This is more dependant on the switch. So I'm gonna say no, for the simple fact, unless the ports are separate, and a member of said VLAN, it's basically a dumb switch. You have to program what ports belong to that VLAN and not the untagged VLAN.
Sorry it isn't just plug and pray.
DITEK was the stuff I used to use in the field. Protected equipment, but they're throw away surge surpressors. Once it's fried, replace.
As others have suggested, lighting rods. And the ground you're refering to? I'd suggest driving your own ground at the barn, seperate from the electrical for this system you're grounding to.
There's stuff out there to protect your equipment, but you'll be replacing it many times over if you don't go the lightning rod route. I know from first hand experience, as I hope someone else doesn't have to watch a 66 block light up in your face, while working on it, due to a lightning strike.
I don't think it's more clashes here, but more how much of this is wireless? Especially if cameras are wireless, it can bog down bandwidth as a whole.... Everything else looks as it should, where an IP address conflict, would pop up as an error in the router.
You say this, like I haven't wired houses with Fiber for future LOL! Is it worth it? Not right now. But we'll see what time tells.
According to the photo of the cover you posted, it's not even punched down 568A or 568B. Thankfully the pins are labeled on this original picture here, so put it in the same order as an RJ45. Start with Orange stripe on pin one, then do a 568B across the board.
Look for a router with multiple wan ports. I used a Luxul XBR-2300 for this style setup for years. My current Araknis AN-310 will do up to 3 Wan ports for fail over. It really depends on how much you're willing to spend.
So... For starters, far as I can tell, you did click something. You did business with a client, and may have downloaded an attachment from them. It may have been a bill, or something important, but going forward, I would suggest a good anti virus software to scan all documents before you download them, like ESET. ESET also works on mobile platforms too. I say this, with a grain of salt, as I got, business is business. But things can be added where we least expect them, like a PDF for a bill we need to pay...
So the comprimised hardware? Trash it. Don't use it. Don't add it to the network, unlsss you want other problems. Get your own modem. Don't use Xfinity's supplied bridge. They should support the Arris SB8200
For a router/firewall, the Dell Sonic wall is probably overkill for your situation, but the industry standard for a good firewall to protect transactions and credit card information in most resturants for their point of sale. Cheaper is Fortinet. These are enterprise level products though, and with that, comes the frustration of having to know how to program them, similar to Cisco switches.
Any good POE switch will do, and acess points are really dependant on features you need. I find D-Link products to be decent in this area, for reasonable money, just make sure you use encryption, and have a strong password for network access.
Best of luck in your resolution
So yes, your diagram does make sense. As others mentioned, VLANs depends on how many rules you want to program. Personally, I have home automation on it's own VLAN anyways, just for security.
You mention "reliable" here.... Where, the switch fails, then what? My home setup, off the router, I have 2 switches, and my NVR connected to it. One switch is hardwired network. The other is just the wireless access points. For redundantcy, I designed my network this way, so I can work on the hard wired, and wireless works. Or she complains the wireless network isn't working, I can just reboot the switch remotely, and not affect her hardwired work laptop, or hardwired apple TV she might be watching.
To further redundantcy, I have a Wattbox, which reboots the modem if we loose internet, as well as I have it scheduled to reboot the modem once a week for redundantcy sake. The switches are on this, so I can reboot them as well. I'm lazy, and I don't want to go downstairs to reboot this stuff LOL. Ubiquiti has similar power management products.
Really designing a network though, think, "what do I have to do, if this fails?" as well as "is there anything I can do to minimize network downtime?". Little things make a huge difference in how you manage your network. The less time you have to spend fixing, or troubleshooting it? The more time you can enjoy the little things, like having the issue resolved already, instead of having to get the call of "the internet isn't working"
Check that the RJ45 is seated correctly in the port on the router. I mention this, cause this is the "are you freaken kiddding me?" Scenario, that you could spend hours troubleshooting.
Next, plug a computer/laptop into that port. Verify it's working. Then? Test the cable run by the switch. Make sure you can get connection at the switch side.
If all that passes, all these tests, just assume your router hates your taste in switches.
Comes down to how you want people to access them. VLANs and Firewall rules are for restricting access. So that's how you should approach this.
From what I can tell, you have switches with Layer 2 capability, which doesn't help much.... You'd want Layer 3 capability formost to try and seperate things in this network properly, and pass VLANs how you'd need for Firewall rules.
So how I would set them up? This is the definition of a mesh network, and not much can be segregated, due to the capability of your switches...
Hardwire the cameras. You want reliability, that's the only way.
Throw in a Dell Sonic Wall, and make the POS company happy. They're the industry standard for a reason, where I wouldn't use a consumer based product for this instance, due to the security issues with many of them. They want a SECURE firewall in front of those terminals, and it keeps you in compliance with the latest rules.
Reading what you have, your current system is not in compliance, with the debit machines accessing the internet with NO FIREWALL. The fines are not cheap, if something happens.