Separate WIFI network for IOT devices

Hi,
I wasn’t too sure where to put my topic, as it is not on topic with Home Assistant itself, but potentially important if you set up your home automation.
I read that it is advisable to have your IOT devices on a separate wifi network, for security purposes (limit influence of potential malicious IOT devices) and stability (2.4 Ghz use only for IOT).

In my case, on Wifi side, I have a few Wiz devices, heatpump devices that connect through the cloud (Melcloud of Mitsubishi), some NetAtmo devices, apart from that also Z-Wave and Zigbee devices. My Wifi setup is from Ubiquiti, so I have no trouble setting up an extra wifi network.
On my “regular” WIFI network I would then have smartphones, printers and Google TV chromecasts with some other casting devices. I also have a “guest” network to allow guests to connect to the internet.

It seems that all my wifi networks need connection to the internet.
The IOT network would need access to Home Assistant and be disconnected from the other WIFI networks. I assume this can be done through vlan.
Is that than it ? Or is there more to make it more safe ?

What approach do other people here take ?

Thank you for your feedback !

Kind regards,

Discoverer

I use two VLANs. Each has a separate WiFi. One VLAN for my stuff and one for the IOT stuff. The IOT VLAN is isolated from the internet. My home network can forward traffic to the IOT VLAN but devices on the IOT VLAN cannot forward traffic to my Home VLAN. The only traffic that is forwarded between the VLANs is mDNS/Bonjour. If there is any particular device on the IOT VLAN that requires internet access, I enable it on a individual basis using the devices MAC address. If an IOT device wont work without internet access, it doesnt make the cut. HA runs on the home network

Thanks for your input. I guess cloud controlled appliances are not for you in this case ?
NetAtmo is cloud controlled same for my Mitsubishi airco/heatpumps …

Where would one place a wifi MQTT server?