Question: is it true to say that if my CCR1009 will be the only "smart" device on the network, with everything else being dumb clients and dumb switches, then there is no point in creating VLANs on the CCR, instead subnetting + firewall would do the same, since any VLANs created will be routed by default anyway?
Indeed VLANs are not useful in that case, but you can still separate the network in different physical networks by connecting each dumb switch to a separate port on the CCR
and have a certain class of devices on that switch. You would not put those ports in a bridge, but have separate IP subnets on them which will be routed, but that routing can
be restricted by the firewall. You can allow each subnet to route to internet, but not one subnet to the others.
This can be useful when you want to setup some security.
And, as k6ccc wrote, a more advanced WiFi device is also VLAN aware. You can configure different SSID/password combinations and put them in different VLANs, to combine
that with the above physical separation.
Useful case: you can separate your computer+NAS, a "guest" network, and an "IoT" network. So hacked IoT devices or rogue "guests" (e.g. with a virus on their computer) cannot
access your computer and files.