"Basically, the only way to "securely" operate IoT devices is inside a separate VLAN."
This is a major pain to configure, and way beyond the capacity of even most IT professionals. One of the problems is that you do want to allow some devices (phones) from the 'normal' network to (selectively) be able to connect to devices in the IoT vlan.
I spend a solid day trying to set this up once (and on a 'real' switch, not a Fritzbox which I have too but only use as modem) and I'm not saying that I'm that good a networking guy (I mean, that I wasn't able to it working means I'm not) but I do know more than the average internet installation guy who would be the only hope for 'regular' users to set up their networks properly.
This is a major pain to configure, and way beyond the capacity of even most IT professionals. One of the problems is that you do want to allow some devices (phones) from the 'normal' network to (selectively) be able to connect to devices in the IoT vlan.
I spend a solid day trying to set this up once (and on a 'real' switch, not a Fritzbox which I have too but only use as modem) and I'm not saying that I'm that good a networking guy (I mean, that I wasn't able to it working means I'm not) but I do know more than the average internet installation guy who would be the only hope for 'regular' users to set up their networks properly.