I have exactly that configuration (three extra VLANs), each with it's own DHCP configuration, all configured through the GUI, and it works well.
Here is what I did:
- In 'Network/Switch', I created a new VLAN with ID 3. I set all of the switch ports to 'Off', then I tagged VLAN 3 on Eth0 and LAN 3. This means that anything plugged into LAN 3 on the router is connected internally to VLAN 3. (Be aware that port numbers may not match switch numbers - check the documentation for your router.)
- In 'Network/Interfaces' I created a new interface and named it 'VLAN3'. Enter the base IP address that you want to use on this VLAN. I used 192.168.13.1 (VLAN3 gets .13.1, VLAN4 gets .14.1, etc.).
- Click on the 'Physical Settings' tab, and select 'eth0.3' as the interface.
- Click on 'Firewall Settings' and create a firewall zone for the VLAN; I named the firewall zone 'VLAN3'. This step isn't strictly necessary, but people creating a VLAN usually want some kind of special isolation/security around it. Creating a firewall zone for your VLAN creates a custom INPUT, FORWARD, and OUTPUT rule chain for VLAN3; this makes it easy to see where to insert your rules. For example:
# VLAN3 is for IP cameras, or anything else that should be strictly contained to just its own VLAN
# Block VLAN3 from accessing the Internet or anything inside the house
iptables -I forwarding_VLAN3_rule -s 0.0.0.0/0 -j DROP