To assign a port to a specific VLAN, you need to untag the correct port. They're numbered weird in the config on the Flint 3. LAN1/WAN2 is port 7, LAN2 is port 6, LAN3 is port 5, and LAN4 is port 4. So, if I wanted my IoT VLAN30 on LAN3, I would untag port 5. Remember port 3 is the CPU and must be tagged in all VLANS, so I would tag port 3 and untag port 5 in the switch config for that VLAN.
uci set network.vlan_iot='switch_vlan'
uci set network.vlan_iot.device='switch1'
uci set network.vlan_iot.vlan='30'
uci set network.vlan_iot.ports='3t 5ut' **# THIS IS WHERE PORTS ARE SET**
Here is my complete script for creating an IoT VLAN30 with 2.4, 5, & 6Ghz WiFi and LAN3 assigned and no trunks.
uci set network.vlan_iot='switch_vlan'
uci set network.vlan_iot.device='switch1'
uci set network.vlan_iot.vlan='30'
uci set network.vlan_iot.ports='3t 5ut'
uci set network.eth1_30=device
uci set network.eth1_30.type='8021q'
uci set network.eth1_30.ifname='eth1'
uci set network.eth1_30.vid='30'
uci set network.eth1_30.name='eth1.30'
uci add network device
uci set network.@device[-1].type='bridge'
uci set network.@device[-1].name='br-iot'
uci add_list network.@device[-1].ports='eth1.30'
uci set network.iot=interface
uci set network.iot.proto='static'
uci set network.iot.device='br-iot'
uci set network.iot.ipaddr='192.168.30.1'
uci set network.iot.netmask='255.255.255.0'
uci set dhcp.iot=dhcp
uci set dhcp.iot.interface='iot'
uci set dhcp.iot.start='100'
uci set dhcp.iot.limit='150'
uci set dhcp.iot.leasetime='12h'
uci add firewall zone
uci set firewall.@zone[-1].name='iot'
uci set firewall.@zone[-1].input='ACCEPT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='REJECT'
uci add_list firewall.@zone[-1].network='iot'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='iot'
uci set firewall.@forwarding[-1].dest='wan'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='iot'
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-DHCP-IoT'
uci add_list firewall.@rule[-1].proto='udp'
uci set firewall.@rule[-1].src='iot'
uci set firewall.@rule[-1].dest_port='67-68'
uci set firewall.@rule[-1].target='ACCEPT'
uci add firewall rule
uci set firewall.@rule[-1].name='Allow-DNS-IoT'
uci set firewall.@rule[-1].src='iot'
uci set firewall.@rule[-1].dest_port='53'
uci set firewall.@rule[-1].target='ACCEPT'
uci add firewall rule
uci set firewall.@rule[-1].name='Block-IoT-Intra'
uci set firewall.@rule[-1].src='iot'
uci set firewall.@rule[-1].dest='iot'
uci set firewall.@rule[-1].target='REJECT'
uci set firewall.@rule[-1].proto='all'
uci add firewall rule
uci set firewall.@rule[-1].name='Block IoT WebUI'
uci set firewall.@rule[-1].src='iot'
uci set firewall.@rule[-1].target='DROP'
uci set firewall.@rule[-1].dest_port='22 80 443 8080'
uci set wireless.iot2g=wifi-iface
uci set wireless.iot2g.device='wifi0'
uci set wireless.iot2g.network='iot'
uci set wireless.iot2g.mode='ap'
uci set wireless.iot2g.ifname='wlan30'
uci set wireless.iot2g.ssid='IoT'
uci set wireless.iot2g.encryption='psk2+ccmp'
uci set wireless.iot2g.key='goodlife'
uci set wireless.iot2g.wds='1'
uci set wireless.iot2g.hidden='0'
uci set wireless.iot2g.isolate='1'
uci set wireless.iot2g.disabled='0'
uci set wireless.iot2g.ieee80211k='1'
uci set wireless.iot2g.bss_transition='1'
uci set wireless.iot5g=wifi-iface
uci set wireless.iot5g.device='wifi1'
uci set wireless.iot5g.network='iot'
uci set wireless.iot5g.mode='ap'
uci set wireless.iot5g.ifname='wlan31'
uci set wireless.iot5g.ssid='IoT'
uci set wireless.iot5g.encryption='psk2+ccmp'
uci set wireless.iot5g.key='goodlife'
uci set wireless.iot5g.wds='1'
uci set wireless.iot5g.hidden='0'
uci set wireless.iot5g.isolate='1'
uci set wireless.iot5g.disabled='0'
uci set wireless.iot5g.ieee80211k='1'
uci set wireless.iot5g.bss_transition='1'
uci set wireless.iot6g=wifi-iface
uci set wireless.iot6g.device='wifi2'
uci set wireless.iot6g.network='iot'
uci set wireless.iot6g.mode='ap'
uci set wireless.iot6g.ifname='wlan32'
uci set wireless.iot6g.ssid='IoT'
uci set wireless.iot6g.encryption='sae'
uci set wireless.iot6g.key='goodlife'
uci set wireless.iot6g.wds='1'
uci set wireless.iot6g.hidden='0'
uci set wireless.iot6g.isolate='1'
uci set wireless.iot6g.disabled='0'
uci set wireless.iot6g.ieee80211k='1'
uci set wireless.iot6g.bss_transition='1'
uci commit
reboot
Edit: I should add, if you make VLAN and you can't get an address on the lan port, go into Luci and the switch settings, and just click "save and apply". Then disconnect and reconnect to that port. I don't know why it does that when you set it up via SSH but sometimes it does and it took me a while to figure out.