Network Addressing for Video Surveillance Guide

The goal of this guide is to explain addressing devices on IP networks, focusing on how IP cameras and recorders are used in those networks. For even more IP networking basics, see our IP Video 101 Training.

Inside, we cover the following topics and their impact on surveillance/security networks:

• MAC Addresses
• Multiple MACs Possible
• Manufacturer OUIs
• OEM Devices
• IP Addresses
• Address Conflicts
• Subnet Mask
• Subnetting Large Deployments
• Default Gateways
• IPv4 vs IPv6 Formats
• Video and IP Addresses
• Dynamic vs. Static Addresses
• Public vs Private Addresses
• Zero Config
• Network Classes
• Loopback / localhost
• Test Yourself

MAC Addresses

All network devices (PCs, servers, cameras, switches, etc.) have a fixed address, called a MAC address (Media Access Control), a unique 12 character identifier, such as:

AC:CC:8E:0C:B5:F4

Since MAC addresses are issued at the factory and do not change, they are often used for identifying devices on a network even if the IP address is unknown or has changed.

Multiple Network Interface = Multiple MACs

If a device has multiple network interfaces, it may have more than one single MAC address as the MAC is associated with a device's network interfaces, not the general device. In the case of cameras with multiple network connections (e.g., a camera with both a wired ethernet port and an integrated wireless radio), the device would have multiple MAC addresses.

Since the vast majority of cameras include only a single ethernet port, the MAC address could be/is often indirectly used to describe the entire camera.

Organizationally Unique Identifier

The first six digits of a MAC are called the OUI, and each manufacturer is assigned one or more unique identifiers. For example, these are the OUIs of some common cameras manufacturers:

• Avigilon: 00:18:85
• Axis: 00:40:8C, AC:CC:8E
• Bosch: 00:01:31, 00:04:63, 00:10:17, 00:1B:86, 00:1C:44, 00:07:5F
• Dahua: 4C:11:BF, 90:02:A9
• Hikvision: 44:19:B6, C0:56:E3
• Samsung (Techwin): 00:09:18
• Sony: 00:01:4A, 00:13:A9, 00:1A:80, 00:1D:BA, 00:24:BE, 08:00:46, 30:F9:ED, 3C:07:71, 54:42:49, 54:53:ED, 78:84:3C, D8:D4:3C, F0:BF:97, FC:F1:52

In the case of manufacturers such as Sony, which are part of a larger conglomerate, it is difficult to know which of these OUIs is used specifically for security without scanning devices, as they are listed simply as "Sony Corporation" in OUI lookups. Here is an OUI to manufacturer lookup engine that lets you put in any manufacturer (IP camreas, DVRs, PCs, etc.) and find their OUIs.

OEM Devices

In cases where manufacturers OEM their devices from another, which OUI is used depends on manufacturing agreements. For example, checking the MAC address of a Q-See camera (90:02:A9:1D:DA:E6), it is listed as Dahua, seen in the results from an IP scanning tool below. Others, however, show the OUI of the manufacturer relabeling the camera.

IP Addresses Defined

In video surveillance, many components are IP addressed, including IP cameras, encoders, recorders, access control panels, and more. The IP address of a camera is used to add it to a VMS or NVR, while client software connects to the VMS or NVR typically via its IP address.

An IP address (IPv4 specifically) consists of four parts (called octets because they contain 8 bits of data) ranging in value from 0-255, separated by periods, such as:

192.168.1.49

The IP address is divided into a network address (192.168.1 in the example above) and a host address (.49 in this case). On a single LAN, the network address is typically the same for all devices, while the host address differs. So 192.168.1.49, 192.168.1.50, and 192.168.1.51 all reflect different devices on the same network.

Analog vs IP Cameras IP Addressing

Analog cameras (whether SD or HD), by definition of being analog, do not have or need IP addresses since they have no network interface. However, analog cameras are generally connected to recorders or encoders that do have network interfaces and therefore use IP addresses.

