I do not have your router so I am not 100% sure (there are routers where the switch is not configurable)
But usually this is possible.
You need two things
-
Policy routing to route only some clients/interfaces via the VPN e.g.
Policy-Based-Routing (pbr) package discussion -
Setup and interface for LAN port 4. It is largely like a guest network but instead of configuring a wireless interface you set the LAN port 4 to the created bridge.
How to do that is dependant on your router and you have to look that up or wait for someone to chime in
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guest-wlan
Then with Policy based routing you route that newly created bridge with its LAN port 4 via the VPN.