
IPVM

Sounds like a routing issue. Discovery is often done with a layer 2 broadcast protocol. IP addresses are Layer 3, so when you try to have a 10.0.0.x device talk to a 10.1.1.x device without a properly configured router, you end up unable to communicate, even though they are essentially on the same wire (physical network).

From what you describe, I *think* you could fix this by just changing the IP addresses and/or subnets, but that depends on why you setup one side with 10.0.0.x and the other with 10.1.1.x.

 

SW
Steven Wirz
Apr 19, 2017

At this moment, plugged into the Linksys router, at the head end, are the NVR and the CAT 5E that goes to switch in the other building.  (The lines are good, no mis-wires and it is under 300')  Again, at this moment, there is no connection to a modem out to the Internet, no other routers, but this router will eventually be attached to a Comcast Gateway.

This is a dedicated network, all mine, until I connect it to the, soon to be approved, Comcast Gateway.  By default, FLIR assigns it's cameras a 10.1.1.___ address.  I assigned the Internet NIC 10.0.0.2 in anticipation of connecting to a tenant's Comcast Gateway.  I cannot, to my knowledge, assign both of the NIC's the same IP address scheme because I'm 1) presuming I will get a conflict (even if the last octet is different) and I really don't want, what will eventually be 16, 3MP cameras on the tenant's network traffic.

Regarding the proper set up of the router Brian, that, I believe, is the issue.  Tech and some other people have said that it is a subnet issue along with the DMZ.  That is why I posed the question of setting both of the subnets to 255.0.0.0.  I'm wondering if that is going to solve the issue.  Also, as I indicated, I have no experience in setting up the DMZ in the Linksys router.  I believe the model is a 1200.

 

 

U
Undisclosed #1
Apr 19, 2017
IPVMU Certified

That is why I posed the question of setting both of the subnets to 255.0.0.0.

Setting both a 10.1.1.x and 10.0.0.x to a 255.0.0.0 is unlikely to work, and even if it does somehow, it's unlikely what is correct.

Setting them both to a 255.0.0.0 means that they will overlap namespaces, and the network libraries involved will falsely think that no routing is neccesary between 10.0.0.x addresses and 10.1.1.x addresses.

If you really have two separate physical layer2 networks, one for 254 hosts on 10.0.0.0 and one for 254 hosts at 10.1.1.0, you should set the mask at 255.255.255.0.

You say the NVR and the switch are plugged into the router, but how?

Are they both in the LAN ports?  Or is one in the WAN?

Can you put them both on the LAN and save the WAN port for the Comcast gateway?

U
Undisclosed #2
Apr 20, 2017

"Tech support sucks and will not support any devices outside of the NVR appliance."

Do you call the shower head manufacturer's technical support when you can't get water through your plumbing to reach your bathroom?

U
Undisclosed #1
Apr 20, 2017
IPVMU Certified

Do you call the shower head manufacturer's technical support...

Nah, I'd just return it.

UI
Undisclosed Integrator #3
Apr 20, 2017

Well, let me explain what needs to happen and then we can see where to go. 

The NVR issues DHCP addresses to cameras plugged into the camera ports on the back. There are 8 and IF the unit is a 16 channel model thebalance are added through the client port.  Actually all cameras can be added that way.

The default address scheme for the local camera ports is 10.1.1.x and usually issues addresses starting at .120 or so.  While it's possible to change that setting in the MENU-NETWORK tab, it's not needed as this is a closed system. 

Cameras that will be discovered using the client side need to be in the same IP scheme as the NVR Client setting.  That defaults to DHCP and typically 192.168.1.108.

If you are not using a router, you can set this to static and move to the next step. If you are using a router that issues DHCP....it's easier because your other cameras will be issued addresses by it. 

Without a router, each camera will have the same default IP address.  The discovery tool in the NVR will find them all but you know what happens when you have 6 devices with the same IP address?

So, either buy a $30.00 DHCP router to plug the NVR and the external switch into, or plug in a laptop, run the FLIR CLOUD software which will discover all of them and let you set each camera as STATIC with an address in the 192.168.1.x range and not conflicts.

That should resolve the issues.

 

SW
Steven Wirz
Apr 20, 2017

Both the CAT 5 from the remote switch and the NVR are on the LAN ports.  I was saving the WAN port for the Gateway, when we get permission to use it.  

Currently, both of the NIC card subnets are set to 255.255.255.0.

As far as the shower head comment.  I attend many seminars, view many webinars and subscribe to IPVM.  I have designed and set up about 15, 20 to 35 IP camera systems. All of these used the same set up, with POE switches at remote locations.  And all of the NVR's had two NIC card ports, one for the cameras and one for the clients/Internet network.   Whenever I ran into a problem that stumped me the manufactures tech support team was able to help me out.  

One of FLIR's tech's told me that I had a "complicated" network!  I would think, if they are selling 16 channel machines with 8 POE ports on the back they must get tis question 10 times a day.  One of the techs from FLIR told me to use two SWITCHES at the head end. Put the NVR into one of them, the CAT 5 from the remote cameras into the other and a patch cord between the two.  (Isn't like like plugging a power strip into another power strip?).  Another tech told me to go out and get an IT guy to set it up.

