I like this setup. Mine is much simpler, but I dig your vibe with the VLANs. I don't have any Internet failover or VPN, and have settled on:
- Regular VLAN: Access to LAN and Internet (I insist on having root on the device for it to go here)
- Guest VLAN: Access to Internet only
- Quarantine/IoT VLAN: Access to LAN only
I don't feel I need any more granularity than that. Of course the primary LAN backbone is 1Gig ethernet, but I have APs every 50 feet or so for phones.
I thought about 10Gig but then I decided almost no device I own can actually make use of it and even if it could, there are better ways to do it. I don't need to have 10Gig just to be able to edit videos/photos if I can easily solve the problem and copy them locally for the duration. Also almost everything uses WiFi and there are only two computers (my macbook pro and gaming PC) that are connected to ethernet.
As to APs, having multiple APs (well configured) and a good router (well configured) has much bigger impact on the quality of user experience than the actual throughput of the broadband itself.
- Regular VLAN: Access to LAN and Internet (I insist on having root on the device for it to go here)
- Guest VLAN: Access to Internet only
- Quarantine/IoT VLAN: Access to LAN only
I don't feel I need any more granularity than that. Of course the primary LAN backbone is 1Gig ethernet, but I have APs every 50 feet or so for phones.