I am looking for an affordable managed switch to go with my ER7212PC router and EAP245/225 access points which can be managed via Omada.

From what I have read, unless there have been firmware updates, I cannot create SW ACLs on my ER7212?

I am not looking for enterprise security, as I only have a home network albeit out of the norm, but I want to isolate my three Vlans from my default Vlan as below:

1. Vlan 0 DEFAULT- 10.0.0.0/24 This will be my main secure network for my pc laptops and server
2. Vlan1- GUEST  10.0.1.0/24 for Guests internet access. I know from reading the manual that selecting Guest in the setup that they are isolated from everything but the internet.
3. Vlan2- IOT  10.0.2.0/24 IOT- For my wireless IOT devices
4. Vlan 3-CCTV 10.0.3.0/24 CCTV – For all my CCTV camera

I need to be able to access and manage devices on Vlan2 and Vlan3 from Vlan0

Its the latter ethernet connected devices that need Vlan isolation on the switch ports as the WiFi devices are covered by the gateway/router and AP settings.

I am in no way an experienced network engineer. All that I know is from reading articles and watching videos online so please can I ask that if you are good enough to response you use easy to understand language.

Many thanks