Question on creating multiple Wireless VLANs for Security (IoT devices, Family WiFi, Guest WiFi)

Orbi won't allow you to separate your SSIDs into separate VLANs. If you dig through the debug diagnostic logs, they support some vlans on the switch but they don't let you control them. (go to /debug.htm and run a debug log... look in the basic_debug_log you can see they are separating the wan/lan ports based on your config.

Line 85: hyd.@Vlanid[0]=Vlanid
Line 85: hyd.@Vlanid[0]=Vlanid
Line 86: hyd.@Vlanid[0].ifname='eth1'
Line 87: hyd.@Vlanid[0].vid='1'
Line 88: hyd.@Vlanid[1]=Vlanid
Line 88: hyd.@Vlanid[1]=Vlanid
Line 89: hyd.@Vlanid[1].ifname='eth0'
Line 90: hyd.@Vlanid[1].vid='2'
Line 197: lanwan.@switch[0].enable_vlan='1'
Line 198: lanwan.@switch_vlan[0]=switch_vlan
Line 198: lanwan.@switch_vlan[0]=switch_vlan
Line 199: lanwan.@switch_vlan[0].device='switch0'
Line 200: lanwan.@switch_vlan[0].vlan='1'
Line 200: lanwan.@switch_vlan[0].vlan='1'
Line 201: lanwan.@switch_vlan[0].ports='6 1 2 3 4'
Line 202: lanwan.@switch_vlan[1]=switch_vlan
Line 202: lanwan.@switch_vlan[1]=switch_vlan
Line 203: lanwan.@switch_vlan[1].device='switch0'
Line 204: lanwan.@switch_vlan[1].vlan='2'
Line 204: lanwan.@switch_vlan[1].vlan='2'
Line 205: lanwan.@switch_vlan[1].ports='0 5'
Line 350: network.@switch[0].enable_vlan='1'
Line 351: network.@switch_vlan[0]=switch_vlan
Line 351: network.@switch_vlan[0]=switch_vlan
Line 352: network.@switch_vlan[0].device='switch0'
Line 353: network.@switch_vlan[0].vlan='1'
Line 353: network.@switch_vlan[0].vlan='1'
Line 354: network.@switch_vlan[0].ports='0t 2 3 4 5'
Line 355: network.@switch_vlan[1]=switch_vlan
Line 355: network.@switch_vlan[1]=switch_vlan
Line 356: network.@switch_vlan[1].device='switch0'
Line 357: network.@switch_vlan[1].vlan='2'
Line 357: network.@switch_vlan[1].vlan='2'
Line 358: network.@switch_vlan[1].ports='0t 1'
Line 392: nowan.@switch[0].enable_vlan='1'
Line 393: nowan.@switch_vlan[0]=switch_vlan
Line 393: nowan.@switch_vlan[0]=switch_vlan
Line 394: nowan.@switch_vlan[0].device='switch0'
Line 395: nowan.@switch_vlan[0].vlan='1'
Line 395: nowan.@switch_vlan[0].vlan='1'
Line 396: nowan.@switch_vlan[0].ports='6 1 2 3 4 5'
Line 585: tt3.@switch[0].enable_vlan='1'
Line 586: tt3.@switch_vlan[0]=switch_vlan
Line 586: tt3.@switch_vlan[0]=switch_vlan
Line 587: tt3.@switch_vlan[0].device='switch0'
Line 588: tt3.@switch_vlan[0].vlan='1'
Line 588: tt3.@switch_vlan[0].vlan='1'
Line 589: tt3.@switch_vlan[0].ports='1 2 3 4 5'

You can separate your personal and guest devices but they are still on the same subnet. I would also like this feature. I use it on my Aruba gear at work and love it. I'm considering the Ubiquiti UniFi AC APs since I don't care about the router (use pfsense sg-3100). I was being lazy and opportunistic when I bought Orbi from Costco but i really should have done more research.