I too would like to know more on this. I use AX55 routers which recently added an IoT network along with device isolation options. Perhaps this should be explained by TP-Link in a separate article on "Device Isolation in IoT networks".

  @Sunshine 

Hi.  I've been doing some testing today and Point number 4 in your post is not exactly true, at least with the AX55 router.

Using a PC to connect to the IoT network, and with the PC in the Isolated Devices list, the PC can connect to the internet but can not ping or work with any other isolated device.  The ping returns a "destination unreachable" response.  It is truly isolated.

The idea that isolated devices can communicate with each other is a good one, especially in some setup situations where a phone or PC must communicate with the device to get it configured.  Perhaps an option can be added in future firmware releases which allows isolated devices to see each other, much the same as in the guest network.

CORRECTION 26/07/23:  I stand corrected.  Devices connected to the IoT network and isolated can communicate with each other.  I confirmed this with an iPad instead of using a PC. For some unknown reason the PC would not connect to another device with a web interface during initial testing.

  @Sunshine 

Hi,

I am still a bit confused. I have a second router connected to the BE 800's LAN port. If I isolate the second router through the Tether app, does it provide any protection to the other devices connected to the BE 800. 

Also, if I setup a client VPN on the BE800 and associate it with the second router device, will this ensure that no clients on the second router can access the main network's clients, but still allow Internet on the devices on the second router?

My goal is to protect the TP Link BE 800 router and clients from harmful activity on the second router and/or its sevices.

  @AkazaRenn  This doesn't make a whole lotta sense then.  If router has the ability to create 1-2 separate wireless IoT networks, why wouldn't there be an ability to segregate the IoT networks from the main/primary?  It should either be default, or at least an option.  It would be safer to put all IoT devices on the Guest Network if that's the case.  Need someone to explain this in plain english if I am wrong here.  In summary, what I'm gathering here, is that the 2.4 & 5ghz IoT bands are specifically for organization only, and that those connected devices will still be able to transmit data (access) any devices on the primary network - hence posing further security risk...so you'd have to add each IoT device to the isolated devices list in order to cease any connection with primary network.  In addition, any IoT devices that you need to communicate to each other, all have to be isolated as well.  This is an interesting issue because if you want to voice control say via Alexa echo's (we have 2), then we have to add both Alexa devices plus all the IoT devices into the isolated device list, otherwise Alexa will not be able to control any of the "things."  This seems awfully short-sighted unless I'm missing something here.