Dynamic vs Static IP Addresses Tutorial

By IPVM Team, Published Apr 16, 2020, 12:00pm EDT (Info+)

While many cameras default to DHCP out of the box, that does not mean you should use it. This may seem basic for some, but those new to the industry may not know there are other options.

IPVM Image

Inside, we cover the following topics and their impact on surveillance/security networks:

  • Static addressing
  • Dynamic addressing
  • Address Reservations
  • Advantages
  • Disadvantages
  • Potential issues of each
  • Public vs. private IP address impact
  • IPVM recommendations

For basics on IP addressing cameras, see our Network Addressing for Video Surveillance Guide.

Camera ********** ***************

******, *******, *** ******** ********* *** have ****** ** ************, **** ***** general ***************:

  • *** **** *** *****:***** *** *** ********** ** **** rule, *** **** ****** ********* **** be **** **** ******* *******, *** in *** ***** ************.
  • ****** ********* **** ****:*** ********* ********* ** ******* ********* far ******** *** ****** ******** ** configuration **** ********.
  • **** ************ ** *********:************ ******* *** ******** ** ****** addresses, *** *** **** ** ***** configuration **********. **** ****** ** **** when ** ****** ********, *** ******* may *** *******. ************ *** **** useful *** *** **** **** ******* that **** ******* ****.

** ****** **** ** ***** ***** below, ** **** ******.

Static *********

********* * ****** ** ******* ** each ****** ** *** **** ****** way ** ******** ** ****** **********. In **** ******, * ****** ******* is ******** ******** ** **** ******, requiring ** **** ****** ** ***** services. ***** ***** ** ** ****** of ** ********* ********, ** **** DHCP ******, *** ********* *** ********** issues *** *******, ***** ******* *************** time ** ****** *****. ***** *** device ** **** ***** **** * specific ******* ** **** ****** **** same ******* ***** ***** *******, ***************, service, ** *** ***** ***** *** restarting *** ******:

IPVM Image

*** **** ******** ** *** ********* labor ********** **** ********* ********* ** individual *******. ****** ********* *** ******** assigned ** ************ ********** ** **** camera, ****** ******** ******* *** *** interface, ** *** ************-******** ********. **** may *** * *** ******* ** installation **** *** ******, ***** *** add ** ** ***** *******.

IPVM Image

**** ************ ***** ***** *** ***** addressing ** *******, ** * ******** group ** ******* *** ** ******** IP ********* **** * ***-******* *****. Tools **** **** ******** *** ***** time ********, **** ** *** ******* below, ******* ******* ********* ** ** addressed ** * *****.

IPVM Image

****** ********* *** ********* *********** ** all *******. *** ********** **** ******** to ***** ********* ** ******* ** small *******. ** ***** *******, *** extra **** ****** *** ** ***********, but ** **** **** ***** ** caused ** *************** ***** * ****** unexpected ******* ******* ******. * *********** increase ** ***** ****** ************ ** preferred ** ************* *************** ****.

Dynamic *********

**** *******, ********* *********, *******, *******, mobile *******, *** ****, ******* ** DHCP **** *** *******, ******* **** are ********** ** ************* ******* ** IP ******* **** *** **** ******. In ***** ************ ******** ***** *** several ******* ***** *** ** *** DHCP ****** ********* ****, *******, ******* switches, ******* *** ***** *******, *** others.

**** ********* **** ** ********** ****, called * "*****", ***** ***** *** device ****** ****** *** ******** ******* or ** ****** * *** ***. Because ** ****, * ******'* ** address *** ****** **** ****.

IPVM Image

DHCP **********

*** **** ******* ** ***** **** is * ********* ** ***** *****. There ** ******* ***** *** ******** a **** ******* ***** (****** * scope) ** * **** ******/******, ***** below. ***** ****** ****** *** ***** and *** ******* ** *** ***** and *** **** * **** ***** lasts (*** **** ****** *** ******* is *******).

IPVM Image

******** *** **** ***** **** **** need ** ** **** **** ****** the *******'* ******* *****. ******* *** DHCP ***** **** ***** * *** minutes. ***** ********** ** *** **** to ******* ** **** ****** ** set *** ** ******* **** ******* addressing, ******* ******* **** ** *********. Below ** *** ********** ******* ** an ** ****** ******* ******* ******* configuration:

IPVM Image

*** ****** ** **** ****** ******, however, ** **** ************* ***** ******* to ** ********* ** ****,*** ***** ***** ****, ***** * ********* ***** ** IP *******. ** **** ****, *** time ******* *** *******.

