Options for MAC or port based VLAN

I’ve got to the point where I finally want to set up VLANs

What options do I have for the following three scenarios:

• Creating VLANs based on Ethernet port - I’m about to hang a small 100/1000 router off one port as I’ve run out of gigabit ports and have a few devices that need <=100 megabit each. I’d like to put them on their own VLAN at the same time and am happy for everything on a single Ten64 port be assigned a specific VLAN

• Allowing my WAP to create VLANs - I realised the TP Link Omada I’m using supports PPSK to create VLANs based on different passwords for the same SSID. Cool, not quite sure how to use it, but will this work with the Ten64?

• MAC-based VLAN - I think this is the one that’s least likely to work. I am not sure if it’s supported by OpenWRT at all and if it was, what the performance impact would be.

The way I do VLANs at the moment is to specify ethX.VLANID as a port on the bridge. (It can also be done direct on an interface if L2 forwarding is not desired)

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'
	list ports 'eth1.2'

config device
	option name 'br-iot'
	option type 'bridge'
	list ports 'eth4'
	list ports 'eth3.5'

So in the above example, br-lan comes out untagged on eth0, and tagged as VLAN2 on eth1.
br-iot comes out untagged on eth4 and as VLAN 3 on eth3

I believe you can do it the reverse and have VLANs defined with child ports (similar to how it works on other networking OS’es), but I have not tried that myself yet: [OpenWrt Wiki] VLAN.