I am looking to setup a new home network configuration. My plan is to get a Protectli Vault with PfSense (4 or 6 port). I am looking for a managed network switch. The main appeal for me is to be able to create VLAN’s to separate traffic (isolate security cameras, work computers, etc…), not many, maybe like 3 or 4.

I have 2 questions about this,

First off, would it be better to just get a smaller managed network switch to have the capability of being able to create VLAN’s, then purchase unmanaged network switches to expand the ports. For example if I had a managed switch with only a handful of ports, I plug an unmanaged switch into one of those ports and set that single port on its own VLAN, then any devices plugged into that unmanaged switch would already be on that VLAN. Is there any disadvantage to doing this? Or should all devices be connected to a single switch?

For VLANs, would I be able to connect say 2 ports from the Protectli Vault into the managed switch and say I have one port on the Protectli for VPN access and one for no VPN access, from the managed switch, would I then be able to route certain devices to one port on the Protectli, and some to the other? Would this involve creating a VLAN on both PfSense and on the switch?