It's a router/switch/firewall thing. You're building multiple virtual LANs and using them to separate the traffic.
You could implement VLANs in your core switch for the house, maybe using Mikrotik or other managed switches that are VLAN-capable. That might allow you to use a simpler router that doesn't need to understand how
You could implement VLANs in your router or gateway or firewall, depending on your hardware. In that case, you might be able to use simpler and less expensive unmanaged switches.
Exactly how those devices implement VLANs is going to differ somewhat. It might be easy to configure a switch for VLANs, where a given port or group of ports are on one VLAN, and a different port or group of ports might be on a different VLAN. Implemented at the router/gateway/firewall level, you might have to make those assignments based on MAC addresses, and/or internal IP addresses if you can tie that into your DHCP service.
VLANs can be complex to set up, depending on where and how they are configured. And they're not a panacea. But they can be very helpful, if implemented correctly.
A VLAN is a separate broadcast domain in ethernet networks. VLANs prevent communication between different VLANs unless you set it up for inter-vlan routing. Thats why they suggest putting these untrusted devices on a separate VLAN (isolation). Typically you assign a whole new group of ip adresses for each Vlan ID.
For example:
camera network - vlan 10 - 10.0.10.0 255.255.255.0
pfsense supports VLANs. Lawrence Systems in YouTube covers pfsense a lot. This is one video where they talk about setting up VLAN in pfsense: https://www.youtube.com/watch?v=b2w1Ywt081o
On the wifi side, TPLink EAP245 access point allows you to configure multiple SSIDs, each with separate VLANs so that you can have one set of devices connect to one SSID, another group of devices to another SSID and so on. pfsense firewall rules can be configured to prevent the devices on separate VLANs from seeing each other. You can also block internet to access for one VLAN, and have the wireless IP cameras connect to it.
You could implement VLANs in your core switch for the house, maybe using Mikrotik or other managed switches that are VLAN-capable. That might allow you to use a simpler router that doesn't need to understand how
You could implement VLANs in your router or gateway or firewall, depending on your hardware. In that case, you might be able to use simpler and less expensive unmanaged switches.
Exactly how those devices implement VLANs is going to differ somewhat. It might be easy to configure a switch for VLANs, where a given port or group of ports are on one VLAN, and a different port or group of ports might be on a different VLAN. Implemented at the router/gateway/firewall level, you might have to make those assignments based on MAC addresses, and/or internal IP addresses if you can tie that into your DHCP service.
VLANs can be complex to set up, depending on where and how they are configured. And they're not a panacea. But they can be very helpful, if implemented correctly.