Quite simply I'm looking to create a VLAN for a wired IP CAM to segregate it for security reasons. I would like the devices on the LAN interface to be able to communicate with the VLAN on port 554 only (RTSP video streaming) which seems like a safe approach.
My method below for some reason fails to allow communication between the networks, even failing a Ping request.
LAN - 10.123.123.1
CAMERA VLAN - 10.123.124.1
- Set LAN interface IPV4 address to 10.123.123.1
- Create VLAN (id 3) with Port 3 untagged and CPU tagged
- Add new interface - static address using eth0.3 and IP 10.123.124.1, assign new 'CAMERA' firewall zone, enable DHCP
When I configure the CAMERA firewall to allow forward traffic from LAN (via Zones), or try to configure a rule to allow LAN to CAMERA traffic , devices from LAN still cannot communicate with the camera.
With either firewall configuration, PING from LAN to CAMERA says "Request timed out.".
Is there something simple I'm missing here? I've done numerous searches but have struggled to find a solution.