Home Surveillance Setup - NVR and Cameras

A comprehensive guide to setting up a professional home surveillance system using PoE cameras, network switches, and Frigate NVR software with proper network security.

Introduction

Setting up a home surveillance system has become increasingly accessible with modern IP cameras and open-source NVR software. This guide walks you through creating a robust, secure surveillance network using Power over Ethernet (PoE) cameras, managed network switches, and Frigate NVR software running on a Raspberry Pi or laptop.

Key benefits of this approach:

Professional-grade security with VLAN isolation
Cost-effective compared to proprietary systems
Scalable - easily add more cameras
Local storage - no cloud dependencies
Open-source flexibility with Frigate’s AI detection

Network Architecture Overview

The following diagram illustrates the complete network architecture for our home surveillance system:

Home surveillance network architecture diagram showing camera VLAN isolation, PoE switch, and NVR setup — Network Architecture - Isolated Camera Network with VLAN

This architecture ensures that cameras are isolated on their own network segment (VLAN 10), preventing direct access to your main home network while allowing the NVR to manage and record from all cameras.

IP Camera Categories

Indoor Cameras

Dome cameras for discrete ceiling mounting
Bullet cameras for wall mounting
Pan-tilt-zoom (PTZ) for flexible coverage
Typical resolution: 2MP (1080p) to 8MP (4K)

Outdoor Cameras

Weatherproof ratings: IP65, IP67, or IP68
Built-in heaters for cold climates
Vandal-resistant housings (IK10 rating)
UV-resistant materials

Night Vision Capabilities

Infrared (IR): 850nm LEDs, invisible to human eye
White light: Visible deterrent, color night vision
Starlight sensors: Ultra-low light performance
Range: 15m-100m depending on camera and conditions

Lens and Field of View

2.8mm: Wide angle (110°), good for general areas
4mm: Medium angle (85°), balanced view
6mm: Narrow angle (55°), focused on specific areas
Varifocal: Adjustable 2.8-12mm for flexibility

Camera Recommendations

Budget (₹1,500-3,000)

Mid-range-Premium (₹3,000-7,000)

(PoE) Network Switch Setup

Understanding PoE Technology

Power over Ethernet delivers both data and power through a single Ethernet cable, eliminating the need for separate power adapters at each camera location.

PoE Standards:

PoE (802.3af): 15.4W per port - suitable for basic IP cameras
PoE+ (802.3at): 30W per port - supports PTZ and high-power cameras
PoE++ (802.3bt): 60-100W per port - for advanced PTZ and lighting

Switch Selection for Home Use

6-8 Port PoE Switches (Recommended for homes)

Total power budget: 60-120W
Managed switches preferred for VLAN support
Gigabit ports for 4K camera streams

Switch Recommendations

Budget (₹1,500-3,000)

Mid-range-Premium (₹4,000-15,000)

Installation Tips:

Mount in ventilated area (switches generate heat)
Use UPS for power backup
Leave 20% power headroom for future expansion
Connect uplink to main router/firewall

PoE Camera Setup

Physical Installation

Cable Requirements:

Cat5e minimum, Cat6 recommended for future-proofing
Maximum run: 100 meters per PoE standard
Use outdoor-rated cable for external runs
Proper cable management and weatherproofing

Cable Recommendation:

FEDUS 100 Meter Heavy Duty Outdoor Cat6 Cable Weatherproof/UV Resistant 10000mbps Ethernet Cable - Ideal for outdoor camera installations

Installation Steps:

Plan camera positions
- Test camera angles using smartphone camera first
- Consider lighting conditions at different times
- Ensure adequate PoE power delivery distance
Run Ethernet cables
- Use cable tester to verify connections
- Label cables clearly at both ends
- Secure cables to prevent tampering
Connect and test
- Connect camera to PoE switch
- Camera should power on automatically
- Check switch LED indicators for link status

Network Configuration

Use DHCP reservation or static IP to assign IP addresses to the cameras.
- Camera subnet: 192.168.0.0/24 (VLAN 10)
- Example camera IPs: 192.168.0.101-108
Access Camera Web Interface:
- Find camera IP using network scanner: nmap -sn 192.168.0.1/24
- Access via web browser using discovered IP
- Default credentials often admin/admin or admin/12345
CHANGE DEFAULT PASSWORDS IMMEDIATELY

