Defence In Depth
Layered defences, do not rely on just one mechanism and do not assume your safe.
Two views of the network. Physical and logical.
Keep the traffic separated. Incoming connections go to the DMZ, iSCSI/CCTV Cameras/Guest WiFi all on different VLAN's etc.
The switch gear.
I seem to like Netgear Semi Managed switches and of all the different brands they survive the 24/7/365 usage.
Don't do this at home folks!
Seriously! Never ever ever leak this amount of information about a production system.