In this article, we will cover some of the networking best practices for Rhombus devices:
- Create a Dedicated VLAN
- Configure a DHCP Server
- DNS Hostname Resolution
- Firewall Configuration
- PoE Requirements
- Helpful Links
- Contact Support or Sales
Rhombus devices are designed to work well with minimal setup. However, since every network is unique and some may be more restrictive than others, we want to share our best practices to ensure that you have a great setup experience and enjoy using our product.
Create a Dedicated VLAN
While not required, we recommend creating a dedicated subnet for the cameras. This is mainly to simplify the troubleshooting process and make DHCP configuration easier. In case access control lists are utilized between VLANs, port 8000 should be accessible to other VLANs that intend to view footage over the LAN.
Configure a DHCP Server
The cameras are designed to obtain their local network configuration (IP, subnet, gateway, etc.) via DHCP. The cameras cannot be assigned a static IP. We recommend configuring a dedicated DHCP pool that is assigned to the dedicated VLAN the cameras are attached to.
If there is a requirement to have fixed IP addresses, this can be done on the DHCP server using DHCP reservations, matching a reserved IP address with a camera’s MAC address.
DNS Hostname Resolution
The cameras all require access to DNS servers that can resolve hostnames ending with the suffixes rhombussystems.com & rhombus.com. Many networks are using DNS-based security solutions, such as Cisco Umbrella, to prevent cameras from accidentally accessing untrusted resources. We require that all rhombussystems.com & rhombus.com DNS hostnames be allowlisted.
Firewall Configuration
Our cameras are designed to blend in with other devices on the network, so there is no need for any special rules. All network traffic is outbound, which means there is no need for inbound port forwarding.
The cameras use standard ports and protocols such as HTTPS/443, DNS/53, and NTP/123. If these ports and protocols are not already in use, they may need to be allowed in your firewall configuration.
Our client and servers have full mutual authenticated TLS, which means that any security appliances configured to man-in-the-middle SSL traffic will cause the cameras to drop the connection. To avoid this, we require that any such appliance ignore traffic that includes a SNI header for any domain that ends with rhombussystems.com or rhombus.com.
PoE Requirements
All cameras require that the connected switchport supports 802.3af (15.4W). Ensure your switch has a PoE budget that is greater than or equal to the number of expected cameras connected to that switch multiplied by 15.
Example: 4 expected cameras (4x15=60W).
When connecting cameras to a non-PoE switch, a PoE injector must be used. Refer to the following documentation for additional information.
Helpful Links
- Ports and Outbound Rule Set-up for the Network
- Wiring New Rhombus Cameras
- What happens when your internet goes down?
Contact Support or Sales
Have more questions? Contact Rhombus Support at +1 (877) 746-6797 option 2 or support@rhombus.com.
Interested in learning more? Contact Rhombus Sales at +1 (877) 746-6797 option 1 or sales@rhombus.com.
Comments
0 comments
Please sign in to leave a comment.