I apologize if this is the same question as answered in this post. I must admit, I am new to the EdgeRouter and since this concerns security, I'd rather ask twice.
To better explain my scenario, I've create an illustration:
There are 3 v-lans:
Black: VLAN1 - Management / default / untagged
Yellow: VLAN2 - tagged (guests 1)
Green: VLAN3 - tagged (guests 2)
What I'd like is the to connect my AC Pro to eth2 and configure it with a separate SSID / WLAN for each VLAN. I think that I've got that part under control.
Next step is that I want to have VLAN1 trafic to pass between eth2, eth3 and eth4 via the switch, so that it does not have to be routed, i.e. better performance.
Likewise, I want to prohibit any VLAN2 and VLAN3 trafic reaching eth3 and eth4.
Then I guess the next step is to configure the routing and firewall rules between the interfaces and the vlans. I am still not an expert on this, so I won't ask questions here until I do little research.
My question is - is this scenario possible on the EdgeRouter PoE (5 ports)? If so, how do I need to configure the switch / the ports? What interface identifiers (eth2.x etc. or switch.x) do I use for the routing and firewall rules?
If the setup is not possible, would moving the AC Pro to eth1 make it feasable? What strategy should I use to have the VLAN1 trafic flow between eth1 and the switch?