OK, some good news
Close ... LOL. I did re-flash clean, but had to use 21.02. Long story there, but I'm rolling my own, and have an issue going all the way back to 19.07 (files have moved around, can't really apply my latest kernel fixes). But that's OK, because ...
Again, sort of . I did use LuCI, like you suggest - but in 21.02, for this router, no switch page (DSA router, right?). Rather, I went to Devices ... created two VLAN's. VLAN 1 on Port 3 and 4 (untagged), and VLAN 250 on Port 1 and 2 (tagged) => keep them isolated.
First test, VLAN 1 ... only Port 3 and 4 included, and untagged. Connected to my PC (untagged, access port, like you said) ... works! But a slight note - I had to modify the lan interface, to point to this new VLAN (i.e. br-lan.1, vs br-lan). Agreed? At least to me it makes sense to do that.
Yep. Next up, new interface, connected to br-lan.250. Similar to above, have to connect the interface to the VLAN device (i.e. br-lan.250) ... set up the static IP (different subnet), DHCP on. Connect to my switch (tagged traffic to this port) - and it works! And LuCI is happy, also ssh, scp. It's all flying . And WAN still works. So cool.
As above, and then I decided to take the training wheels off - or that's what it felt like, when I disconneted the access port (Port 4). Still all good. over the VLAN.
BTW, I also did check, for interest,
tcpdump -ennv -i br-lan 'vlan 250 and (port 67 or port 68)'. I could see the VLAN tagged traffic (correct vlan), and the DHCP packets flying around. So cool.
Really appreciate the help and pointers - thanks!
Now, do we want to go back to fighting with the other router (switch issues?)? Ya, I'm a glutton for punishment ... LOL! But that is the router I'd actually like to use, if possible. And I think it should be workable?
In any case - sincere thanks!!!