Sure! I use TP-Link Omada access points and a mix of managed L2 switches (TP-Link, Unifi, Brocade, Mikrotik). My router is VyOS running on a used commodity SFF box.
I know you can accomplish the same thing with Unifi access points and security gateway and of course Ruckus, Cisco, Aruba, etc will as well. I don't know of any residential equipment that will but I haven't used residential Wi-Fi gear for almost a decade.
The setup is:
- traffic on a particular SSID gets tagged with a VLAN at the AP
- That VLAN is tagged on all of the switch ports between the AP and the router
- the router's firewall is configured to block the guest subnet from the other local subnets and allow internet egress
I know you can accomplish the same thing with Unifi access points and security gateway and of course Ruckus, Cisco, Aruba, etc will as well. I don't know of any residential equipment that will but I haven't used residential Wi-Fi gear for almost a decade.
The setup is:
- traffic on a particular SSID gets tagged with a VLAN at the AP
- That VLAN is tagged on all of the switch ports between the AP and the router
- the router's firewall is configured to block the guest subnet from the other local subnets and allow internet egress