Supergrunged

The latest trend is Ubiquiti, as you can easily remote manage it from an app. Many other companies have followed suit. I've used the Snap AV products for years, as they have their OVRC app to manage all this, as well as a wattbox for remote rebooting, incase I loose internet, or just a fresh reboot weekly.

It sounds like your cabling is fine for what you use. The latest trend in wireless, is Wifi 6, and just use POE switches for access points to get your wireless needs. This also frees up resources for a router, to just be a router, instead of going the all in one route. Also, this future proofs your setup, as with the changing wifi standards, you just program new access points as needed, instead of having to rebuild your entire network again. D-Link makes some solid access points, for reasonable, as well as their managed 1200 series switches have been bulletproof for me. Ubiquiti has APs, as well as managed switches, again, if you wish to switch to their eco system.

Throw in a Dell Sonic Wall, and make the POS company happy. They're the industry standard for a reason, where I wouldn't use a consumer based product for this instance, due to the security issues with many of them. They want a SECURE firewall in front of those terminals, and it keeps you in compliance with the latest rules.

Reading what you have, your current system is not in compliance, with the debit machines accessing the internet with NO FIREWALL. The fines are not cheap, if something happens.

This is more dependant on the switch. So I'm gonna say no, for the simple fact, unless the ports are separate, and a member of said VLAN, it's basically a dumb switch. You have to program what ports belong to that VLAN and not the untagged VLAN.

Sorry it isn't just plug and pray.

DITEK was the stuff I used to use in the field. Protected equipment, but they're throw away surge surpressors. Once it's fried, replace.

As others have suggested, lighting rods. And the ground you're refering to? I'd suggest driving your own ground at the barn, seperate from the electrical for this system you're grounding to.

There's stuff out there to protect your equipment, but you'll be replacing it many times over if you don't go the lightning rod route. I know from first hand experience, as I hope someone else doesn't have to watch a 66 block light up in your face, while working on it, due to a lightning strike.

I don't think it's more clashes here, but more how much of this is wireless? Especially if cameras are wireless, it can bog down bandwidth as a whole.... Everything else looks as it should, where an IP address conflict, would pop up as an error in the router.

You say this, like I haven't wired houses with Fiber for future LOL! Is it worth it? Not right now. But we'll see what time tells.

According to the photo of the cover you posted, it's not even punched down 568A or 568B. Thankfully the pins are labeled on this original picture here, so put it in the same order as an RJ45. Start with Orange stripe on pin one, then do a 568B across the board.

Look for a router with multiple wan ports. I used a Luxul XBR-2300 for this style setup for years. My current Araknis AN-310 will do up to 3 Wan ports for fail over. It really depends on how much you're willing to spend.

Just put it on a seperate network, with no internet connection. Use a server as a passthrough, so you have control. Stay away from anythibg cloud based. Pretty easy stuff honestly.

Provided the wiring is home ran, and not daisy chained, it should work. You'll have to double check the terminations at each wall plate jack as well, when you do crimp on RJ45s. And do yourself a favor while doing it.... Label things, for easy identification later. Will help troubleshooting down the road, and any odd connections you may think up, or add.

So... For starters, far as I can tell, you did click something. You did business with a client, and may have downloaded an attachment from them. It may have been a bill, or something important, but going forward, I would suggest a good anti virus software to scan all documents before you download them, like ESET. ESET also works on mobile platforms too. I say this, with a grain of salt, as I got, business is business. But things can be added where we least expect them, like a PDF for a bill we need to pay...

So the comprimised hardware? Trash it. Don't use it. Don't add it to the network, unlsss you want other problems. Get your own modem. Don't use Xfinity's supplied bridge. They should support the Arris SB8200

For a router/firewall, the Dell Sonic wall is probably overkill for your situation, but the industry standard for a good firewall to protect transactions and credit card information in most resturants for their point of sale. Cheaper is Fortinet. These are enterprise level products though, and with that, comes the frustration of having to know how to program them, similar to Cisco switches.

Any good POE switch will do, and acess points are really dependant on features you need. I find D-Link products to be decent in this area, for reasonable money, just make sure you use encryption, and have a strong password for network access.

Best of luck in your resolution

So yes, your diagram does make sense. As others mentioned, VLANs depends on how many rules you want to program. Personally, I have home automation on it's own VLAN anyways, just for security.

You mention "reliable" here.... Where, the switch fails, then what? My home setup, off the router, I have 2 switches, and my NVR connected to it. One switch is hardwired network. The other is just the wireless access points. For redundantcy, I designed my network this way, so I can work on the hard wired, and wireless works. Or she complains the wireless network isn't working, I can just reboot the switch remotely, and not affect her hardwired work laptop, or hardwired apple TV she might be watching.

To further redundantcy, I have a Wattbox, which reboots the modem if we loose internet, as well as I have it scheduled to reboot the modem once a week for redundantcy sake. The switches are on this, so I can reboot them as well. I'm lazy, and I don't want to go downstairs to reboot this stuff LOL. Ubiquiti has similar power management products.

Really designing a network though, think, "what do I have to do, if this fails?" as well as "is there anything I can do to minimize network downtime?". Little things make a huge difference in how you manage your network. The less time you have to spend fixing, or troubleshooting it? The more time you can enjoy the little things, like having the issue resolved already, instead of having to get the call of "the internet isn't working"