I will give this a try, though it is a bit overwhelming, sorry.
I only need a VLAN on one switch port of the Flint 1. I need the rest of the ports to remain on the upstream subnet. It is very important that this is the setup. I do not need WiFi or anything else, just the one switch port for the VLAN.
Am I making these changes in Luci on the Flint 2? I’m a bit confused, I can’t lie.
Yup that is correct on the flint 2 
You also need to do some stuff on the flint 1 but that will come later, its not a huge step 
So essentially what I’m doing is I’m creating a VLAN on the Flint 2, sending that VLAN downstream via the port connected to the Flint 1 and then essentially ignoring that VLAN on all Flint 1 ports except for one?
on the flint 1 you receive it through wan 
If the vlan was untagged from the flint 2 that network is for eth0 (wan) in flint 1, if the vlan was tagged from the flint 2 the network can be found as eth0.<vlan id> in flint 1.
Then you can use it like a device for other ports in the Flint 1.
In my use case i often go for a dumbap approach which means i disable all firewall, and dhcp on the flint 1, and combine vlan devices with the br-lan bridge and turn lan into a dhcp cliënt, theres alot of ways doing this so it is what direction you want really with this vlan device. 
, its encouraged to check the videos in the dumbap link some can be useful maybe not directly to your use case but it will cover it from adding devices to the bridge as removing firewall zones.
^ tl;dr In case you dont get a dhcp client ip from the vlan then it might be a issue with the firewall zone for that network on the flint 2, its essential the input is set to accept since newly created firewall zones automatically copy the global firewall rules which have normally input to reject.
Since vlan acts as a tunnel it will encapsulate the network and expose clients on the flint 2 
Edit
After reviewing this full post again, maybe you dont really need vlan, just eth0 in the bridge of br-lan and lan as dhcp client might be enough sufficient.
So I think I have most of what I need in place now. Correct me if I’m wrong on anything so far.
On Flint 2:
Thank you for all of your help with this!! I think I’m much closer to setting this up than before.
yes
you can leave it on reject only if you choose to have multiple subnets you can use the traffic rules to forward very specific devices to talk to each other via different firewall zones, setting this to accept for the zone will mean for all devices can talk to other zones which also have it to accept, which ideally is not really what you want
Sounds good, I have all of that in place now.
How do I now see the VLAN 7 on the Flint 1? Is it supposed to show up as a network device, or do I first have to make the Flint 1 aware of the tagged packets?
When you go into Luci → network → interfaces (also click interfaces tab)
you can temporarily create a new interface to see if the vlan receives as expected like so:
if you see a ip like this:
then you can change the device for lan interface to eth0.7
don’t get confused with eth1.50 for me eth1 is wan on the flint 2, for flint 1 it’s eth0.
optionally i think for your use case vlan might not be necessary after reviewing all posts, but its still a handy to know
On the Flint 1 I am not automatically seeing the tagged VLAN network device when I try adding a new interface. Would the Flint 1 have to be set up for the tagged packets beforehand?
My understanding is that the Flint 1 will drop all frames with a VLAN tag that hasn’t already been defined on the Flint 1.
no no, you have to create one first
this happens automaticly if you type eth0.7 in the interface thingy.
if it doesn’t show an ip, make sure the firewall zone input rule is set on allow either on flint 1 (for wan) as the flint 2 (for the network zone)
I created the eth0.7 interface as a DHCP client on Flint 1, but I’m not receiving an IP address. I checked the firewall zone that is associated with the interface and confirmed that it is the WAN zone, with input and output set to accept.
Do I need to set up the VLAN filtering on the Flint 1 as well? I feel like I’m so close but I’m missing something small.
this is not needed
can you show the zone for Flint 2 ?
thats fine
can you show all zones for flint 1?
ah I think I see the issue here.
if you look to wan it follows the global rules, you can set that one to input accept.
can you check if that works out for you?
tbh, since you gonna go for a dumbap type of settings best is to remove all zones and set everything on accept since your main router takes care of it.
heres how mine looks like:
I changed the forward to accept under global on Flint 1, but still no IP address.
I guess my question is, how does the Flint 1 currently know which port I want to apply the VLAN to?
FINALLY FIGURED IT OUT!!!
What I forgot to do was go to the DHCP tab under br-lan.7 on the Flint 2 and click the green Set Up DHCP Server. This started up the DHCP service and I am now getting an IP address in the proper DCHP range on eth0.7 on the Flint 1.
So how do I now choose the LAN port I want for the VLAN on the Flint 1?
This depends how you want to configure the topology further 
But lets say you want port 2 only for the vlan network.
Then you need to go in luci → network → interfaces → devices tab
In br-lan you remove lan2.
And then you save it and create a new bridge device.
Here you add lan2 and eth0.7 you call the bridge device like br-lan2.
Then you can do the same create a new network interface with dhcp as protocol and as device br-lan2.
I was just writing back to you about what I did, it was exactly this.
The last step that that I was missing is creating a bridge that includes eth0.7 as well as the port on the Flint 1 that I want to use as the VLAN after removing said port from br-lan on the Flint 1. I set that up and boom! VLAN configured
xize11, your help has been indispensible!! You have pushed my networking knowledge with VLANs forward tremendously. Can you please check your direct messages?