DHCP *************

*** **** ******* **** ***** **** is ****** ********* ********. **** *** present ********, ** ******* ***** ******* to *** *** *** ** ******* (the **** ********) **** ** ****** work ***** *** ****** ** **-******* into *** ***. ************, ******* *** updated ******* *** ** * ********, and *** ******* ***************'* ********* ****.

************, *** **** ****** *** ********* problems ***** ******* ** **** ******* addresses. **** *** ******* *** ** not ******* **, ******* ******** ******* the ****** *** *******, ***** *******, DHCP ***** **********, *** ****. ** contrast, ******* ***** **** ****** ********* defined **** ***** ** **** ** communicate ******* ****** ** *** **** server.

*******, **** ****** ***** **** ***** dynamic ********* ** *** ****** ** rogue **** *******. ************ **** ******* may ** ******* **** *** *******, intentionally ** ***************, *** **** ** supply *********. ** *** ** * range ***** **** **** ** ******** on *** *******, ******* *** *** be **** ** ******* ** *******, or ** ******* ********* *** *****. This ** *** ******** * ******* issue, *******, ** ******* **** **** a **** ****** **** ***** ***** expires, ** **** ****.

Dynamic ******* ************

**** ***** ****, ********* *** ** reserved ** *** ****** *** ******** devices, ***** ** *** ******'* *** address. **** *** **** ** ****** Static **** ** *** ************. **** prevents *** ******'* ******* **** ********, eliminating *** **** ******** ** ***** DHCP. ** ** **, *** ****** should ** *** *** **** *** the ******* ** ******* *** *** camera's *** ******* **** ** ******* into *** **** ******'* *****. ***** is ** ******* ** *** ***** / ********* *** ******* ******* ***********:

IPVM Image

*** *** ****** **** *** *** address **:**:**:**:**:** **** ** ******** *** IP ******* ***.***.***.*** ***** **** ** joins *** *******. *** ****** *** not ********** ** ***, *** *** only ************* **** *** ** *** DHCP ******, ** **** **** * SonicWall ******.

Public **. ******* *********

**** ****** ****** ********* *** / internal (*******) ** ********** *** ************ systems, *** ****** *** (***** ******** by ***'* ******** ******* ********), *** issues ** ****** **. ******* ***** when ******* ** ***** ******** ** ISPs, ** ****.

******** ******* ********* ********* ****** ***** dynamic *********, ********** ** ******* **** or **** *** ****. **** ************* ************'* ************ ****** *********** *********, ** the ** ******* *** **** *******. There *** *** ****** ********* **** to ********* **** *****:

  • ***** *** ******** * ****** ** address, *** **** ** ********* * paid ******* ** *** ** ******** service **** (~$**-** *** *** *****). This *** ** ****** ********** ** larger ************* *** *** *********** *** SMB *******, ** *** *** *********** cost ** ******** *******.
  • *** **** ****** *** ****** **** cost ** ** *** ******* ***, which **** * ****'* ****** ** address ** * ****** ********, *.*., 67.20.198.45 **** ** "****.******.***", **** *** dynamic *** ************* ******** ** * new ******** ** ******* ****** ** change.

** ****** **** ** ***** ****** of ****** ****** ** ********* ******* ****** *** ***** ************ Guide.

Test **** *********

**** ********! **** **** * ************ ** ** ********* *** ***** surveillance.

[****: **** ***** *** ********** ******** in ****, *** ********* *** ******* in **** *** *******]

Comments (36)

A good article, but misses one of the critical disadvantages of using DHCP in security systems, namely if the DHCP server goes off-line for any reason the whole network will fail when the DHCP leases expire. When fixed addresses are used the DHCP server is not a single point of failure, and devices with fixed addresses will continue to communicate normally.

A few minutes assigning fixed addresses can save you a lot of problems later.

Agree: 6
Disagree: 1
Informative: 1
Unhelpful
Funny

U1 thanks - I just added a paragraph to the report to include communication/network issues, power outages, scope exhaustion, etc.

Agree
Disagree
Informative: 2
Unhelpful
Funny

John, Thanks, that covers it.

Agree
Disagree
Informative
Unhelpful
Funny

I just added a paragraph to the report to include communication/network issues, power outages, scope exhaustion, etc.

John, IMO, you really should add to the report the option of DHCP with infinite leases, as it seems to solve much of the conundrum you present.

Or at the very least debunk it, if there are valid arguments against it.

Otherwise, it's a comprehensive and well written report.

Agree
Disagree
Informative
Unhelpful
Funny

Well that really depends on the VMS and cameras your using. NOT all VMS/cameras care if the cameras IP changes or if the DHCP falls. Overall though long DHCP reservations or static DHCP is preferred.

