Network segmentation is the smart home security step nobody talks about

Smart home enthusiasts who invest in local control setups often overlook a critical security gap: all devices share the same subnet. A compromised IoT device like a cheap bulb or camera can access every other machine on the network. The solution is network segmentation using VLANs, which is more robust than a simple guest network. Practical steps include placing primary devices (computers, phones, NAS) on a dedicated VLAN, IoT devices on a separate one, and cameras on an isolated VLAN with no internet access. A key caveat is that segmentation breaks mDNS-based discovery for services like Chromecast, HomeKit, and Sonos, which requires additional configuration to fix. OPNsense on an old PC is suggested as a free way to implement VLANs and firewall rules.