So I’ve been wanting to setup a couple VLAN’s but I run openwrt on an RPI and then through to a managed core switch and two downstream switches.
I also have an eero mesh network.
I’d like to tag / identify certain devices into separate vlans but software wise instead of by port, since many of my devices are connected to the same SSID.
Additional step is that I’d like to separate by VLAN not only to simplify rules and segregation but I also run an PiHole for DNS filtering. However I don’t want to apply the PiHole DNS to my work and guest network. Which, I can’t see another way without creating VLAN’s.
I’ve done a ton of reading and YouTube tutorials but many of them seem to need to be tied to specific ports, which doesn’t work in my case.
It is possible to run a single SSID with multiple VLANs -- the password used to connect will determine the VLAN to which the client is connected.
I don't know if this can be achieved with the Pi's wifi, but it's not worth even trying because of the poor performance of the on-board wireless functions of hte Pi.
If you want to do the above, your APs need to be running OpenWrt since the stock firmware almost certainly doesn't support this functionality.
As for wired connections -- you'll need managed switches (which it sounds like you have, at least for your core switch) in order to properly configure the VLANs. On wired connections, you will need to do this port based unless the devices are sufficiently advanced as to be able to use 802.1x authentication methods (i.e. computers, tablets, phones; iot devices won't have this functionality).