How to separate Home Automation lan on Flint 2 router

OK, I just got a new Flint 2 router, and I was planning to use VLANs to separate my Home Automation devices from the Computers, phones, etc on the LAN. But I haven’t seen any way to setup VLANs in the UI!
[FYI, The router gets Internet from Comcast cable gateway in Bridge mode, and I’m using a Pi-Hole instead of AdBlocker. Everything is working OK so far.]
So, the plan is to put the automation & IoT devices on the Guest Network (I haven’t actually put them on yet, I’ve only just activated the Guest-net. I’ll have to reset each device separately and reconnect it.)
Will this work? I have “AP Isolation” enabled, because I want them separated, BUT I do need to be able to have my Home Assistant server to be able to talk to the devices.

The main LAN is 192.168.1.xxx, and the Guest Network is 192.168.9.xxx.

Also, in the DHCP server, I enabled the DHCP for the Guest Network, but there was no way to add any IP reservations (I need all IP addresses reserved to ensure every device always get the same IP), so I put the reservations in the “LAN” DHCP server. (It seemed to accept them, even though they’re on a different subnet, but I suspect that doesn’t mean anything necessarily.)
So, here are my questions:

1. Will I be able to access my IoT devices on the 192.168.9.0/8 subnet from the 192.168.1.0/8 subnet? ( I suspect it will require some configuring in the openwrt firewall, but I have no clue.)
2. If that is NOT the correct way to do Address Reservations for DHCP on the Guest (Wifi) Network, how else can I do it?!
   Sorry, gotta shut down quick, my laptop has low battery, but it’s plugged in. I need to figure out why that is before it’s totally depleted!
   Thanks in advance for any help!

Advanced usage requires advanced configuration

Time to get into OpenWrt and luci

Not by default, since it’s against the reason for a guest network. It will require changes in the firewall in luci, yep.

Luuuuuuuciiiiiii~

firewall IoT: Setting up an outbound Internet of Things (IoT) firewall with OpenWRT | Daniel P. Gross

vlans: OpenWrt: bridge VLAN filtering for OpenWrt 21.x with DSA, isolated guest Wi-Fi | Fabian Lee : Software Engineer

and

mdns: Resolving mDNS across VLANs with Avahi on OpenWRT – Just another Linux geek

Thanks for the quick reply, folks!
This is VERY helpful.
Now all I have to do is translate these refs from using openwrt on other different routers & versions to using the LuCl interface on the Flint2 router, lol.
I don’t think it will be difficult. I’ll let you know if I have more questions, but I think I can figure it out now.

(As a “FYI,” just for giggles, I got my Network Eng diploma w-a-a-ay back in 2009, but I haven’t done any actual network stuff since, except occasional things on my home LAN.
I probably used more of what I learned in 2009 back in 2006 (before I learned it, lol) when I was doing actual network config stuff (but didn’t understand some of what I was doing then).
I primarily got the diploma to understand networks, for the purpose of working with microcontroller dev, and for times like now when I want to upgrade my network, or maybe help a friend. (I can’t tell you how many times I’ve used that knowledge to help someone figure out REALLY basic problems with their home network! (ha, ha)))

Oh, yeah, also, I know I made a frantic reference in my OP about my laptop battery dying. That’s cuz while I was finishing typing the post, my laptop notified me that my battery was almost dead—but it was plugged in! I just barely got the thing posted when the laptop just QUIT all at once.
Well, it turns out my charger/power supply died somewhere along the way, earlier this afternoon. But I didn’t notice, and I guess I need to check my settings for when the low battery warning kicks in. It was really dead-dead. But I’m now using a different one (borrowed from wife) and have a new one on order.
Thanks again for all the info!

