Which is only the first half of the story for many installations.
If something at your place uses SSDP/MDNS/UPNP/etc to communicate/find_each_other, you'll then have to start doing multicast bridging/rewriting and other hacks. And for those, there is no one-recipe-fits-all.
That's only if you want non-IoT devices (like your phone) to communicate with IoT devices directly, right? If you use a bridge like HA you can simply have it be in both VLANs and control everything through it.
Well, where do you draw the line? Is e.g. the SmartTV an IOT-device, or not?
If you want the TV to reach the Internet for some things (e.g. Netflix, Youtube, WhatEv), but also isolate it from your other devices, block ads, yet be able to use the UPNP-mediaservers in your network, and want to use the phone to control it for the things HomeAssistant cannot yet do, then you'll run into some difficulties. They can be worked around, but will need intimate knowledge of protocols and such.
Also some of these issues can be worked around by e.g. using HomeAssistant also as UPNP-MediaController, which I haven't gotten around to set up yet.
But "true", some categories of smart devices can be nicely sequestered into isolated VLANs.
You can create zeroconf records on standard DNS servers.
A few years ago one of my clients which ran a school wanted to give airprint access to his guest network so that parents could print documents into the school office printers.
Creating those records is a bit of a PITA and you need to find out how to replicate SRV and TXT values but it works.
Here is a good source for this type of configuration:
If something at your place uses SSDP/MDNS/UPNP/etc to communicate/find_each_other, you'll then have to start doing multicast bridging/rewriting and other hacks. And for those, there is no one-recipe-fits-all.