RTSP Stream Configuration

Getting RTSP URLs: Most IP cameras provide RTSP streams in this format:

rtsp://username:password@camera_ip:554/stream1
rtsp://username:password@camera_ip:554/stream2

Common paths:

TP-Link VIGI: /stream1, /stream2 (or /streaming/channels/1, /streaming/channels/2)
Hikvision: /Streaming/Channels/101 (main stream), /Streaming/Channels/102 (sub stream)

Test RTSP Stream:

Using VLC media player: vlc rtsp://admin:[email protected]:554/stream1
Using ffmpeg: ffmpeg -i rtsp://admin:[email protected]:554/stream1 -t 10 test.mp4

Camera Security Configuration

Essential Security Settings:

Change default credentials
- Use strong passwords (12+ characters)
- Enable two-factor authentication if available
Disable unnecessary services
- Turn off UPnP, P2P cloud services
- Disable ONVIF if not needed
- Remove default user accounts
Network isolation
- Place cameras on dedicated VLAN
- Block internet access for cameras
- Use firewall rules to restrict access

Network Video Recorder (NVR) Setup

Hardware Requirements

Minimum Specifications:

CPU: Quad-core ARM (Raspberry Pi 4) or x86-64
RAM: 4GB minimum, 8GB recommended
Storage: 200GB+ SSD/HDD for recordings
Network: Gigabit Ethernet
OS: Debian-based Linux distribution

Recommended Hardware:

Raspberry Pi Setup (₹8,000-12,000)
- Raspberry Pi 4 (8GB RAM)
- 64GB microSD for OS
- 1TB USB 3.0 SSD for recordings
- Official PoE+ HAT (if using PoE)
Mini PC Setup (₹15,000-25,000)
- Intel NUC or similar
- 8GB RAM, 256GB SSD
- Additional 2TB HDD for recordings

Operating System Installation

Debian Installation:

Download Debian 12 (Bookworm)
Create bootable USB/SD card
Install with minimal desktop environment
Enable SSH for remote management
Post-installation updates

sudo apt update && sudo apt upgrade -y
sudo apt install curl wget git vim htop

System Configuration:

Set static IP address sudo nano /etc/dhcpcd.conf
Add:

# interface eth0
static ip_address=192.168.1.100/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1

# Restart networking
sudo systemctl restart dhcpcd

Configure NVR

Docker Installation

# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $USER

# Install Docker Compose
sudo apt install docker-compose-plugin

# Verify installation
docker --version
docker compose version

Frigate Installation

Create Frigate directory structure:

mkdir -p ~/frigate/{config,media,database}
cd ~/frigate

Create docker-compose.yml:

version: "3.9"
services:
  frigate:
    container_name: frigate
    privileged: true
    restart: unless-stopped
    image: ghcr.io/blakeblackshear/frigate:stable
    shm_size: "64mb"
    devices:
      - /dev/bus/usb:/dev/bus/usb  # Coral USB accelerator
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./config:/config
      - ./media:/media/frigate
      - type: tmpfs
        target: /tmp/cache
        tmpfs:
          size: 1000000000
    ports:
      - "5000:5000"
      - "8554:8554" # RTSP feeds
      - "8555:8555/tcp" # WebRTC over tcp
      - "8555:8555/udp" # WebRTC over udp
    environment:
      FRIGATE_RTSP_PASSWORD: "your_password_here"

Create Frigate configuration (config/config.yml):

mqtt:
  enabled: false

database:
  path: /config/frigate.db

detectors:
  cpu1:
    type: cpu
    num_threads: 3

cameras:
  front_door:
    ffmpeg:
      inputs:
        - path: rtsp://admin:[email protected]:554/stream1
          roles:
            - record
            - detect
        - path: rtsp://admin:[email protected]:554/stream2
          roles:
            - detect
    detect:
      width: 640
      height: 480
      fps: 5
    record:
      enabled: true
      retain:
        days: 7
        mode: motion
    snapshots:
      enabled: true
      timestamp: false
      bounding_box: true

  balcony:
    ffmpeg:
      inputs:
        - path: rtsp://admin:[email protected]:554/stream1
          roles:
            - record
            - detect
    detect:
      width: 640
      height: 480
      fps: 5
    record:
      enabled: true
      retain:
        days: 7
        mode: motion

go2rtc:
  streams:
    front_door:
      - rtsp://admin:[email protected]:554/stream1
    balcony:
      - rtsp://admin:[email protected]:554/stream1

