VLAN Layer Requirements for Home/Work/Everything under the sun Network operation

Hi all,

I need you brains and experience to set up separate VLAN's for better security i believe, too many gaps here atm. Last time i want to rebuild the Desktop this week. Seeking your advice. And I'm no expert in networking, so if something sounds ridiculous, let me know, i wont be offended. So, i want to delve into the world of VLANS for added security, free for all here atm. I would like 1x VLAN - For work laptop,1x for IOT Helium Miner as need to use as a node soon too, 1x for my desktop and laptop, mobile, 1x for Guests, 1x for smart devices like TV's and Foxtel boxes, PS4. and Media streaming devices, 1x for power meter monitors, humidity sensors, moisture sensors, 1x for the 4xWi-Fi CCTV cameras outside the granny flat within My granny flats SSID range, 1x for the Western Digital MyCloudEX2 Ultra NAS, 1x for Guests, 1x for the other 4 x WIFI CCTV cameras at the top end of property connected to TP-Link RE650 Access Point via CAT6 cable from here to house which are on a separate SSID.

This is all currently held together by a Huawei B818-236 LTE Router which has a WAN Port and one WAN/LAN1 Port.

I have the Helium minor a Sensecap M1 connected directly into the WAN/LAN1 port on the B818-236 as no ports available on GS108E-300AUS Switch atm. It has the WAN port from the Huawei B818-236 connecting into port 8, then the port 7 is connected to my Desktop atm, as its easier when the router goes to hell to direct log into the B818--236 as they are next to each other, unplug from switch to router to fix it after a factory reset basically. Port 6 goes into the WDMyCloudEX2Ultra NAS also located there on the tv cabinet, port 5 is cable running to the office where there is a unmanaged GS105v5 switch, ( i used to have my desktop plug into port 4 here, but now have the cable that runs into the house and plugs into the GS105E-200AUS , port 3 into the Foxtel IQ4, port 2 into the into Samsung TV Lounge room, Port 2 into TV Bedroom, Port 1 into PS4.......back to the Port 5 connecting the GS108E-300AUS to the unmanaged GS105v5 switch, Port 4 here goes to House into GS105E-200AUS, port 3 goes into Work Laptop on my desk when needed or the personal laptop when needed, port 3 goes into the Brother  Laser Printer when needed.

In the house the unmanaged GS105v5 switch, Port 4 connects to a GS105E-200AUS where port 2 connects to a TP-Link RE-650 wireless Access Point providing coverage to the 3 Wi-Fi Cameras 65meters from here on their secure SSID 2.4Ghz, and port 3 goes to mums Foxtel box as half my data is now used for days of our lives the bold and the beautiful, but that's cool, least i can do for the mum, since after 50 years the shows moved online, her TV , phone, Foxtel box also connect wirelessly to the RE650 AP. 

If you managed to understand all that, you're doing well.

I need to secure all this, i was going to simply replace the unmanaged GS105v5 with another GS105E-200AUS managed switch and use VLAN Layer 2 setup. However, reading allot on the NET, and asking Ai allot i am confused if i need layer 3 VLAN capability, and need to buy a GS108T-300AUS layer 3 switch , which i would swap with the GS108E-300AUS switch, and use the GS108E-300AUS switch in place of the GS105v5 unmanaged switch,.....so we end up with antenna on roof to Huawei B818-236 on cable to Sense cap M1 Helium IOT Minor, the other to GS108T-300AUS layer 3 switch (probably plug the miner into this, and the desktop into the next switch down line to free a port) which plugs into the relocated GS108E-300AUS layer 2 switch at my desk, which feeds into the GS105E-200AUS layer 2 switch up in the house.

All help, comments appreciated, and please point out any mistakes, its been ad hoc network slowly growing never planned for end state. Need proper secure end state now lol.

Now i have not proofread this as its 3am need sleep been rebuilding desktop with fresh SSD and windows install, any malware is DEAD. Nothing is connected to the net other than this laptop atm. and will stay this way until i know what the hell i need to do this right, i have no experience in VLANS, understand the concept, YouTube helping. makes sense.

Question: Do i need a layer 3 switch for all this to work, given all devices at the circus here.

Look forward to some wise advice,

Thank you all in advance,

Much appreciated,

I need sleep.

Laters \m/