Hmm, when using eth1 you are using it for tagged from wan, this seems wrong unless this is from a downstream router?
Of course one can make a 802.11q DSA device but this will not work on the Flint 2 because Flint 2 doesn't have invidual lan switch ports they share all ports with the switching cpu.
But what you still can do is bridge vlan filtering, if you navigate to luci -> network -> devices and edit br-lan under bridge vlan filtering you can define the vlans, this generates devices like: br-lan.49 
Tagged or trunk means that your vlan can traverse further down into your network.
Untagged however is ment for the final port, after this port the vlan doesn't exist, often also one port can have one untagged vlan and this gets handled by the pvid.
You can also have one untagged port and like combine 4 tagged networks then these tagged network can traversel further down to vlan aware devices such as a other flint 2.
On a second downstream flint 2 you likely have to tag wan with eth1.49 here you can create a 802.1q device, add this device to br-lan like it is a port.
under bridge vlan under device br-lan you now see eth1.49 being added, so naturally you can do the same as the first flint 2 but for the vlans which need to reach wan you click T for eth1.49.
On a managed switch this kinda works the same
^ if that part doesn't work use U for eth1.49, because maybe openwrt thinks of it as eth1.49.49 it will still be tagged its just looking a little odd 
And on your final router downstream, you can choose to only tag vlan, this means you just create a interface i.e iot and use device eth1.49 and set it on unmanaged, or static but you have to know carefully you don't create a overlapping dhcp it must be disabled, my advise is to assign static from your most upstream router to decrease the chance of a conflict.
Please be wary that often unmanaged switches strip tagged vlans it is very likely something can happen with this if you need a vlan there
This is wrong, the input must be set to accept or clients cannot request dhcp, if the idea was for a guest network like gl software does, you have to manual allow these ports by the firewall tab traffic rules.
Also in your network config i see this:
option type 'bridge'
I think this seem to be invalid under the interfaces this looks still from swconfig versions of openwrt, also are these interfaces on the downstream router??
Also about the mtk version of mt6000 for wifi:
It is recommended to restart the flint 2 because mtk has very limited support to luci when it goes about wifi , it will work but it only did for me after a restart.