I have a number of devices on my network and would like to isolate them by type....and I'm not quite sure how to go about it or if it's even possible.  Most of the devices connect via wireless (netgear orbi RBR50 - router and 1 satellite) though a couple connect via wired connection (on a port on the main orbi router).
So - I have a few groups of various types of equipment connecting to my network.  They are:
1.  office equipment (work pcs, printer, etc)
2.  entertainment (ps4, firetv, etc)
3.  IoT devices (canary security cameras, random raspberry pi homebrew projects)
4.  Guest devices (phones, tablets, etc)
All of these groups need internet access but none of them really need to access devices in the other groups.  What I was trying (and failing) to do is create vlans for each group, and have separate dhcp scopes/subnets for each group (office being 192.168.1.xxx, entertainment being 192.168.2.xxx, etc).  
I have the following equipment available to me:
1.  netgear orbi rbr50 (router and 1 satellite) latest firmware (btw - when is this going to be patched to address the wpa2 issues?)
2.  a couple netgear N600 WNDR3700 routers (though I would not want to use the wireless radios on these and would want everything to use the orbi).  One of these I have installed open-wrt on, the other is running the regular netgear firmware.
3.  TP-Link TL-5G108E managed switch
So - my question is can I accomplish separate subnets and network isolation (vlans?) for each of these groups using the equipment that I have taking into consideration that 98% of them will connect wirelessly via the netgear orbi.
Short answer is "no." You don't have the right hardware for the task. You need a VLAN-aware router, and ideally you would have a set of APs that can create multiple SSIDs, and assign each SSID to a unique VLAN.  Orbi does neither of these things. The Orbi Pro is supposed to handle three VLANs, but you don't have that, and you wanted four VLANs.


I'd settle for 3....but since I'm invested in this orbi for only 6 months I don't really feel like dropping $500 for the pro. And I guess it's safe to say we won't be getting this in some future firmware if they now have a pro that offers it.

