Thank you for the rapid response.
It's a mixed "Industrial" and "Commercial Office" location, with devices ranging from cameras, to clocking in/out systems, scales, temperature control, production line control, office printers, and packaging/commercial label printers. There is both visitor and guest WLAN required, and also there are presently some server systems, print controllers, and in future an expansion of additional "segments" is likely.
I understand the Guest WLAN isolation and it is a consideration, but there is also a desire to separate out other parts of the infrastructure.
The "Remote Access Needed", was my way of illustrating that some of the internal systems, will require the ability to be accesses remotely, and I wanted to keep them separate from other systems, such as those above. My diagram was overly simplified, but given some recent on-site issues, I want to separate the infrastructure as much as is logically and physically possible (without having to run new cabling), with a view to being able to isolate hosts if/as needed, control the traffic to/from them on a per device basis. I think, will probably end up with about 8 "segments" in total, and I would like to be able to control it at a minimum a segment level, but potentially at a per host level.
Bandwidth is currently a significant challenge in this location, so controlling non-critical traffic is also key.
Thank you again.