A guest vlan only has access to the internet by definition. If you want your friends to access your media, just create an additional wifi ssid in your internal network for that purpose. That way, you can have your media in your internal network and avoid apps connectivity issues (ex : soundbar app requires your phone or tablet to be in same vlan to manage it).

😊

Nice thinking 😊

That being said, network vlan are gr8 for Network security. Since you plan on using L2 switch, having many vlan will require going back to router every time you initiate communication between 2 vlans.

Here’s my 2 cents:

• guest and IOT is a no-brainer. They need to be secured.
• I would have an internal vlan, 1 for internet/dmz (depending on your needs),1 for iot, and 1 for guest
• unless you want to do some serious security firewall rules, server vlan probably overkill.
• Out of band management vlan is nice, but most consumers’ network equipment don’t have a dedicated port for that. So, it’s probably overkill in your scenario.
• put as many streaming devices (media, tv) on a physical ethernet cable to reduce latency.

Happy design!

Zigbee hub uses 2.4ghz but not the exact same frequency. Hub is usually connected to network with ethernet cable, much cleaner if many devices.

Look at this. https://www.metageek.com/training/resources/zigbee-wifi-coexistence/

Looks good. It’s almost like my home setup. Vlan are great for security, but don’t overdo it ; camera in a separate vlan, and that’s it. Give your main vlan access to cameras, and give camera minimal access to the internet for firmware updates.

IOT : if you plan for more than 5 devices, do not use wifi (iot uses 2.4ghz and 2.4 doesn’t scale well with multiple devices). Use a zigbee or zwave gateway instead.

Everything else looks good 👍