separate vlan, separate interface on firewall, no access to the rest of the network, Bandwidth limited on the infrastructure and v short ACL
iotVlan_Access_In
permit IotVlan VendorNetwork
outside_Access_in
permit VendorNetwork IotVlan
there IoS their Problem
Biting the hand that feeds IT
