Tutorial How to use VLANs on your non-pro Asus router with 386 or 388 code (no scripting required)

[Jumpstarter]

You didn't answer whether the satellite routers are in Mesh or AP mode.

Aimesh parent is in AP mode, satellite routers are in Aimesh node mode off the parent.

 

[maxbraketorque]

Aimesh parent is in AP mode, satellite routers are in Aimesh node mode off the parent.

ok. I don't know if that setup can produce a wifi-wide isolated GN. I've never tried that, and I don't have any insight into how an ASUS router in AP mode will communicate with satellite routers in Aimesh mode. I didn't think it would even work.

 

[Tekko]

Ok so apologies beforehand for not being a network wiz, far from it, but would appreciate if someone could shed some light if what I'm trying to achieve is possible as my head is spinning from trying to understand the VLAN topic for my situation. This tutorial, while greatly appreciated and giving me some hope that I wouldn't need to upgrade to the latest gen of Asus routers that have VLAN options embedded, still didn't clear things up for me so please bear with me if I may:

I'm running a RT-AC5300 and RT-AX56 in Ai Mesh mode with the AC5300 being the router. Both are on their respective latest AsusWRT-Merlin FW's.
I understand I can run the Guest network and disable intranet to isolate devices connected to that network.
However, what I'm trying to achieve is for certain devices (my robovacs, broadlink IR/RF devices and some future CCTV cameras) to be isolated from the rest of my network except for my home assistant instance that I have running on the non-guest network. All those devices will connect wirelessly so no physical VLAN is required for my situation.
For the robovacs and Broadlink devices they will need access to the internet but I want to prevent them from accessing the rest of my network. My home assistant instance needs to stay on the main network for integration purposes to a host of other things but will need to be able to have one-directional access to those devices on the VLAN to send commands.
As far as the cameras go, I assume they strictly speaking don't need to be on the VLAN as long as I block internet access for them. Still would feel better to also have them on a separate VLAN however.

So is what I'm describing possible with the HW I currently have? If not, what would be the easiest and cheapest way be to achieve this? Many thanks in advance!!