Best Approach to isolation of IoT devices?

I want to place all my IOT devices on their own separate network so that they don't have access to the main household network.

I'm using a WRT1900acs and want to know the best approach to achieve this. Can I put this network onto its own VLAN or create its own virtual interface?

Yes, you can use a VLAN to isolate an ethernet port into an separate network, with a different address space, and not forward any traffic to or from the other interfaces. You can also add a new SSID, and bridge it into that new interface.

This post may be of interest to you if you want to monitor or restrict traffic flows from IOT devices: Introducing the Noddos client

Hi @alex I'm doing exactly this with my "trusted" network and "untrusted" (IoT) network. I have a firewall rule that allows me to connect from trusted to notrust (originally called untrusted but that ran into interface length restrictions).

The forwarding rule is at

Defining trusted and notrust:

Good luck and shout if you need more help.