Home Networking

198 readers

1 users here now

A community to help people learn, install, set up or troubleshoot their home network equipment and solutions.

Rules

Please stay on topic.
Please use the search function to look for keywords related to what you want to ask before posting since most common issues have been answered.
No Ads. This community is for support and discussion. Ads and self promotion are not welcome here.
No product reviews or announcements. If you have a question about a product, be specific about what you want to know.
Be civil. Don't be a jerk. Not being a jerk is surprisingly easy.
No URL shorteners. URL shorteners tend to hide the real use of a link. For this reason, please use normal links, even if they're long.
No affiliate links.
No gatekeeping. With profession shall come professionalism. Extend help without judging others for their ignorance. The same goes for downvoting of comments or posts for "stupid questions" or not being as knowledgeable as others.

founded 1 year ago

MODERATORS

[email protected]

How would you set up VLANs and Firewall rules for this home network? (imgur.com)

submitted 1 year ago by [email protected] to c/[email protected]

4 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 year ago

I would create another VLAN just for cameras with appropriate firewall rules. Allow Trusted into this "no-internet" VLAN but nothing to the internet. One way would be to figure out which ports the cameras use so you can add a firewall rule to allow communication to the NVR's IP. Another way would be to set the NVR on a static IP in the IOT and allow all traffic to it from this camera VLAN, (this is probably the easiest but not the most secure).

As a side note, I try to set as many things that I can on a static IP, it enables the use of firewall rules, also helps with normal monitoring.

As another side note - The Unifi APs support up to 4 VLANs (1 per SSID) - they also support the use of a SSID with multiple passwords which will allow connection to a VLAN depending on which password is used. It's a new feature and I haven't used it, so idk how well it works or other issues.