IP Address Conflicts

If more than one device attempts to use the same IP address, generally neither will be able to connect to the network. On PCs, the user is typically notified that a device has connected and is causing an IP address conflict. However, if two cameras share the same address, errors will typically not be generated, but cameras may randomly go offline or not stream video to a recorder, leading to wasted troubleshooting time.

Note that some manufacturers ship their cameras with a hardcoded default IP address. Plugging more than one into the network at a time may cause address conflicts, so these cameras must be connected one at a time and re-addressed. Installers should check if their chosen manufacturer(s) use default IP addresses and plan initial setup accordingly. An IP Scanner may save you time and frustration.

Subnet Mask / Subnetting

Subnet masks are an advanced topic in IP addressing, outside the scope of this report. Essentially, a subnet mask determines which parts of an IP address reflect the "network" vs. the "host." In practice, the vast majority of networks, surveillance included, use default subnet masks for the IP address class (discussed below), most commonly 255.255.255.0. In class B networks, e.g., 172.20.x.x), the default subnet mask is 255.255.0.0.

Subnets In Large Deployments

For larger camera networks which require over 255 device addresses, subnet masks are most often used to expand the network to an additional subnet or subnets. This is done by changing the last octet of the mask. For every bit that is removed, an additional 255 host subnet becomes available.

As a practical example, changing subnet mask from 255.255.255.0 to 255.255.254.0 on a 192.168.0.1 network allows users to expand into the 192.168.1.1 network without using a router, a total of 510 hosts instead of 255, effectively doubling available IP addresses. Changing the mask to 255.255.248.0 expands this further to 2046 IPs (192.168.0.1-192.168.7.254).

To see how subnet masks impact available addresses, users may refer to commonly available subnet calculators.

Default Gateways

Generally, and typically in video surveillance, the term "default gateway" is synonymous with routers. IP cameras and DVRs, like PCs, have fields to enter the address of the default gateway. In practice, this means the address of the router — the "gateway" to the internet.

The default gateway is needed for computers on other networks to access the IP video surveillance equipment. For example, users at a remote site or on their phones would typically not be able to connect to an IP camera or recorder that does not have a default gateway set. Sometimes, in security applications, not entering in a default gateway is done on purpose, to block any access to the system.

IPv4 vs. IPv6

Because the use of the internet has expanded over time, concerns about the number of addresses available using IPv4 format arose (called address exhaustion), lead to the development of an expanded address format, IPv6.

Unlike IPv4, which uses 32 bits (8x4) for each address, IPv6 uses 16 octets (128 bits total), displayed in hexadecimal (0-9 + A-F). Each group separated by colons represents two octets. For example:

FA80:4322:0000:0000:0202:B3EF:FE1E:8329

This increase in address size results in approximately 34 undecillion addresses, a huge increase over the IPv4 limit of about 4.2 billion addresses.

Many networks support either and both formats, and most modern IP cameras can be configured to use either format. Note that the same format should be used throughout.

IPv4 for Surveillance

Despite IPv6's larger address pool, IPv4 continues to be the dominant format used. Especially for private networks, with a finite number of connected devices like a surveillance system, address exhaustion is not a practical problem. IPv4 remains easier to use and administer, and there is little or no reason to use the more complex IPv6 format.

IPv6 Growing For Internet Addresses

Despite its limited use in surveillance networks, Google reports that IPv6 usage among their users has jumped from ~10% in 2016 to ~20% so far in 2018. This comes after taking 20 years (from IPv6's RFC adoption in 1996 until 2016) to reach 10%.

This growing adoption may increase use in internal networks, but IPv6 is likely to remain limited to the public Internet for some time.

Static vs. Dynamic Addressing

Devices may be set with either a static (does not change over time) or dynamic (changes periodically based on lease time) IP address. Because cameras and NVRs are typically fixed devices and configured to communicate via IP address, giving them dynamic addresses may cause issues when the IP changes, forcing users to reconfigure devices. Therefore, all devices in security systems are typically manually assigned static addresses. Using dynamic addresses for devices that need to be found via their IP address is comparable to trying to deliver postal to homes in a town where the houses are renumbered and the streets are renamed periodically.

