Get an Ubiquity EdgeRouter Lite. It can do everything you need and more and its quite affordable. Better throw out most of those devices :D. But in any event subnet them like you proposed with VLANs. For that, also get an Ubiquity UniFi AccessPoint. It allows you to assign different WLAN credentials to different VLANs and then the edge router can setup firewall rules about how those VLANS can interact. I have a trusted network of NAS + AppleTV + MacBook. Everything else goes into an untrusted LAN. But generally I don't have any IoT devices, and I doubt I ever will let them into my house. https://www.ubnt.com/unifi/unifi-ap-ac-lite/ https://www.ubnt.com/edgemax/edgerouter-lite/