Agree
Disagree
Informative
Unhelpful
Funny

One gotcha with static IP addresses is the possibility of duplicates. If you set the address on a camera but forget to document it, and then decide to leave it disconnected because you're, say, short on patch cables, your friendly coworkers may accidentally assign that same address to another camera.

Don't ask me how I know.

Agree: 2
Disagree
Informative: 1
Unhelpful
Funny: 2

U2 - agreed, and there is also the chance that someone will assign a static address within the DHCP scope or pick a random address already assigned rather than checking documentation then scanning the network, pinging, etc. Also like you mention, undocumented adds/moves/changes can be a culprit.

Agree
Disagree
Informative
Unhelpful
Funny

what's the argument of using DHCP with infinite lease time?

once assigned, always assigned, unless you manually remove it.

if the VMS/DHCP machine is backed-up, even the loss of the server won't cause it to change.

also, you can print a list of the ip/mac pairs after setup, if you're so inclined.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Always a trade off.

I recall the nightmare an integrator has when the company they represented bought another company.

Unfortunately company policies collided and there was an urgent need to reprogram hundreds of cameras to a new IP scheme spread across the globe, quickly.

Had they been DHCP, it would have been a simple IT task. Since they were static, well, not so easy.

I’m not saying either way is correct or infallible, just a situation when companies merge or acquire.

Agree: 2
Disagree
Informative
Unhelpful
Funny

Really isn't much of a disadvantage of DHCP, I used to be in the static only crowd, now I just allocate reserved device addresses

- I can get more clarity of any external or attempted external traffic

- Easier to set up DNS addresses ( I can set up a recursive DNS so all of the endpoints have a valid certificate and FQDN, and if I screw it up I can always set them to a public DNS in case quickly)

- If you are worried about a failed DHCP server you can set up for fail over

- Any half decent firewall will have rouge DHCP detection

Agree: 4
Disagree
Informative
Unhelpful
Funny

You forgot one: now you're ready for IPv6 as well. Unless anyone here can say they routinely (or often) enter IPv6 addresses manually, then I stand corrected.

Agree
Disagree
Informative
Unhelpful
Funny

Address allocation in IPv6 is completely different. The challenges that exist in IPv4 are not relevant for IPv6. There would be little/no reason to ever use static addresses in IPv6. It is easy mode and basically error-free.

Agree
Disagree
Informative
Unhelpful
Funny

Probably not the best thread to ask this question on, but I'm wondering if IPVM has any poll data on an integrator installing 801.x certificates on all cameras, and how often companies are requesting it?

Agree
Disagree
Informative
Unhelpful
Funny

Just to be clear - did you mean 802.1x? Widely accepted in strict security environments but unfortunately near-zero adoption outside of them. Many teams struggle.

Agree
Disagree
Informative
Unhelpful
Funny

Ha, yes. I must have typed fast this morning before my coffee hit. So you think the integrator world is light on adoption/use? Or not many people are willing to pay for the higher security? Seems kind of nuts to hang a blue cable on the outside of the building, and not use it. Unless of course you are still using that god awful Dedicated Micros switch thing. ( :) I crack myself up. )

Agree
Disagree
Informative
Unhelpful
Funny

When I was an installer and setup an Avigilon v4 solution, I used DHCP (reservations) at this one site and we would always lose a few frames in playback (and the camera would trigger a camera offline alarm) when the DHCP lease (7 day lease) would expire.
In the end I set the cameras to have a static IP and still had the reservation set in the DHCP server. The other option was to set the static IP outside of the DHCP pool.

Agree
Disagree
Informative: 1
Unhelpful
Funny

In the end I set the cameras to have a static IP and still had the reservation set in the DHCP server.

why not just set the lease time to infinite - best of both worlds.

as mentioned here.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Another topic worth discussing - traditional VMS' add cameras via IP but many of the modern cloud solutions support or even suggest DHCP or DHCP with mac bindings since the cameras phone home to the cloud and register via alternative means. Extended DHCP lease times, dedicated security vlans, and other techniques greatly reduce concerns.

Agree
Disagree
Informative
Unhelpful
Funny

With a Microtik Router just make dynamic addresses static. The static IP assignment is managed by the Router DHCP Server via MAC bindings. This mapping can be stored in the config file even if you upgrade or replace Routers.

Agree
Disagree
Informative
Unhelpful
Funny

The main concern when using DHCP is device addresses changing. This may present problems, as cameras which connect to the VMS via IP address (the vast majority) will no longer work until the camera is re-entered into the VMS.

Is it still true these days? Some VMSes will automatically handle such a change of camera IP.

