I’m a bit confused about how to configure this new security camera I purchased.
I have a B One with a wired private LAN, and up until today, a single SSID on a dedicated VLAN for IoT devices (I’ll call the latter Wifi/VLAN A). VLAN A is configured with “Block all Private IP” in its Guest Protect section (to keep it from accessing any devices on the private LAN), and both the private LAN and VLAN A have inter-VLAN routing disabled. Wifi A also has layer-2 isolation enabled.
My goal is to add this security camera wirelessly such that it can stream (via RTSP) to devices on the private LAN, but blocked from doing absolutely anything else. So I’m trying to figure out the most restrictive, secure way to set that up.
My guess is that I should create a dedicated SSID and VLAN for this camera (call it wifi/VLAN B). Sometimes I’ll need to also connect a smartphone to wifi B to change the camera configuration.
I assume I’d have to enable inter-VLAN routing on both the private LAN and wifi B. So one question is, will leaving inter-VLAN routing disabled on Wifi A keep it from communicating with any devices on the private LAN and VLAN B, even though the private LAN and VLAN B will have inter-VLAN routing enabled?
The other question is: how to I limit the camera on wifi/VLAN B to RTSP only? There seem to be multiple parts of the web UI that might do the trick.
- In the Access Rules page, there are Internal Firewall Rules.
- In the SSID settings for wifi B, there are Guest Protect settings (containing Block All Private IP, Custom Subnet, and Block Exception settings), and Firewall Settings.
What is the best way (or at least a good way) to configure things so that I don’t accidentally leave the critical devices on the private LAN vulnerable?
Thanks so much to anyone who has suggestions.