I want to place all my IOT devices on their own separate network so that they don't have access to the main household network.
I'm using a WRT1900acs and want to know the best approach to achieve this. Can I put this network onto its own VLAN or create its own virtual interface?
Yes, you can use a VLAN to isolate an ethernet port into an separate network, with a different address space, and not forward any traffic to or from the other interfaces. You can also add a new SSID, and bridge it into that new interface.
This post may be of interest to you if you want to monitor or restrict traffic flows from IOT devices: Introducing the Noddos client
Hi @alex I'm doing exactly this with my "trusted" network and "untrusted" (IoT) network. I have a firewall rule that allows me to connect from trusted to notrust (originally called untrusted but that ran into interface length restrictions).
The forwarding rule is at https://github.com/imaginator/home-network/blob/master/w8970_w8980.settings#L820-L824
Defining trusted and notrust: https://github.com/imaginator/home-network/blob/master/w8970_w8980.settings#L219-L245
Good luck and shout if you need more help.