Start Frigate: docker compose up -d
Check logs: docker compose logs -f frigate
Access web interface: http://your_nvr_ip:5000

Security

VLAN Configuration

Create Camera VLAN (VLAN 10):

On managed switch, create VLAN 10
Assign camera ports to VLAN 10
Configure trunk port to router

Router/Firewall Rules:

Block camera VLAN from internet access
Allow NVR to access camera VLAN
Block camera VLAN from other network segments
Example iptables rules:
Block cameras from internet iptables -A FORWARD -s 192.168.0.0/24 -o wan0 -j DROP
Allow NVR access to cameras iptables -A FORWARD -s 192.168.1.100 -d 192.168.0.0/24 -j ACCEPT

UPS Backup Solution

UPS Recommendations:

APC Back-UPS 600VA (₹4,000-6,000) - Basic protection
CyberPower CP1500PFCLCD (₹12,000-15,000) - Pure sine wave
APC Smart-UPS 1000VA (₹15,000-20,000) - Network management

UPS Configuration:

Install NUT (Network UPS Tools) sudo apt install nut nut-client nut-server
Configure UPS monitoring sudo nano /etc/nut/ups.conf
Add your UPS configuration
Set up automatic shutdown sudo nano /etc/nut/upsmon.conf
Configure shutdown parameters

Remote Backup Strategy

Backup Media Directory:

Create backup script nano ~/backup_frigate.sh

#!/bin/bash
# Frigate media backup script
SOURCE="/home/user/frigate/media"
DEST="user@backup-server:/backups/frigate"
DATE=$(date +%Y%m%d)

# Sync recordings (keep last 30 days)
rsync -avz --delete --exclude="*.tmp" \
  --include="*/" --include="*.mp4" --include="*.jpg" \
  --exclude="*" "$SOURCE/" "$DEST/"

# Create daily archive of important events
tar -czf "/tmp/frigate_events_$DATE.tar.gz" \
  "$SOURCE/events" 2>/dev/null

# Upload to remote server
scp "/tmp/frigate_events_$DATE.tar.gz" \
  "user@backup-server:/backups/archives/"

# Cleanup local archive
rm "/tmp/frigate_events_$DATE.tar.gz"

# Log backup completion
echo "$(date): Backup completed" >> /var/log/frigate_backup.log

Automate with Cron:

Edit crontab crontab -e
Add daily backup at 2 AM 0 2 * * * /home/user/backup_frigate.sh
Weekly full backup 0 3 * * 0 rsync -avz /home/user/frigate/ user@backup-server:/backups/frigate_full/

Cloud Backup Options:

Using rclone for cloud storage sudo apt install rclone
Configure cloud provider (Google Drive, Dropbox, etc.) rclone config
Sync important events to cloud rclone sync /home/user/frigate/media/events remote:frigate_backup

Additional Security Measures

Network Monitoring:

Monitor network traffic sudo apt install ntopng
Configure to monitor camera VLAN traffic
Set up intrusion detection sudo apt install suricata
Configure rules for camera network

Access Control:

Set up Tailscale VPN for easy remote access curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
Access your NVR remotely via Tailscale IP
No port forwarding or complex firewall rules needed
Example: http://100.x.x.x:5000 (Tailscale assigns 100.x.x.x IPs)
Use fail2ban for SSH protection sudo apt install fail2ban && sudo systemctl enable fail2ban

There are lot of things that can be improved:

Add a motion detection zone to the camera.
Add GPU or TPU to the Raspberry Pi for better performance.
Add detection notifications via frigate.

Try reading the Frigate documentation for more information.