In my use case:
I'm very security focused, since i have past experience with java and maven i realize im part of a group which is being much more targeted by sophisticated cyber attacks that already has been the case before, sys admins often too, but i think as of today with so many people working at home this count for them to aswell.
So in my case i wanted to build islands with device groups based on brand and isolate them by vlan, if it happens my process of compiling turns malicious i can then isolate the incident and avoid other devices to be infected or to form persistence infections towards my windows machine.
I also use multi psk to sent clients to their own vlans this way i have a very strong control, and what i also can is based on destination ports still allow certain device communications between zones without the smart devices doing the communication first.
also one other thing are the vpn policies, i cannot use gl firmware with this setup, i do advanced routing and split tunneling to make sure things working, not everything works on vpn so i need a good fine control for it please see:
Im planning to also make a new vlan for a kickstarter project with a ip kvm, but since i don't know how trusted they can be i vlan it, this way when it is infected it won't be able to infect my machine, sure it can control it, but i can also cut wires 
What so fascinating is, that is i use this over one long wire to a switch which manages all these vlans, since i live in a older rented appartment i cannot just drill huge holes for cables.
I can use a vpn server to forward things to my vlan zones and devices, and use vxlans to extend L2 accessibility and push the same vlans from a total other location as one giant switch glueing locations together 
^ maybe not all is needed, but home labbing is very fun.
Unfortunately im on mobile now so cannot make a draw.io but ill edit when i have time.