How Do I Set Up Arlo Cameras on a VLAN or Separate IoT Network?
- VLAN firewall rules blocking outbound traffic from IoT network to internet
- mDNS or SSDP broadcast traffic not forwarded between VLANs
- Arlo app on phone and Arlo SmartHub on different subnets cannot discover each other
Problem Description
You want to isolate your Arlo cameras on a separate VLAN or IoT network for security purposes. Placing IoT devices on their own network segment prevents compromised cameras from accessing your main computers and personal devices. However Arlo cameras and SmartHubs require specific network configurations to function correctly on a VLAN including outbound internet access and sometimes mDNS or SSDP discovery traffic between VLANs for the Arlo app to find the hub. This is a common topic on home networking forums for security-conscious users.
Symptoms
- Arlo cameras work on main network but go offline when moved to VLAN
- Arlo app cannot discover or control SmartHub on a different VLAN
- SmartHub gets internet on VLAN but cameras show unavailable in app
- Live view fails from devices on the main network to cameras on IoT VLAN
- Arlo cloud connection works but local network features do not
- mDNS discovery between VLANs not working preventing app device detection
Recognize these? Here's what usually causes it.
Common Causes
- VLAN firewall rules blocking outbound traffic from IoT network to internet
- mDNS or SSDP broadcast traffic not forwarded between VLANs
- Arlo app on phone and Arlo SmartHub on different subnets cannot discover each other
- VLAN DNS configuration not resolving Arlo cloud domain names
- Inter-VLAN routing not configured preventing any cross-VLAN communication
- VLAN DHCP scope not providing a default gateway or DNS server
Most fixes happen in the first 3 steps.
Over-restrictive firewall rules on the IoT VLAN can prevent Arlo firmware updates, cloud recording uploads, and push notifications. If features stop working check your firewall logs for blocked traffic from the IoT VLAN and add necessary allow rules. Arlo uses AWS cloud servers so allowing traffic to amazonaws.com domains is essential.
Step-by-Step Solution
Plan Your VLAN Architecture
Create a dedicated IoT VLAN with its own subnet for example VLAN 30 with subnet 192.168.30.0/24. Your main network might be VLAN 1 with 192.168.1.0/24. The IoT VLAN needs its own DHCP scope providing IP addresses, a default gateway pointing to the router, and DNS servers. Most managed routers and access points like UniFi, pfSense, or OPNsense support this natively.
Configure IoT VLAN Firewall Rules
Create firewall rules for the IoT VLAN that allow outbound traffic to the internet on ports 443 HTTPS and 8883 MQTT which Arlo requires. Block traffic from the IoT VLAN to your main network to prevent compromised devices from accessing personal computers. Allow established and related return traffic from the internet back to the IoT VLAN. This gives Arlo cameras internet access while isolating them from your main network.
Handle the Arlo SmartHub Placement
The Arlo SmartHub connects via Ethernet. If you plug it into a port on the IoT VLAN it will be isolated from your phone on the main network. However Arlo primarily uses cloud-based communication so the app on your phone talks to Arlo cloud servers which then talk to the SmartHub. As long as both have internet access the app will work. Local features like local storage access may not work cross-VLAN without mDNS.
Enable mDNS Reflection If Needed
If the Arlo app cannot discover the SmartHub across VLANs enable mDNS reflection on your router. On UniFi this is under Settings then Networks then enable mDNS. On pfSense install the Avahi package and enable mDNS repeater for both VLANs. On OPNsense enable mDNS under Services. This allows the discovery protocol to cross VLAN boundaries so the app can find the hub locally.
Create WiFi SSID on IoT VLAN for WiFi-Direct Cameras
For WiFi-direct cameras like Arlo Pro 4 create a dedicated WiFi SSID on the IoT VLAN. In your access point configuration create a new SSID tagged to VLAN 30 on 2.4GHz only. Connect WiFi-direct cameras to this SSID. They will be on the isolated IoT network with internet access but no access to your main network devices. The Arlo app will control them through the cloud.
Quick Solutions
Still having issues? This is usually the deeper cause below.
Camera issues that start suddenly almost always trace back to an upload bandwidth drop — run a speed test before assuming hardware failure.
Test your VLAN setup by first connecting one camera and verifying full functionality including live view, recordings, notifications, and firmware updates. Only then migrate all cameras. This prevents a situation where all cameras go offline due to a misconfigured firewall rule.
Live view problems that start suddenly usually trace back to an upload speed drop — the camera itself is fine, the bandwidth path to the cloud isn't.
- VLAN firewall rules blocking outbound traffic from IoT network
- mDNS or SSDP broadcast traffic not forwarded between VLANs
- Arlo app on phone and Arlo SmartHub on different
- VLAN DNS configuration not resolving Arlo cloud domain names
- Inter-VLAN routing not configured preventing any cross-VLAN communication
Before you go — try one of these (they fix most cases).
Official Manufacturer Manual
If you need the complete manufacturer documentation for advanced setup, wiring diagrams, or detailed specifications, you can download the official manual below. The manual includes full technical instructions directly from the manufacturer and may help if your issue requires deeper troubleshooting.
Download the Official Arlo Camera System ManualSource: arlo.com
Need More Help? Arlo Support
Note: The contact information below connects you directly to Arlo's official customer support team, not Trunetto. They can help with warranty claims, device replacements, and advanced technical issues.
How Does Arlo Compare?
Before replacing your Arlo device, see how it stacks up against alternatives in our full comparison guides.
