I have recently installed a Brume 3 GL-MT5000 on my home network and it works great. I have my internet provider in WAN port, a Simpoyo 4G failover in the USB port, and an unmanaged switch with Eero wifi and other devices in LAN port 1 that are assigned IP addresses over DHCP in the 192.168.1.X range.
What I want to do next is plug an unmanaged switch in to LAN port 2 and have any devices connected there isolated from the rest of my network and given addresses in the 192.168.20.X range. They need internet access from the WAN/4G but I do not want them to be able communicate locally with anything connected to LAN port 1.
I am familiar enough with the Gl.inet admin interface, LuCi, and SSH access to carry out whatever work I need to do to make this happen, but I made the mistake of trying to get Claude AI to help me and after hours of trying I didn't ever get there.
I stopped and thought "this must be a pretty common use case, I must be overcomplicating it!" and that is why I find myself here in the forum asking for help 
I searched for other posts, but except for one post, I only found some references to the OpenWRT VLAN documentation and trying to follow that confused me. I can provide screenshots of my current config in LuCi if needed, although really I would like to start over.
Is somebody able to help me, step by step, get this working please? Any help much appreciated!
Thank you
