Personally, I would not open port 80 nor mess with the VLANs. Instead, I'd opt for a good VPN (IPsec or OpenVpn, for example) and be done with it. You'll have a secure connection and you'll be able to access anything on your LAN -- not just the camera(s). (Of course you need to open the ports for those but I trust them more too. )
If you try to go the VLAN route, you need to carefully plan how packets will be tagged and/or untagged for the VLAN. It's easy to get odd behavior and, if it's not documented, you'll be scratching (or banging) your head wondering where it all went wrong. Without providing more detail, it will be difficult to get help with it too.