Basic VLAN setup with access from LAN via port

Hello,

Quite simply I'm looking to create a VLAN for a wired IP CAM to segregate it for security reasons. I would like the devices on the LAN interface to be able to communicate with the VLAN on port 554 only (RTSP video streaming) which seems like a safe approach.

My method below for some reason fails to allow communication between the networks, even failing a Ping request.

Addresses:

LAN - 10.123.123.1
CAMERA VLAN - 10.123.124.1

My steps:

  • Set LAN interface IPV4 address to 10.123.123.1
  • Create VLAN (id 3) with Port 3 untagged and CPU tagged
  • Add new interface - static address using eth0.3 and IP 10.123.124.1, assign new 'CAMERA' firewall zone, enable DHCP

When I configure the CAMERA firewall to allow forward traffic from LAN (via Zones), or try to configure a rule to allow LAN to CAMERA traffic , devices from LAN still cannot communicate with the camera.

With either firewall configuration, PING from LAN to CAMERA says "Request timed out.".

Is there something simple I'm missing here? I've done numerous searches but have struggled to find a solution.

Thanks

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like