However, there are some cases in which dynamic addresses may be used.

• When setting up a new surveillance network, a DHCP (dynamic host configuration protocol) server is often used to temporarily assign IP addresses to devices so they may be reached for configuration. for example, a new camera connected to the network receives an address from the server, which the installer users to perform initial configuration and assign a permanent address.
• Some less crucial devices, such as client PCs and tablets may be dynamically addressed. Since these devices are typically used only periodically, and generally do not need to be reached for configuration or connected to a VMS by IP address as cameras are, assigning them a dynamic address is often sufficient.

For more detail on why static addressing is best practice for IP video systems, read our Dynamic vs. Static IP Addresses post.

Zero-Configuration

There is a subset of dynamic addresses available in use by zero-configuration, commonly called zeroconf, which allows devices to use a dynamic address without a DHCP server in place. In surveillance, the most common example of this is initial setup of IP cameras. Connecting a laptop directly to a camera, with both devices set to use dynamic addressing, they will both be automatically addressed to an address beginning with 169.254. This allows initial configuration to be performed and the IP address changed without needing a DHCP server (note that many, but not all, current cameras support this).

Loopback / localhost

The address 127.0.0.1 is the localhost / loopback address and serves two purposes. As the loopback address it is used for testing the TCP/IP protocol stack. If a machine has network connectivity problems, it is way to test that the NIC and protocol are functioning correctly as shown below:

When used as the localhost, it lets system know that the target is the same as the host. This is commonly used when a client is running on the same machine as a server and for web applications. The screenshot below shows a machine running Exacqvision server and the client on the same machine. The client connects using localhost.

Below is an image of machine running PRTG, where entering 127.0.0.1 into a browser on that machine brings us to the web interface for PRTG.

Network Classes

In general, the relationship between potential unique addresses in a network, and total potential number of unique sub-networks supported is a decision well beyond a surveillance system. The three most common network classes are limited as follows:

• Class A: This type supports over 16 million IP addresses per network, but only supports 128 different subnets. (From 0.0.0.0 to 127.255.255.255)
• Class B: The type supports over 65,000 IP addresses per network, and about 16,000 different subnets. (From 128.0.0.0 to 191.255.255.255)
• Class C: This type supports only 256 IP addresses per network, but almost 3 million subnets. (From 192.0.0.0 to 223.255.255.255)

The vast majority of surveillance/security networks use class C addresses, as the number of devices simply does not require other classes.

Private/ Public Networks

Every device on the Internet has an IP address, but not every networked device is on the internet. The difference is the boundary between private vs. public networks. For example, an IP Video network might consist of hundreds or thousands of cameras without a single unit being directly connected to the internet.

Typically only a few tightly controlled devices like routers or firewalls are given a public IP address. However, some recorders or IP cameras may be publicly available (example 1, 2) on the web. This is far more common in consumer/residential and small office use than midsize and enterprise systems, which typically demand tighter security, with organizations' IT department preferring not to open these devices to the internet.

Portions of the "172" and the "192" address ranges are designated for private networks. The remaining addresses are "public," and routable on the global Internet. Private networks can use IP addresses anywhere in the following ranges:

• 192.168.0.0 - 192.168.255.255 (65,536 IP addresses)
• 172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
• 10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)

In modern systems, IP addresses are associated with subnet masking, which helps regulate traffic within a network at the expense of adding a trivial configuration step. Most surveillance systems are installed on a class C network, as evidenced in our Which Private IP Addresses Do You Use For IP Video? discussion, in which 50% of respondents said they use 192.168.X networks for their installations.

Test Your Knowledge

Take this 10 question quiz now

[Note: This guide was originally published in 2015, but substantially updated in 2018 to reflect IPv4/IPv6 changes, subnet masking information, and more]