alt Hacker NewsYou're making it complicated with all the VLANs. HAOS in a VM (proxmox helper scripts for one-line install), and HA has plugins for all the other things.
Just deny WAN access to the IoT junk you don't trust at the router, or for things like cameras, a separate switch for those. That usually makes sense, since they're one of the few devices that must be powered with PoE and doesn't require gig+ bandwidth. A cheap 100mbit PoE switch will handle a good number of cameras.
I’m not giving untrusted devices unfettered access to my lan and an airgapped network sounds more complicated tbh. VLANs aren’t really that bad with good networking gear.