Closest think to a complete disconnection (aka "air gap") is a connection that only allows very specific traffic, encrypted and authenticated. Perhaps if you give us more details about your use case, we can provide more specific advice.
it depends for what you are looking. What is the part you are not trusting (Other users, other computers, the admins, physical access, etc)?
In general VLANs can be secure and there are a lot of options to do so, for example port authentication with certificates. It would be a good idea to split DMZ and internal switches (mainly cause of load reasons / DDOS). To sum up, VLANs are a secure approach and widely used.
Regarding your IPv6 questions, VLANs are implemented at the layer 2 of the OSI model. The IP protocol is a layer above and there is no change if you are using IPv6 or IPv4. Basically VLANs establish virtual switches, like using two different switches not interconnected.
I hope this will help you. Let me know if you need some more details.
This answer gets the closest to understanding my original question.
I know what an air gap is.
I know that changing that reduces the security.
So - - - what I don't trust - - - - phew - - - - its not a short list!
The web has become a place for entities to take from others and sell what has been taken to generate money.
So I'm not trusting websites much! There are a tiny number that don't insist on tracking the Pthibt out of you. So I really don't trust those 3rd party domains connected. Crackbook has developed a way to even do that in house (not that they were terribly trustworthy before that either! Other users may inadvertently even allow such. To date me myself has to wear all the hats so I would hope that me as an admin might be trustworthy but if I needed to allow assistance from others that would be something I would like to protect myself from - - - even now. Physical access is an interesting conundrum - - - - regulatory agencies are allowed to show up and on demand would take at the least all the hardware - - - and likely at least the hard drives. So there is a need for a network within a network so that any such information would reside on a discrete sub-set of storage (also means that backup and offsite version as well is crucial imo). This set of tools is only at the development stage right now so a solid list of 'whats and whatfors' isn't yet available.
Maybe this might help - - -
Someone physically outside the network - - - how possible is it that they can 'bull' their way out of a specific vlan and gain access to other such in my network?