Here's how I would personally configure it, based on your description (VLAN1 untagged, VLAN2 and 3 tagged) and all devices moved to the new switch.
Once at the enabled prompt (#), type "conf t" to get into configuration mode.
1. enable modern authentication, authorization and accounting:
- aaa new-model
- aaa authentication login local_authen local
- aaa authorization login local_author local
2. Enable password encryption:
- service password-encryption
3. Create your user account:
- username YOURUSERNAME privilege 15 secret YOURPASSWORD
4. Create an enable secret for the terminal:
- enable secret YOURPASSWORD2
5. Since you don't have a separate management VLAN, give the switch an IP on your computer LAN segment:
- int vlan1
- ip address xxx.xxx.xxx.xxx 255.255.255.0 (assuming Class C)
6. Do you want the switch to be able to have accurate time, synch'd to an NTP server? If so:
- ip default-gateway xxx.xxx.xxx.xxx (your firewall's IP)
- ip name-server 208.67.222.222 (or whatever upstream DNS server you want to use, you can also put your home DNS server or firewall here depending on your local setup)
- ntp server time.nist.gov (or you can use your firewall's IP if it provides NTP)
7. Assuming port 1 is our 802.1q uplink:
- int gi1/0/1
- description uplink to firewall
- switchport mode trunk
8. Now, let's assign ports 2 - 12 to VLAN 1 (untagged)
- switchport range gi1/0/2-12
- description computer lan port
- switchport mode access
- spanning-tree portfast
9. Now, let's assign ports 13-23 to VLAN 3 (untagged)
- switchport range gi1/0/13-23
- description camera lan port
- switchport mode access
- switchport access vlan 3
- spanning-tree portfast
Now, there's a quirk where if you don't assign a port to a VLAN, the switch doesn't know the VLAN exists, so we'll temporarily assign port 24 to vlan 2, then turn it into a trunk port for your access point:
- switchport g10/0/24
- switchport access vlan 2
<will get a message about creating VLAN 2>
- no switchport access vlan 2
- description trunk to access point
- switchport mode trunk
So, in this scenario, your router/gateway/firewall, with 802.1q enabled on one of your ports, you connect that to port 1 on the switch. You can then use ports 2-12 for your computer network and ports 13-23 for your cameras. Port 24 is for your wireless access point, also using 802.1q. This assumes VLAN1 on your access point is the untagged VLAN and 2 and 3 will be tagged.
Now, let's restrict management to your LAN subnet. You can use a single IP here (just your workstation) or the entire LAN subnet. For this example, I'm going to use the subnet:
- access-list 23 permit xxx.xxx.xxx.xxx 255.255.255.0 (assuming Class C subnets in use)
And let's setup your VTY consoles for local access and SSH:
- line vty 0 4
- privilege level 15
- authorization exec local_author
- login authentication local_authen
- line vty 5 15
- access-class 23 in
- privilege level 15
- authorization exec local_author
- login authentication local_authen
- transport input ssh
And give the switch a hostname:
- hostname YOURSWITCHNAME
And then finally, commit this configuration to flash:
- exit
- copy run start
