More and more security devices being designed to communicate over local area networks (LAN) and the Internet. In smaller installations the security dealer is going to probably be responsible for making sure all aspects of the system work together. In larger installations the security dealer will probably be dealing with a LAN administrator. In either case the dealer needs to have a basic understanding of routers, IP addresses and configurations such as NAT and Port Forwarding.
An IP address is a set of four numbers in the range of 0 to 255 separated by periods. Each of the four numbers is referred to as an octet. The first three numbers are used to identify the network segment, the third number identifies the device. In order for an IP-enabled device to communicate over a network it needs to have a unique IP address on the LAN. No two devices on the same LAN segment can have the same IP address. IP addresses are assigned by one of two methods. Dynamic IPs are assigned though a Dynamic Host Control Protocol server.
When a network device comes online looking to acquire an IP address, it puts in a request to the DHCP server, the server responds with the IP address, Network Mask, Gateway address, and DNS address. Static IP addresses require the same information and are assigned by the network administrator. In most cases security devices placed on a LAN will be using a static IP address.
When setting up a device to communicate on a LAN you will need to know the device’s IP address, the network Subnet MASK, Gateway address, and DNS address. The Subnet Mask is used by the network to determine which group of IP addresses the device belongs. The Domain Name Service is a group of servers that translate URLs into IP addresses. When you type www.myalarmco.com into your browser the computer uses a DNS server to translate that URL to an IP address such as 188.8.131.52.
Each IP address is broken into 65535 Ports. Ports are the communications pathways, similar to a television channel, that allows IP devices to communicate. In order for one device to talk to another it needs its address and port to establish communications. Some programs like Web pages use what are called “Well-known ports” such as port 80 for HTTP.
Devices connected on the LAN only have access to the internal LAN IP addresses. In order for them to send or receive data from the Wide Area Network (WAN) it needs to communicate through a gateway. The gateway address is the address of the router that connects the LAN to the WAN. When a computer on the network needs to send data to the WAN it sends the data to the gateway. The router then takes the data and sends it though the router’s external public IP address to the receiving computer’s Internet address.
For most purposes data is sent in one of two formats. User Datagram Protocol is a simple method known as connectionless protocol. It’s called connectionless because a connection between two devices is never established. Data is sent in the blind and assumed to be delivered. UDP does not provide any guarantee that the data will arrive in the order sent or be delivered at all. Transmission Control Protocol (TCP) on the other hand establishes a virtual connection between the devices while the data transfer is taking place. TCP data packets are sent and acknowledged so data is reliably transported from one device to another.
Computers which are not on the LAN only have direct access to the public IP address. When a remote device needs to access resources on the LAN it sends data to the public IP address. The router takes care of directing the data to the correct IP address and port. It does so through Port Forwarding. Port Forwarding works by setting up a relationship table within the router that says if TCP data arrives on at the public IP address on port B then send the data to internal IP address XYZ port C; but if UDP data arrives on the same address and port then send the data to internal IP address ABC port D. The router can re-route the IP address and port number but the router does not change the data type.
The Router at your subscriber’s location may have either a static or dynamic IP address. A static IP is the easiest to work with because as its name implies the address does not change. A dynamic address will change from time to time. The easiest way to deal with this is by setting up the router or the Internet device to use a dynamic DNS service. There are many free services and several equipment manufactures run their own service for their equipment.
Now we know what we need to set up a device on a network. A typical example might be a DVR on the LAN where users want remote access. You will need to know what port(s) the device uses. Your technician will need to enter into the DVR the Static IP, Network Mask, Gateway and DNS addresses given to you by the network administrator. You will provide the network administration the port(s) and data types for each used by the DVR. Once these entries are made in the routing table the DVR will be accessible from outside by using the public IP address in the browser or software client provided by the manufacturer.
The secret to getting the cooperation from network administrators is to know what information they need. Providing it in an organized manner and with the settings your equipment needs to function is just how you get on the network and stay there.
Mark S. Fischer is the vice president and chief technology officer at NationWide Digital Monitoring Co., Freeport, N.Y.