Subnet or vlan to compartmentalize network for iot

ncompact · May 27, 2025, 9:46am

If this is the configuration, you have already defined VLANs

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '3 4 5t'
	option vid '3'

config device
	option name 'eth0.3'
	option type '8021q'
	option ifname 'eth0'
	option vid '3'

config device
	option name 'br-lan-cam'
	option type 'bridge'
	list ports 'eth0.3'

config interface 'LANCAM'
	option proto 'static'
	option device 'br-lan-cam'
	option ipaddr '10.0.30.1'
	option netmask '255.255.255.0'

from:

ps: security is a process, but in general if you have kept the firewall settings as I have been able to observe you should be quite safe ...

at most you can connect a pc in network cameras (10.0.30.x) and verify that you do not have access to your lan but only traffic to the internet (but from what you have posted it already seems so) at most include in this post your current configuration.

ps: I hope your switches are already management and you have already defined vlans on them

see these documents for possible attacks

https://www.imperva.com/learn/availability/vlan-hopping/