Multiple separated networks (VLANs) over mesh

Hi, my desired final state is depicted in the picture.

Let me write more details of what I have and I want to achieve:
What I have (HW-wise):

  • Main router Linksys WRT1900ACS which is not good with Wifi and does not have support for Mesh technology. Otherwise it is alright and I would like to keep it as the main piece if it is possible
  • Two Asus RT-AX53U routers that should work only as a dumb AP to cover my whole house with WIFI
  • (guess not important for the issue, just putting here for completeness) ISP router (LTE) which does not have bridge mode available, thus has DMZ enabled

What I have (configuration):

  • LAN network for private trusted devices with access to internet (clients can see each other)
  • Separate IOT network for untrusted devices with no internet access, but accessible via VPN from outside (clients can see each other)
  • GUEST network for untrusted guest devices with access to internet (isolated clients)
  • To all of the above networks one can connect via WIFI SSID as well as ethernet connection via VLANs (e.g. Wifi network Guest + LAN2 ethernet connection on Linksys router)
  • The above networks cannot communicate among themselves, with the exception that LAN can access IOT network
  • All of this is configured in the main router via VLANs

What I have (for Wifi coverage):

  • Two Linksys AX4200 routers with proprietary firmware using Mesh to provide WIFI coverage for LAN network
  • Two Asus RT-AX53U routers with Openwrt using Mesh to provide WIFI coverage for IOT network
  • TP-Link repeater with proprietary firmware which extends (no fast roaming, different AP name) Wifi GUEST network from the main Linksys WRT1900ACS router

Desired state:

  • 3 separated networks: LAN, GUEST, IOT with possibility to connect via Ethernet cable and via WIFI in the whole house
  • Keep the restrictions as mentioned above
    • IOT network cannot access internet form inside, however is accessible via VPN from outside
    • Guest network can access internet but no other network and clients are isolated
    • LAN network for trusted devices with access to internet and to IOT network

In short I would like to have 3 separate networks one can connect to via cable as well as via WIFI and potentially get rid of unneeded HW - use just Linksys WRT1900ACS main router and two Asus RT-AX53U for wifi coverage (and thus remove two Linksys AX4200 and TP-link repeater).

How can I do that? Is it even possible?
Thank you.

Have a look at this tutorial for a way to achieve this via batman-adv.

Here is another excellent batman mesh tutorial DIY MESH WiFi with batman-adv and OpenWrt (

OneMarcfifty also has a tutorial about vlans via wifi:

Thank you, I was able to make it work. I used both tutorial mentioned by @p.p and also the video from OneMarcFifty.
Thanks again.

