Edgerouter Lite Questions

[darrenph1]

OK so I have my ERL set up with WAN+2LAN. I have my home and guest network on LAN 1 and the BI CPU and cameras on LAN2. VPN installed and connectable. Everything works great and BI sees the cams.

I was following a tutorial for putting the cameras on their own VLAN on the ERL and switch and blocking anything incoming or outgoing but it was for a Mac using security spy so I couldn't get BI to see the cameras after putting the cameras on the VLAN and adding the VLAN info on the BI nic.

Instead can I just set up firewall rules per camera mac address to just drop everything in/out but OK it for the local?

 

[nayr]

you dont need vlan's if your running 2 LAN's (subnets), and using VLAN's will require VLAN capable switching hardware..

you can setup firewall rules between both subnets and each subnet and the internet to control access..

 

[darrenph1]

you dont need vlan's if your running 2 LAN's (subnets), and using VLAN's will require VLAN capable switching hardware..

you can setup firewall rules between both subnets and each subnet and the internet to control access..

Thanks Nayr! I thought going the 2LAN route would make the VLAN unnecessary. I do have a VLAN capable switch (Ubitquiti) and good to know about blocking between subnets. I wasn't sure if I needed to do that or not.