Everyone was kind enough to ram my brain chock full of knowledge about switches and I came away feeling like I can explain it to other people. (please don't test me on this, I'll fail)
But now I'm trying to figure out how I want my network to look and so it's best I ask the people smarter than me that actually understand what I'm trying to do.
My house is an average sized, end of terrace in a big city and so while I can get decent Internet speeds, I get lots of WiFi signal congestion with neighbours, buildings, etc.
In my present router, which I really need to replace, I have my NAS and cable box plugged in via Ethernet, everything else is connected via WiFi. That's a bunch of phones, a couple laptops, and a couple Raspberry Pi's (including my one with all my home services, like Home Assistant and my Pi-Hole).
The design I'm cooking up, is that my NAS would be on a virtual LAN with no direct access to the Internet, my Raspberry Pis would have Internet access. I don't need to worry about my smart home devices having Internet access since they're all Zigbee devices. But I plan to switch my cable box to an IPTV box and I'm also wanting to get a video doorbell and security camera for the garden, so that's at least three virtual local area networks. Four if I add a guest network.
My questions are really simple ones and you're probably gonna laugh at how stupid they are… can I do this all with a single switch? Do I need a separate access points for each VLAN or can I have multiple vLANs on a single AP? How many ports should I be looking at on my switch? Would four be enough for my set-up? Also managed is best right?
Yep, it's not as overkill as it first seems.
One managed handles all the VLAN designations and most of the heavy lifting of the network,
One is just a virtual switch in my Proxmox server dealing with the virtual machines and containers.
And then a physical VLAN aware switch at each end of the house for all client devices on multiple VLANS, ie CCTV (no internet), Media VMs on VPN only VLAN, PC, laptop, phones etc on their own, and a management VLAN.
Would you recommend a separate POE switch for the cameras?
Is there anything you would change if you had to start all over again?
My main need of a separate POE is more logistical than networking, it's convenient to power a couple of cameras from a distant switch.
I think if I started over the only things I'd alter would be the number of ports on the main switch. 16 ports at least. I've used all 8 and still have things I would use more for.
Here's a physical diagram (not all clients are shown) that may help some more: