Securing your IoT devices with Ubiquiti VLANs
Firewalls protect you from unsolicited connections from outside your network into your private network. The problem arises when a trusted device behind your network is compromised opening outside access to attackers into your LAN.
Historically smart devices like IoT gadgets, security cameras, lights, and switches have had their share of security issues so you wouldn't want them sitting on the same network as your trusted computers.
Microsegmentation through VLANs can provide your smart IoT devices access to the internet without opening holes into your private network.
Prosumer networking devices, such as those from Ubiquiti, allow you to configure VLANs
Roughly the steps you will need to do are
Create a new Corporate network and assign it a VLAN ID and IP Address Range.
Create a new Wi-Fi network and associate it to that LAN. In addition, you can tag wired ports with the VLAN ID for wired devices.
Create firewall rules that block access from your VLAN into your private network, but allow your private network to call into your VLAN.
This will allow your IoT devices access to the internet, but not your internal private network in case they become compromised.
This is a very high level view and the full walk through is covered in this VLAN tutorial video below.
If you are interested in looking more into Ubiquiti hardware, you can order it here Other manufacturers such as Asus have instructions for setting this up on their equipment as well. Asus VLAN for BRT series
For further reading checkout this awesome explanation from Rob Pickering