Dynamic VLAN and RADIUS

Installing and Using OpenWrt
#1

Hello, i need some help please.
I'm using t-link wireless AC1750 (EAP245v3) with OpenWrt 21.02.0
i already move from wpad-mini to wpad.

I have configure my wifi interface to get dynamic vlan from my radius and it seems to work (i can log the authnetication and get the tunnel-pvid: 64 (which is the name of my internal vlan)

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrtest'
        option encryption 'wpa2'
        option server 'XXX.XXX.XX.XX'
        option key 'XXXXXX'
        option dynamic_vlan '1'
        option 'vlan_tagged_interface' 'eth0'
        option 'vlan_bridge' 'br-vlan'
        option 'vlan_naming' '0'

My problem is to assign vlan, the AP is connected to admin VLAN on physical port ETH1 and nothing on eth2

i would like to have 3 vlan (1 for guest (53) 1for intranet (54) an one for extranet (64)

my network file is like that
/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd44:6105:14d9::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ip6assign '60'
        option ipaddr '192.168.XXX.XXX'
        option netmask '255.255.252.0'
        option gateway '192.168.XXX.XX'
        list dns 'XXX.XXX.XXX.XXX'
        list dns_search 'xxxxxx
      

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0t 2 5'
        option vid '1'
        option description 'local'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option vid '64'
        option description 'EXTRANET'
        option ports '2t'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '53'
        option description 'INTRANET'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option vid '54'
        option description GUEST'

It is not working, i think i have forget something betwin tag an untag vlan and différence between CPU card / and physical card.

Can someone help me.

Thanks a lot (and sorry for my english)