[nialse]

Under appreciated comment. The missing S in IoT. Lets not redo the same mistakes over and over.

My vacuum cleaner can access any service on my network. Maybe not the best idea. I tried to segment the network once, but it was problematic to say the least. Maybe we should learn that security must not be an afterthought instead.

[stavros]

Why was it problematic? I have different SSIDs for different things, and that works fine. I do wish I could cut ports off at the router between devices, but that doesn't seem possible with my small UniFi router. SSID isolation is working really well for me, though.

[nialse]

The main issues was things like the Chromecast needing to be on the same network as the controlling phone. Situations where it was not cloud vs local but needing both cloud and local access to make it work.

Zero trust and/or local SDN where IoT devices get only limited access automatically would be nice.

[armsaw]

Often the issue is with mDNS device discovery across vlans or subnets, especially with IoT / home automation type devices.

What you are doing with SSIDs will not create any segmentation on your network, unless you have implemented either vlans or subnets, and corresponding firewall rules to gate traffic.

[stavros]

Sure, but routers that offer that feature generally tend to segregate the VLANs for you. And you're right, multicast won't work.