I got 99 problems but my WiFi ain't one

Finally mucked around with different VLAN settings in my Unifi setup.

Requirements:

1. Everything Unifi, i.e. security gateway, switches, access points.
   
2. Updated version of firmware on everything
   
   

How to do it:

1. In your Controller create a new Network, this will auto-assign VLAN ID = 2 - call it Guest or something memorable to you. Within this Network, enable Device Isolation - this is now going to make it so that the device is ring-fenced and cannot see everything else on the network and will appear in the topology map as if it was directly connected to the security gateway.
   
2. Under Advanced Features, create a Client Group. I called this guest too and limited download to 50Mbps and upload to 10Mbps.
   
3. Create a new WiFi network and choose the Guest network (that you named earlier) as the network so that you have the device isolation. Also choose the Guest Client Group so that the bandwidth limitations are applied.
   
   

That's it. Now anything connecting to the Guest WiFi will use the Guest network and be 100% isolated and the bandwidth of all guest devices is limited. Internet access is still possible, but it no longer sees the Google Cast devices, Philips Hue bridge, Samba shares from my NAS, etc.

Additionally, you can also manually make it so that things attached to ethernet default to either the Guest or your main network... I've still got ethernet defaulting to my main network except for my PlayStation which now belongs to the Guest network.