However, ask yourself these questions:1. Can you limit physical access to ports that have to be trunked?2. Are all of your devices capable of employing certificates?3. Is that too much hassle fpr a home installation (think of the CA you must create and the deployment process)?
My goal was not to reach 100% security, rather to make VLAN assignments more centrally manageable, so that I can use any LAN terminal for any device. That being said, if I had externally accessible ports for IP cams, I would rather assign those static VLANs than to try to provision them with certificates.
I have VLANs for LAN, Management, IoT, Guests and DMZ.