Dahua VTH2621G-P - User Manual

This document serves as a Quick Start Guide for the Digital Indoor Monitor (Model G), also referred to as VTH. It outlines the basic operations, safety instructions, and configuration procedures for the device.

Function Description:

The Digital Indoor Monitor (VTH) is a component of an intercom system, designed to facilitate communication and monitoring within a building or villa setting. It can connect to a Video Door Station (VTO) and other VTHs, allowing for video calls between devices. The VTH can function as a client to a SIP server, or in some configurations, a VTO can act as the SIP server. Key functions include:

• Intercom: Making and receiving video calls from a VTO or other VTHs.
• Monitoring: Viewing live video feeds from connected VTOs.
• Configuration: Setting up network parameters, SIP server details, and VTO/VTH specific information.
• Group Call: When enabled on the SIP server, all extension VTHs receive calls made to a main VTH.

Important Technical Specifications:

The manual describes three models of VTHs:

• Non 2-wire VTH that supports both Wi-Fi and PoE.
• Non 2-wire VTH that only supports PoE.
• 2-wire VTH that supports Wi-Fi.

Rear Panel Components (2-wire model):

• Alarm port: For connecting alarm devices.
• 2-wire port: For 2-wire communication.
• Network port: For network connectivity.

Rear Panel Components (non 2-wire model):

• Alarm port: For connecting alarm devices.
• Power input port: For power supply.
• Network port: For network connectivity.

SIP Server Configuration Parameters:

• IP Addr.: IP address of the VTO acting as the SIP server.
• Port: 5060 (default for VTO as SIP server), 5080 (default for platform as SIP server).
• Username/Password: Leave as default.
• SIP Domain: Leave as default (VDP when VTO works as SIP server).
• SIP Server Username/Password: SIP server web page login credentials.

VTH Configuration Parameters:

• Room No.: Room number for the VTH (e.g., 9901 or 101#0). For multiple VTHs, the main VTH ends with #0, extensions with #1, #2, etc. (up to 9 extensions).
• Master IP: IP address of the master VTO.
• Master Name: Name of the master VTO.
• Master Pwd: Password for the master VTO.
• Version: Device software version.
• SSH: Secure Shell setting (ON/OFF).

VTO Configuration Parameters (on VTH):

• Main VTO Name: Name of the main VTO.
• VTO IP Address: IP address of the main VTO.
• User Name/Password: Login credentials for the main VTO.
• Enable Status: ON/OFF for the main VTO.
• Sub VTO1 Name: Name of the sub VTO.
• VTO IP Address: IP address of the sub VTO.
• User Name/Password: Login credentials for the sub VTO.
• Enable Status: ON/OFF for the sub VTO.

Usage Features:

• Quick Start Guide: Provides a streamlined setup process for first-time users, covering initialization and basic configuration of VTO, VTH, and SIP server.
• Manual Configuration: Allows for detailed adjustment of network parameters (WLAN/LAN), SIP server settings, VTH specific configurations, and VTO additions.
• Password Protection: Requires a strong password for initialization and login, with options for email-based password reset. Passwords must be 8-32 non-blank characters, including at least two types of uppercase, lowercase, numbers, and special characters (excluding ' " ; : &).
• Device Initialization: The VTO requires initialization upon first power-on, involving setting a password and optionally an email for recovery.
• Network Connectivity: Supports both Wi-Fi (WLAN) and wired (LAN) connections. DHCP function can be enabled for automatic IP information acquisition.
• Room Numbering: Room numbers can contain up to 6 digits (numbers or letters) and must be unique from VTO numbers.
• VTO and VTH Management: The SIP server's web page allows adding and managing VTOs and room numbers for VTHs.
• Intercom Functionality Check: After configuration, users can test the VTO calling VTH and VTH monitoring VTO functions.
• SD Card Support: The device supports SD cards for recording and snapshots, indicated by active icons on the monitoring page.

Maintenance Features:

• Firmware Updates: Recommendations to keep device firmware up-to-date for security patches and fixes. An "auto-check for updates" function is suggested for public network connections.
• Client Software Updates: Advised to use the latest version of client software.
• Physical Protection: Suggestions for physical security, such as placing the device in a secure room/cabinet and implementing access control.
• Regular Password Changes: Recommended to change passwords regularly to mitigate guessing or cracking risks.
• Password Reset Information: Device supports password reset, and users are advised to set up and timely update related information (mailbox, security questions).
• Account Lock: Feature enabled by default to lock accounts and source IP addresses after multiple failed login attempts.
• Port Customization: Suggestion to change default HTTP and other service ports to numbers between 1024-65535 to reduce external guessing.
• HTTPS Enablement: Recommendation to enable HTTPS for secure web service communication.
• MAC Address Binding: Advised to bind IP and MAC addresses of the gateway to the device to reduce ARP spoofing risk.
• Privilege Management: Reasonably assign users and minimum permissions based on business needs.
• Service Disablement: Recommend turning off unnecessary services (SNMP, SMTP, UPnP) to reduce risks. If necessary, use secure modes (SNMP v3 with strong encryption, TLS for SMTP, SFTP for FTP, WPA2-PSK for AP hotspot).
• Encrypted Transmission: For sensitive audio/video data, enabling encrypted transmission is recommended, though it may cause some loss in transmission efficiency.
• Secure Auditing:
  • Check online users: Regularly verify authorized logins.
  • Check device log: Review logs for IP addresses and key operations.
• Network Log: Enable network log function to synchronize critical logs to a network log server for long-term tracing, due to limited on-device storage.
• Safe Network Environment:
  • Disable router port mapping for intranet device protection.
  • Partition and isolate networks using VLAN, network GAP, etc., if no communication is required between sub-networks.
  • Establish 802.1x access authentication.
  • Enable IP/MAC address filtering to limit host access.