That’s what I do. All my IOT stuff that I can’t get wired or via Zigbee/Z-Wave goes on a separate VLAN along with my Home Assistant server. I have an mDNS repeater for ease of access to TV stuff via apps (might spin TVs off into its own VLAN, just haven’t gotten around to it) but a 1-way firewall rule that only allows the main network to initiate connections. Certain devices which don’t need internet at all get static IPs and completely firewalled.