Subnetting for Video Surveillance

RFC1928 has 3 bit blocks set aside for the private space :

24-bit block: 10.0.0.0 ~ 10.255.255.255 : 8-bit subnet (255.0.0.0)

20-bit block: 172.16.0.0 ~ 172.31.255.255: 12-bit subnet (255.240.0.0)

16-bit block: 192.168.0.0 ~ 192.168.255.255: 16-bit subnet (255.255.0.0)

Just type in google a subnet chart and you can pick the one you want. It's not that difficult.

The subnet mask determines which other addresses a device at a specific address can reach. For any bit in the subnet mask which is a "1", the reachable address must be identical to that of the device's specific address.

If you have a subnet mask of 255.255.255.0, a device at 192.168.1.1 would be able to reach devices at          192.168.1.2 to 192.168.1.254. [It's 254 since 255 is usually reserved.] The first three "octets" being 255 are all "1"s, so a reachable device's address must be identical to the first three octets of the device at 192.168.1.1, i.e., 192.168.1  .

If you changed the subnet mask to 255.255.252.0, a device at 192.168.1.1 would be able to reach devices at 192.168.1.2 to 192.168.3.254.

See Undisclosed #3's "Subnet mask quick reference" below and RFC1918 at tools.ietf.org. (if you are really interested).

Or does it become reachable when the subnet digit is changed?

Yes, this is the concept of subnet masks exactly.

When one device with an IP address wants to connect to another device with an IP address, one of the first things it needs to determine is if that other device is on the same LAN (meaning it can send packets to it directly), or if it on a remote network (meaning the packets need to be sent to a router, who can then route them to the appropriate remote network).

The subnet mask and local IP address are used to compute which IPs are local and which are remote.

If you use a subnet mask like 255.255.255.240, then even devices where the 3rd digit (octet) match won't necessarily be able to send packets directly to each other. (subnet masks where the 4th octet are non-zero are more common in datacenters where you might only be allocated 8 IP addresses for your specific use).

All devices on the same subnet are on the same broadcast domain  talk directly and can not be firewall from EACH OTHER.  A bad network card can cause issues on the entire broadcast domain.  Routes between private subnets must be routed by a router.  So you need real router such as Cisco Mikrotik, etc. Security mandates Like Hippa require network isolation via separate networks IE.  subnets

You may never need to deal with networks containing more than 254 devices, but chances are that you will encounter networks that were setup to deal with less.  The most common situation would be a small business that has requested a small block of public IP addresses in order to host something on their own network and provide access to the Internet.  The ISP will issue the minimum amount of IP addresses that it can get away with (they charge pretty heftily for public IP addresses) and they will use IP subnetting to do this.  In most cases a company will get a block of 8 public IP addresses which be a 255.255.255.240 subnet (of these only 6 are actually accessible, the first of the block is the "network" block and the the last of the block is the "broadcast" address, network is all 0's in the address, broadcast is all 1's)

It does get pretty complex, I still find myself working the bit chart -> 128 - 64 - 32 - 16 - 8 - 4  - 2 - 1, but I enjoy it.

Hope I didn't confuse things too much more.

You can use https://angryip.org/ as a poor layman's tool to find how many subnets you can reach by using a static ip and launching angry.

Using IP: 192.168.1.1  SUB: 255.255.255.0

Using IP: 192.168.1.1  SUB: 255.255.248.0

Yayy, IPVMSTER..yes I am bored, should be finishing quotes.

#4, thanks for your first comment, yes, see our 2019 IP Networking Book and our Spring 2019 IP Networking Course (which starts next Tuesday).

You beat me to it!  I was going to also add, that if there is even the minutest possibility of increasing the scope of your network, to be certain to place the critical/static addresses at the bottom of the address scope.  For example, use x.x.x.1 for your Logical Default Gateway (assuming something like .2 and .3 will be the physical interfaces for redundant/failover routers) and reserve the rest of the single-digit last octet address for other network-specific devices. This way, if you ever have to expand, you don't have reprogram all your devices, and the network gear doesn't sit in the middle of your address scheme (I'm picky that way).

For a simple/small implementation, I always plan an addressing scheme based on the known Day-1 requirements, plus a 3 year out potential expansion forecast.  Something like this -

x.x.x.0 - network address
x.x.x.1 - Default G/W
x.x.x.2 - x.x.x.10 - network devices, DNS, SNTP, etc.
x.x.x.11 - x.x.x.30 - servers, storage, workstations (maybe)
x.x.x.31 - x.x.x.40 - encoders, decoders, audio, I/O, intercoms
x.x.x.41 - x.x.x.50 - reserved for who-knows-what may come
x.x.x.51 - x.x.x.254 - cameras (bottom-up) and access control (top-down)

For a larger implementation, video and access (and intrusion?) might be on separate VLANs.

True but a subnet is always a sub of another net while a super is never a super of a supernet. Might as well add sub/super nets to IPv6 to further discombobulate the donkey logic of noobs.

FWIW...I use Advanced IP Scanner all the time and it does see all the active NICs on a machine and allows you to scan all of them in a scan.  A very useful tool.

Yes all network connected devices must have a common subnet mask.