Network Addressing for Video Surveillance Guide
By IPVM Team, Published Mar 14, 2018, 11:52am EDTThe goal of this guide is to explain addressing devices on IP networks, focusing on how IP cameras and recorders are used in those networks. For even more IP networking basics, see our IP Video 101 Training.
Inside, we cover the following topics and their impact on surveillance/security networks:
- MAC Addresses
- Multiple MACs Possible
- Manufacturer OUIs
- OEM Devices
- IP Addresses
- Address Conflicts
- Subnet Mask
- Subnetting Large Deployments
- Default Gateways
- IPv4 vs IPv6 Formats
- Video and IP Addresses
- Dynamic vs. Static Addresses
- Public vs Private Addresses
- Zero Config
- Network Classes
- Loopback / localhost
- Test Yourself
MAC Addresses
All network devices (PCs, servers, cameras, switches, etc.) have a fixed address, called a MAC address (Media Access Control), a unique 12 character identifier, such as:
AC:CC:8E:0C:B5:F4
Since MAC addresses are issued at the factory and do not change, they are often used for identifying devices on a network even if the IP address is unknown or has changed.
Multiple Network Interface = Multiple MACs
If a device has multiple network interfaces, it may have more than one single MAC address as the MAC is associated with a device's network interfaces, not the general device. In the case of cameras with multiple network connections (e.g., a camera with both a wired ethernet port and an integrated wireless radio), the device would have multiple MAC addresses.
Since the vast majority of cameras include only a single ethernet port, the MAC address could be/is often indirectly used to describe the entire camera.
Organizationally Unique Identifier
The first six digits of a MAC are called the OUI, and each manufacturer is assigned one or more unique identifiers. For example, these are the OUIs of some common cameras manufacturers:
In the case of manufacturers such as Sony, which are part of a larger conglomerate, it is difficult to know which of these OUIs is used specifically for security without scanning devices, as they are listed simply as "Sony Corporation" in OUI lookups. Here is an OUI to manufacturer lookup engine that lets you put in any manufacturer (IP camreas, DVRs, PCs, etc.) and find their OUIs.
OEM Devices
In cases where manufacturers OEM their devices from another, which OUI is used depends on manufacturing agreements. For example, checking the MAC address of a Honeywell camera manufactured by Dahua (00:1f:55), it is listed as Honeywell, however since they are using basically the same firmware it is discovered as a Dahua camera within Dahua's device discovery software:
Others, however, show the OUI of the original manufacturer relabeling the camera. Below a Q-See brand camera is discovered at Dahua.
IP Addresses Defined
In video surveillance, many components are IP addressed, including IP cameras, encoders, recorders, access control panels, and more. The IP address of a camera is used to add it to a VMS or NVR, while client software connects to the VMS or NVR typically via its IP address.
An IP address (IPv4 specifically) consists of four parts (called octets because they contain 8 bits of data) ranging in value from 0-255, separated by periods, such as:
192.168.1.49
The IP address is divided into a network address (192.168.1 in the example above) and a host address (.49 in this case). On a single LAN, the network address is typically the same for all devices, while the host address differs. So 192.168.1.49, 192.168.1.50, and 192.168.1.51 all reflect different devices on the same network.
Analog vs IP Cameras IP Addressing
Analog cameras (whether SD or HD), by definition of being analog, do not have or need IP addresses since they have no network interface. However, analog cameras are generally connected to recorders or encoders that do have network interfaces and therefore use IP addresses.
IP Address Conflicts
If more than one device attempts to use the same IP address, generally neither will be able to connect to the network. On PCs, the user is typically notified that a device has connected and is causing an IP address conflict. However, if two cameras share the same address, errors will typically not be generated, but cameras may randomly go offline or not stream video to a recorder, leading to wasted troubleshooting time.
Note that some manufacturers ship their cameras with a hardcoded default IP address. Plugging more than one into the network at a time may cause address conflicts, so these cameras must be connected one at a time and re-addressed. Installers should check if their chosen manufacturer(s) use default IP addresses and plan initial setup accordingly. An IP Scanner may save you time and frustration.
Subnet Mask / Subnetting
Subnet masks are an advanced topic in IP addressing, outside the scope of this report. Essentially, a subnet mask determines which parts of an IP address reflect the "network" vs. the "host." In practice, the vast majority of networks, surveillance included, use default subnet masks for the IP address class (discussed below), most commonly 255.255.255.0. In class B networks, e.g., 172.20.x.x), the default subnet mask is 255.255.0.0.
Subnets In Large Deployments
For larger camera networks which require over 255 device addresses, subnet masks are most often used to expand the network to an additional subnet or subnets. This is done by changing the last octet of the mask. For every bit that is removed, an additional 255 host subnet becomes available.
As a practical example, changing subnet mask from 255.255.255.0 to 255.255.254.0 on a 192.168.0.1 network allows users to expand into the 192.168.1.1 network without using a router, a total of 510 hosts instead of 255, effectively doubling available IP addresses. Changing the mask to 255.255.248.0 expands this further to 2046 IPs (192.168.0.1-192.168.7.254).
