VLAN on WiFi+Ethernet for security cameras

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

reddy

Occasional Visitor
Hi.
I'm running good old RT-N66U (currently on 374.43_45ECj9527 LTS Merlin fork, surely need to upgrade to the recent one) and I wanted to set up a VLAN for home security cameras which is completely separated from the main home network (or ideally allow one-way connections, from the main home network to the cameras VLAN but not the other way round), but still with access to the Internet.
So far I managed simply by using the guest network for that purpose and setting "Access Intranet" to off. I would like, however, to add a simple NAS to the cameras VLAN, so they can save their streams there. The NAS I have has no WiFi, so I can't simply connect it to the same guest network.
Is there a possibility to set up a VLAN between selected WiFi devices and some on the Ethernet? I'm fine with CLI config (as long as it lasts during firmware updates) and configuring by MAC addresses, if necessary.
I did a quick search and there are tutorials to isolate an Ethernet port, but that would mean I'd have to buy and connect separate AP just for the cameras and the NAS. Can this be achieved using RT-N66U only?
 

ColinTaylor

Part of the Furniture
Guest networks are not VLANs. As you have found there are some user hacks that create VLANs if you want to try that. But if all your cameras are wireless and the only wired device is the NAS you could probably use YazFi instead. That has the ability to create pinholes between the intranet and devices on an isolated guest network.
 

reddy

Occasional Visitor
Guest networks are not VLANs.
True, I just used it to simulate one. At least to separate the cameras from the home intranet.

But if all your cameras are wireless and the only wired device is the NAS you could probably use YazFi instead. That has the ability to create pinholes between the intranet and devices on an isolated guest network.
Yes, that's the case. All the cameras are wireless but NAS is wired-only. Thanks for the hint, I'll take a look at YazFi. Though if I got you right, this opens the possibility to connect from the isolated guest network to a specific device (NAS in my case) inside the intranet. This sounds like a potential security issue, isn't it? If someone hacks the camera then can connect the NAS and potentially hack it to gain access to the whole intranet, right? That's why I'd prefer to put the NAS within isolated camera VLAN-like network.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top