Need help with home network.

Hello, I'm new to this forum and to networking. I do have a degree in electronics and computer engineering but the 1 course I took on networking didn't go very far past sub-netting.

I'm rebuilding my home network to add vlans for home assistant and security cams that I want to keep from communicating outside of my network. I have alot of questions but I'll just ask the major ones here and research the rest on my own.

I'm running cat5 and cat6 to all cameras and devices around my house and will terminate all the runs to a structured media enclosure in a closet. In the data closet I plan to have the following:

Cat6 run from Verizon fios ONT box ----connected to ---->> Ubiquiti EdgeRouter 4 ---- connected to----->> Cisco SG350-10 Managed Switch ----connected to --->> access points or switches for all devices on varius vlans

I'm using the managed switch to set up 3 vlans, one for the sercurity cams, one for home assistant devices, and one for all other stuff.

My main questions are:

1. Does DHCP run on the Ubiquiti Edgerouter or the Cisco Managed switch? I'm assuming both can do it but I have to configure only one to do it? If both can do DHCP which option is better for my use case?

2. Does the managed switch take care of blocking and granting all access from and to the outside of my local network or does the router have a part to play as well?

3. If I need to do any port fowarding to the outside of the network do I forward on the router or the managed switch?

4. Does the firewall live only on the router or do both have a firewall? If both have a firewall do I turn it on on both or just one and which one?

5. Does anyone have any good resources of information that would help me understand these devices and how they work together inside a home network like mine? What I really want to understand is what functions each device (router or l3 switch) in my home network should be in charge of.

Some of these questions are probably badly worded or might not make sense but I have limited knowledge on networking atm, I'm learning as I go.

I appreciate any help.
I see trouble.

I don't know of any home assistant that works without the Internet. And security cameras are so far, always given access from outside the home because those that installed it want to see what is going on.

I'm sure you have your reasons for breaking both items but as it stands I know of no one that cuts off the usual Alexa and cameras from the Internet.

