I keep my IoT stuff to a minimum and only run ones that can operate locally (mostly Tasmota-based smart bulbs and outlets) , but they still get a dedicated virtual AP/SSID with station isolation enabled. That SSID is tied to a locked down VLAN with no outside access or DNS.
The only thing that they can reach from that VLAN is the MQTT server which links them to HomeAssistant.
This s why my wifi is a stealth SSID. Even my own devices can’t see it unless I explicitly tell them what it is.
I keep my IoT stuff to a minimum and only run ones that can operate locally (mostly Tasmota-based smart bulbs and outlets) , but they still get a dedicated virtual AP/SSID with station isolation enabled. That SSID is tied to a locked down VLAN with no outside access or DNS.
The only thing that they can reach from that VLAN is the MQTT server which links them to HomeAssistant.