UM #3, thank you.  The addresses from the back of the NVR did start issuing addresses at .130.  I did go out and buy a new router (I tried one that I had in the truck and that is when the tech told me how complicated my network was and that I need an IT guy to set it up).  I purchased the new router specifically so I could get tech assistance for setting up the DMZ.  Even before calling Linksys tech support, I set the routers address to 10.0.0.2 and adjusted the DHCP server only 25 addresses.  I did this so when I tie it into the Comcast gateway it would be on the same IP address scheme.

Prior to that I went to the four remote cameras and set them to a static address of 10.1.1.181-184 because, as mentioned before, when the NVR found the cameras via DHCP they were issued duplicate IP addresses, three of them the same as three of the cameras on the NVR's POE ports.  I was under the impression that I would have to have all of the cameras on the same IP scheme.

If I am understanding you correctly, I should reset the four remote cameras to DHCP and allow them to get the 10.0.0.x address from the router or I could keep them static but set to the routers setting of 10.0.0.x.  Making 7 of the cameras 10.1.1.x and four of them 10.0.0.x?  If that is the case I would not need to enable the DMZ settings, correct?

 

GC
Greg Cortina
Apr 20, 2017

Steven,

You are on to something.  I can't imagine needing to set up a DMZ unless you were trying to get cameras from another network entirely through a DSL connection and routing through an ISP.  I will say...not recommended.

The internal network will manage the cameras attached.  Just leave that all alone and that part will be fine.

If you are ultimately going to have cameras on the "client port/wan" as well as connect this to the customers network just keep this in mind.

The address scheme for the internal switch and the client port cannot be the same.  You can use almost anything but 10.1.1.x for the client port.

The NVR will discover compatible cameras in the client port scheme, but will not provide addressing for them.  That was the hang up you experienced.  Just had too many cameras with the same default IP address and the NVR in DHCP mode.

As a side note, you can only have one camera per camera port on the unit.  I have seen a switch connected there and the tech wondered why only one camera would come up.

If you want to isolate the NVR and cameras from the customer network, then a separate switch is needed and the cameras and NVR are connected to it.  From there, you connect that switch into the customers network and route accordingly.  Most clients don't care as the camera bandwidth stays within the same switch, so that isn't needed.

Also, use the DEVICE ID once connected to gain remote access and make sure to set the GMT time server and test, otherwise the NVR will revert to EST every 24 minutes.

I was using a mobile app and in a meeting so I previously failed to identify myself, huge apologies there.

Greg

 

 

SW
Steven Wirz
Apr 20, 2017

Thank you Greg!  I would never have imagined that the NVR would see the different address schemes.  Funny how FLIR tech's, 4 of them, didn't know this.  I will try this out tomorrow.  NOTE:  The location is 80 miles RT for me and if I don't have any other business along the way it really makes for a waste of time.

I had thought thru the idea of putting the switch or router on camera port 8 of the NVR but in my mind realized that it would not work.

Again Greg, thank you.  I'll let you know how it worked out.

 

GC
Greg Cortina
Apr 20, 2017

Steven,

Feel free to reach out.  

This situation has been forwarded to the head of support.  We take this seriously.

Greg

FLIR

Director of Distribution Sales - West

Avatar
Orlando Ayala
Apr 20, 2017

What is the NVR IP address? Should be 10.0.0.3 or higher i think.

The remote cameras would then also have to be 10.0.0.4-7 or some such addresses. I believe 10.1.1.? is not available to the remote cameras only those directly connected to the NVR.

Avatar
Jon Dillabaugh
Apr 20, 2017
Pro Focus LLC

First off, you are confusing the term subnet with subnet mask. They are two different things.

Your cameras are on different subnets. One subnet is the 10.0.0.0/24 subnet and the other is the 10.1.1.0/24 subnet. A subnet is a segment of a network that can communicate within without the need for a gateway (router). In order to communicate between subnets, you need a gateway.

A subnet mask is what is used to determine the size of the subnet itself. In your case, you are using a /24 subnet mask (255.255.255.0) which masks all but the final octet of your subnet address. This class of mask allows up to 254 hosts per subnet.

Now, since you have two subnets, you will need a gateway between these networks. Without the gateway, they cannot communicate between subnets, at least to the extent of full operation. There is a case where some broadcasts may work between subnets, or you may also have IPV6 enabled and can transverse the IPV4 subnets.

The better solution would be to get them all on the same subnet (not subnet mask). Choose one of the subnets (10.0.0.0/24 or 10.1.1.0/24) and keep them all on one subnet. Is there a reason why the second site has a different subnet to begin with?

Another option is to install a site to site VPN, which would allow you to span the gateway with a single subnet. Though, this could limit throughput.

(1)
SW
Steven Wirz
Apr 21, 2017

Jon,

Thank you very much for taking the time to reply.  Well, I learned something.  FLIR has since contacted me and I believe the issue is taken care of  If not, at least I have some contacts there now.

Thank you all for your comments and assistance.

 

Steve

 

(1)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions