I am looking for a router that can do network segmentation "out of the box" without the need for any external devices.  The reason behind this is to fully isolate two home networks while only using a single public IP address and, at the same time, eliminate double NAT.

The setup I am testing now uses the ISP router (with a built-in ONT) for the main router.  I have two additional AX55 routers connected to two LAN ports of the ISP router.  One router is for my private network and the other router is for IoT devices, FireTV devices, and an IPTV decoder.  This, of course, means double NAT.  Everything works OK with the only problem being with the ISP's IPTV decoder and that problem was solved by placing the decoder in the DMZ of the second AX55.

I have the capability to place the ISP's router in bridge mode and use a PPoE connection for internet.  What I would like to do is use a router that can establish the PPoE connection and use different subnets on two of its LAN ports.  My AX55s could then be configured in AP mode.  The only routers I have found this far are made by Synology (the WRX560 and RT6600AX) but I would like to stay with Tp-Link.  After reviewing the different Omada models, I'm not sure they can do what I need.  Any advice or suggestions?

Thanks in advance.