if you flash openwrt/ddwrt to your router, you can create an isolated subnet with its own DHCP server and enter your own firewall rules (iptables) blocking all traffic from your local subnet to your IOT subnet. You can then bind that to a wifi ssid (the guest one). Its kind of a PITA to setup, but it works great once you get it. Netgear Nighthawk routers have worked great for me in the past.
Don't forget to set up a reverse proxy with ssl and automatic cert renewsl, even in your home network. Wifi can be hacked with trivial ease. Caddy or nginx/certbot will do you well there. If you also run a pi-hole you can have the pi on your local network pass ssl checks by overriding some DNS entries.
Don't forget to set up a reverse proxy with ssl and automatic cert renewsl, even in your home network. Wifi can be hacked with trivial ease. Caddy or nginx/certbot will do you well there. If you also run a pi-hole you can have the pi on your local network pass ssl checks by overriding some DNS entries.