To see how subnet masks impact available addresses, users may refer to commonly available subnet calculators.
For those interested in more information on subnetting, please see our report on Subnetting For Video Surveillance.
Default Gateways
Generally, and typically in video surveillance, the term "default gateway" is synonymous with routers. IP cameras and DVRs, like PCs, have fields to enter the address of the default gateway. In practice, this means the address of the router — the "gateway" to the internet.
The default gateway is needed for computers on other networks to access the IP video surveillance equipment. For example, users at a remote site or on their phones would typically not be able to connect to an IP camera or recorder that does not have a default gateway set. Sometimes, in security applications, not entering in a default gateway is done on purpose, to block any access to the system.
IPv4 vs. IPv6
Because the use of the internet has expanded over time, concerns about the number of addresses available using IPv4 format arose (called address exhaustion), lead to the development of an expanded address format, IPv6.
Unlike IPv4, which uses 32 bits (8x4) for each address, IPv6 uses 16 octets (128 bits total), displayed in hexadecimal (0-9 + A-F). Each group separated by colons represents two octets. For example:
FA80:4322:0000:0000:0202:B3EF:FE1E:8329
This increase in address size results in approximately 34 undecillion addresses, a huge increase over the IPv4 limit of about 4.2 billion addresses.
Many networks support either and both formats, and most modern IP cameras can be configured to use either format. Note that the same format should be used throughout.
IPv4 for Surveillance
Despite IPv6's larger address pool, IPv4 continues to be the dominant format used. Especially for private networks, with a finite number of connected devices like a surveillance system, address exhaustion is not a practical problem. IPv4 remains easier to use and administer, and there is little or no reason to use the more complex IPv6 format.
IPv6 Growing For Internet Addresses
Despite its limited use in surveillance networks, Google reports that IPv6 usage among their users has jumped from ~10% in 2016 to ~20% so far in 2018. This comes after taking 20 years (from IPv6's RFC adoption in 1996 until 2016) to reach 10%.
This growing adoption may increase use in internal networks, but IPv6 is likely to remain limited to the public Internet for some time.
Static vs. Dynamic Addressing
Devices may be set with either a static (does not change over time) or dynamic (changes periodically based on lease time) IP address. Because cameras and NVRs are typically fixed devices and configured to communicate via IP address, giving them dynamic addresses may cause issues when the IP changes, forcing users to reconfigure devices. Therefore, all devices in security systems are typically manually assigned static addresses. Using dynamic addresses for devices that need to be found via their IP address is comparable to trying to deliver postal to homes in a town where the houses are renumbered and the streets are renamed periodically.
However, there are some cases in which dynamic addresses may be used.
- When setting up a new surveillance network, a DHCP (dynamic host configuration protocol) server is often used to temporarily assign IP addresses to devices so they may be reached for configuration. for example, a new camera connected to the network receives an address from the server, which the installer users to perform initial configuration and assign a permanent address.
- Some less crucial devices, such as client PCs and tablets may be dynamically addressed. Since these devices are typically used only periodically, and generally do not need to be reached for configuration or connected to a VMS by IP address as cameras are, assigning them a dynamic address is often sufficient.
For more detail on why static addressing is best practice for IP video systems, read our Dynamic vs. Static IP Addresses post.
Zero-Configuration
There is a subset of dynamic addresses available in use by zero-configuration, commonly called zeroconf, which allows devices to use a dynamic address without a DHCP server in place. In surveillance, the most common example of this is initial setup of IP cameras. Connecting a laptop directly to a camera, with both devices set to use dynamic addressing, they will both be automatically addressed to an address beginning with 169.254. This allows initial configuration to be performed and the IP address changed without needing a DHCP server (note that many, but not all, current cameras support this).
Loopback / localhost
The address 127.0.0.1 is the localhost / loopback address and serves two purposes. As the loopback address it is used for testing the TCP/IP protocol stack. If a machine has network connectivity problems, it is way to test that the NIC and protocol are functioning correctly as shown below:
When used as the localhost, it lets system know that the target is the same as the host. This is commonly used when a client is running on the same machine as a server and for web applications. The screenshot below shows a machine running Exacqvision server and the client on the same machine. The client connects using localhost.
Below is an image of machine running PRTG, where entering 127.0.0.1 into a browser on that machine brings us to the web interface for PRTG.
In general, the relationship between potential unique addresses in a network, and total potential number of unique sub-networks supported is a decision well beyond a surveillance system. The three most common network classes are limited as follows:
- Class A: This type supports over 16 million IP addresses per network, but only supports 128 different subnets. (From 0.0.0.0 to 127.255.255.255)
- Class B: The type supports over 65,000 IP addresses per network, and about 16,000 different subnets. (From 128.0.0.0 to 191.255.255.255)
- Class C: This type supports only 256 IP addresses per network, but almost 3 million subnets. (From 192.0.0.0 to 223.255.255.255)
The vast majority of surveillance/security networks use class C addresses, as the number of devices simply does not require other classes.
