LAN segmentation

Some routers offer the option to create virtual local area networks (VLANs) inside a larger private network.

This can be used, for example, for the creation of a separate guest wireless network, also protected with for example, WPA2 and a strong password. Let visitors or friends use this isolated guest network instead of your main one. They might not have malicious intent, but their devices might be compromised or infected with malware.

Or for isolating internet-of-things devices which are riddled with vulnerabilities. IoT devices often expose unprotected administrative protocols to the local network so an attacker could easily break into such a device from a malware-infected computer, if both are on the same network. Many IoT devices can be controlled through smartphone apps via external cloud services and after set-up do not need to be able to communicate with smartphones directly over the local network, as long as they have internet access.