< cough, cough> To save you some sanity:

https://meldmerge.org/

All these suggested guides are excellent! I don’t think I’ll have any problem implementing What I need to do.
Only one problem I have now…and that’s physical access to the router. From my recliner in my FROG, I only have wireless access to the router. In the past, I have only configure routers while physically connected, either by an Ethernet cable or a serial cable. So far, I’ve never been “locked out,” but I think that’s why.
I’m guessing that I probably shouldn’t try to configure the network ports (into vlans) and start messing with firewall settings while being connected to the router by one of the radios that I’ll be configuring…right?
Unless…I can somehow manage to implement all the changes at once! (?)
But since it’s 2 steps, first the hardware interfaces, then firewall zones & rules, I don’t see how that’s possible…
Well, if nobody has any advice before I actually get to it later today, well, I’ll hafta just figure it out! (The router is downstairs in the “office,” but in this tiny, tiny house, we have no storage, and there’s just too much stuff in there to comfortably sit while connected via a cable! I know, such ‘hardship!’)

One concern I do have, though, this one I don’t understand–it about basic router performance.
That is, this is supposed to be a powerful and fast router. But it seems like since I installed it, it has been very slow. If I want “speed,” I have to connect directly to the Wifi on the Xfinity Gateway (which is in “bridge” mode, but the wifi cannot be turned off). That simply bypasses the router, but then I don’t have access to any LAN storage or my printer. My previous Netgear N600 router was faster, and also had a stronger wireless signal. At this point, there are not even a lot of devices connected to the router, since all my IOT stuff is wireless, and since I plan to create a separate vlan for it, none of it is connected yet.
Also, my laptop cannot even connect to the 5 GHz band Wifi on this Flint 2 router. I don’t know why that is–I connected regularly to the older 5 GHz on the Netgear device.
Hmmmm.
(My wife brought up a good point: that right now, much of the country is covered with snow and cold temps. In fact, it’s even cold here in SC, it got to 24 F last night. I know the cold, and ice & snow is affecting transport of materials, maybe it’s affecting servers in some way, or maintenance repairs? But that doesn’t explain the Wifi on the router, or why the delays mostly go away when I bypass the router…)
Thanks, anyway, for the excellent references to tutorials & learning materials!!

There’s no way I would attempt setting VLANs remotely. VLANs = routing = firewall reloading = entire network interface dameon (netifd) reloading. One fat fingered keystroke = locked out.

opkg update; opkg install iperf3

Follow this guide then:

Sorry, I like my posts more than some on the internet

I would have linked that if I knew about it.

OK, well, thanks again to everyone who provided links to guides and so forth.
I was able to figure it out, even though none of the articles dealt with a Flint 2 router, and in fact they were all “straight” openwrt.
(*As I understand it, GL-inet has “blended” the various firmware apps (WG, AdBlock, etc) and created their own custom UI. So that explains why the Luci interface wasn’t the same exactly. Also it was different hardware than any of the guides I saw.)

Also, I didn’t have to go down into the crowded office to plug in to the router, I remembered that I had setup 2 managed switches between there and the loft where I am, for things like the Tivo, and other such equipment. So, I just plugged into that, and made sure that port was on my main “LAN” router port (and untagged).

Everything works well. I’ve tested it, and all the conditions are met.
I documented everything I did, and I also ran a ssh session to be able to print the contents of etc/config/network and etc/config/firewall. So, I have that plus screen grabs of the changes to interfaces, devices, etc.
So, if anyone else ever needs any help with this, I’m glad to share what I did.
It wasn’t even as difficult as i thought it might be, lol.

Now I just have to reset and reconnect every Home-Automation device, and connect each one to the IOT LAN (wifi mostly). I suspect that some of them will be difficult, since I’m not allowing that vlan to access the internet! (Some of them --the commercial ones-- require their own app, and I’m pretty sure they want internet connectivity on those.) Once I get them configured and onto the wifi, I can see them in my Home Assistant interface.
In fact, our Alarm.com panel does attach to the wifi, and I know the company used it one time to speak to us when we accidentally set off the alarm. Because of that, I am inclined to connect it to the main LAN (at least for now), although I’d prefer to have it on the IOT-LAN where it cannot access anything else! (But I can access the IOT-LAN from the main LAN for config and admin.) They do claim the system works without the panel being connected to the wifi.
So, all is well. I like the new GL-MT6000 router, I was due for an upgrade.
Though, just for fun, I’m going to put openwrt on my old Netgear WNDR3700v4 router and see how it performs. That router has a good radio on it.