Every device on the Internet has an IP address, but not every networked device is on the internet. The difference is the boundary between private vs. public networks. For example, an IP Video network might consist of hundreds or thousands of cameras without a single unit being directly connected to the internet.
Typically only a few tightly controlled devices like routers or firewalls are given a public IP address. However, some recorders or IP cameras may be publicly available (example 1, 2) on the web. This is far more common in consumer/residential and small office use than midsize and enterprise systems, which typically demand tighter security, with organizations' IT department preferring not to open these devices to the internet.
Portions of the "172" and the "192" address ranges are designated for private networks. The remaining addresses are "public," and routable on the global Internet. Private networks can use IP addresses anywhere in the following ranges:
- 192.168.0.0 - 192.168.255.255 (65,536 IP addresses)
- 172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
- 10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)
In modern systems, IP addresses are associated with subnet masking, which helps regulate traffic within a network at the expense of adding a trivial configuration step. Most surveillance systems are installed on a class C network, as evidenced in our Which Private IP Addresses Do You Use For IP Video? discussion, in which 50% of respondents said they use 192.168.X networks for their installations.
Test Your Knowledge
Take this 10 question quiz now
[Note: This guide was originally published in 2015, but substantially updated in 2018 to reflect IPv4/IPv6 changes, subnet masking information, and more]
12 reports cite this report:
Comments (37)
Will IPv4 be discontinued in the near future?
What about DNS server settings?
Preferred DNS server and Alternate DNS server. What are these settings about and should we be concerned about them?
Thanks guys,
Regards,
Jim
Can a device with only one nic have more than one mac address, and conversely can a device with only one nic have more than one mac?
or more simply does every nic have a mac? when we speak of a network interface is that the effectively the same as a network interface card?
In the Network Classes chapter it states -
- Class C: This type supports only 256 IP addresses per network, but almost 3 million subnets. (From 192.0.0.0 to 223.255.255.255)
Why does the address stop at 223.255.255.255 and not 224.225.225.225 for the range of IP's fall in that class. Is it because 224.0.0.0 is the start of Class D?
Does anyone know if there's a tool to detect the IP addresses of any network device on a network and indicate if there is an IP conflict between 2 devices? It would be very valuable since I've seen some installs where there were IP conflicts between a camera and a keypad and that caused both devices to go on/off line. It was by luck that we found the issue.
Does anyone know if there's a tool to detect the IP addresses of any network device on a network and indicate if there is an IP conflict between 2 devices?
Sure, arpwatch is a simple one used in Linux. There are also windows ports.
Very interesting read and information. I don't typically deal with the install or programming side of things, but very good information to have.
What is difference between the IP address, and the subnet address? as this subject is new to me I just need a more clear understanding.
thank you
I am learning :-)
Small error in the ipv6 example ip address. The 3 rd and 4 th octets consist of five digits in stead of four...
Just wandering. a lot of devices from different brands seems to Class C IP addresses starting from 192.168.x.xx. Is there any reason why?
There is no mention of the exclusivity of the address 127.0.0.1 being loopback. Might be something to add to this article.
really good breakdown that helped me understand alot that i was confused on before

In the reading
- Class A: This type supports over 16 million IP addresses per network, but only supports 128 different subnets. (From 0.0.0.0 to 127.255.255.255)
- Class B: The type supports over 65,000 IP addresses per network, and about 16,000 different subnets. (From 128.0.0.0 to 191.255.255.255)
-
Class C: This type supports only 256 IP addresses per network, but almost 3 million subnets. (From 192.0.0.0 to 223.255.255.255
- What about the Networks that starts with 224 and above, (which class it is)
- In the quiz you gave us IP: 233.64.179.110
Say you have IPv6 IP scheme. It says all devices have to be in the same format to connect?
Example in the reading: FA80:4322:0000:0000:0202:B3EF:FE1E:8329
Essentially, is programming the same as IPv4? The first 5 octets are the Network address and last octet is the host?
Also if a large company switches over to IPv6 does that free up their IPv4 IP scheme for a different company to use? I would assume not since their network could be set up with either.
Essentially, is programming the same as IPv4? The first 5 octets are the Network address and last octet is the host?
There are only 4 octets in IPv4 address not 6, and while the first 3 octets typically define the network and the 4th octet defines the host this is not always the case. This is why we need the subnet mask as a companion configuration to the IP address. The subnet mask tells us which octets represent network and which represent host / device.
For IPv6 the first three groupings of numbers (first 48 bits) is the network address. the fourth grouping of numbers is the subnet mask and the last four groupings of numbers (the last 64 bits) are the device address
Also if a large company switches over to IPv6 does that free up their IPv4 IP scheme for a different company to use? I would assume not since their network could be set up with either.
When IPv4 address exhaustion is talked about it is not referring the LAN addressing. It is referring to public IP addresses. e.g. If a company has 8 static IPv4 addresses and they go out of business or switch to IPv6 addresses then their previously assigned public IPv4 address are available for other organizations to use. For LAN usage there is no concern about address exhaustion, since the same internal IP addressing scheme can be, and is, used by many organizations without issue.