Hi. I have been using VLANs on my home/homelab AP (separate SSID per VLAN) for quite a while to separate "trusted" and non-trusted devices (primarily wifi clients).
That had it's own cost, like inability to keep Chromecast in a separate VLAN (from home NAS), etc. And I still had to have extra firewall rules in place for VLANs.
Now, as I'm moving to Audience, I'm wondering, what's the downside of getting rid of VLANs and replacing them with firewall rules based on address lists (so clients will drop to respective address list)?
I'm also considering to get rid of multiple SSIDs and replace them with single SSID (that by itself may not be a limit for multiple VLANs if to base that on MAC, but should be simpler in pure firewall-based isolation).
I'm not that knowledgeable if that's an obvious question, I have heard VLAN is L2 and firewall works on L3, but I couldn't yet translate all I've found into practical/pragmatic answer to my question -
What are downsides of using pure firewall-based separation for "guest" wifi devics comparing to VLAN? Performance, severe security issues, ...?
Pls advice.