Agree
Disagree
Informative
Unhelpful
Funny

A valid route to the Camera must exist. In a well-designed securely segmented network there can be many routes with the shortest route taking priority. Routes can be discovered by protocols like OSPF or the statically in each router. Routers need to have the gateway to any desired/reachable subnet. NVS can only discover a cam on the same subnet unless the Camera knows the address of the NVS and initiates communication. The most common setup USED to be networks with a single common subnet so all traffic gets routed to the Public WAN and not an individually routed group of subnets. Routes and firewalls determine what devices are reachable to each other and this solves the security nightmare existing with a single subnet.

Agree
Disagree
Informative
Unhelpful
Funny

To be clear here - Cisco's recommendation for a high availability campus network has leveraged layer 3 in the access layer since about 2008. Basically meaning - OSPF or EIGRP running on access switches and not spanning VLans across data closets. Each data closet has individual subnets for different application types - aka, the voice vlan in IDF 2 is not the same broadcast domain as voice vlan in IDF 3. Obviously, that affects security vlans that are dispersed through a campus in the same way. Layer 2 discovery protocols would not work between data closets as it is hitting a (wire-speed) boundary at the L3 access switch in each closet.

Agree
Disagree
Informative
Unhelpful
Funny

Basically meaning - OSPF or EIGRP running on access switches and not spanning VLans across data closets.

is it common for cameras to be routed dynamically?

Agree
Disagree
Informative
Unhelpful
Funny

Depends on who is making networking decisions and how strict the org is. This varies widely based on size of client.

Agree
Disagree
Informative
Unhelpful
Funny

My tool kit for IP cameras:

Dual DHCP DNS Server download | SourceForge.net

Battery Powered POE injector

Laptop (Surface Tablet for bright screen)

Angry IP Scanner

Wireshark

Agree: 1
Disagree
Informative
Unhelpful
Funny

Interestingly I have never had to use a DDNS service for my clients because their ISPs tend to re-lease the same IPs time and time again, even if they don't subscribe to static. I don't think my home or office WAN IPs have changed in about five years!

Agree
Disagree
Informative
Unhelpful
Funny

You may have a /30 address. Those are getting rare and are wasteful. Cox has /27 around here. Uniti fiber has /30's. I think it's time we all come up to speed on IP6 and Cams

Agree: 2
Disagree
Informative
Unhelpful
Funny

I think it's time we all come up to speed on IP6...

good news - widespread IP6 adoption is just around the corner:

IPv6 Adoption: Here at Last

oh, dang that's from 2014 :)

Agree
Disagree
Informative
Unhelpful
Funny: 2

Don't get me started. /64 is the new /24 and otherwise the learning curve is cake for anyone who tries. People see a long number and shut down but all of the concepts are so much cleaner.

NAT was meant to be a short term work-around and destroyed what would have been far simpler network based multimedia over wide area networks. IPv4 should die.

Agree
Disagree
Informative: 2
Unhelpful
Funny

NAT was meant to be a short term work-around and destroyed what would have been far simpler network based multimedia over wide area networks.

i'd prefer not to give out my ip, (even intra-day), to every site i visit. NAT wasn't designed to obfuscate, but nonetheless that may be its only redeeming quality.

People see a long number and shut down but all of the concepts are so much cleaner.

it's cleaner, granted. but i'm not sure better wins, maybe i've become a bit jaded.

i lost faith when BetaMax lost to VHS and OSI lost to TCP/IP.

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny

You are in for a busy day when they do.

Agree
Disagree
Informative
Unhelpful
Funny

Most of our systems are 300 camera plus and we always use DHCP.... we deploy primary and secondary DHCP servers in failover mode and use address reservations. When you have a large camera count or a complex network DHCP is a hige advantage as it takes all of the manual configuration away. On a large system you will always get dublicate addresses when addressing manually and sorting that out can be a nightmare depending on your network topology and the size of your subnets. What is really annoying though is that there are still a small number of devices that ship from the manufacturer with static addressing (videotec and Flir PT series are two that come to mind). I agree that unless you have the correct infrastructure to support it then its dangerous and i would never dream of using it with at least two DHCP servers.

Agree
Disagree
Informative
Unhelpful
Funny

Has anyone run into ISPs that don't offer IPv4 anymore?

Agree
Disagree
Informative
Unhelpful
Funny

I'm curious, if DHCP is used on camera network, do the cameras get added to the VMS as a host name and not an IP?

Agree
Disagree
Informative
Unhelpful
Funny

I enjoyed reading up on the differences between Static and DHCP. We marry up the MAC's and Static address to configure our edge devices.

Agree
Disagree
Informative
Unhelpful
Funny

Good stuff.

Agree
Disagree
Informative
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports