I have asus router, too. And i have a guest account for friends/visitors with intranet disabled. My ESPHome devices are connected to same WiFi as all other wifi devices (main). I don’t see any point in using separate wifi networks for these two things. I think that whole point of “guest wifi” is to turn off intranet access, so it’s meant to be in use by friends, visitors… in your house for internet acces, but not inside your private network.
If your devices are connected to first or second wifi really doesn’t make any difference, since both HAS to have intranet access enabled. To be honest, it’s just some more work for router, that’s all.
Ok, like @huu said: you can disable IOT network (but why would you want to do that?), and you can enable mac filtering on IOT account. True, but there’s always first wifi network without MAC filter, so if someone wants to connect/intrude and won’t be able to connect to IOT network he will connect to your first (main) network, right?
I could be wrong, though… so, if there’s any real advantage i’d like to hear it.