VLAN not working

# /etc/config/dhcp
uci set dhcp.guest=dhcp
uci set dhcp.guest.interface='guest'
uci set dhcp.guest.start='100'
uci set dhcp.guest.limit='150'
uci set dhcp.guest.leasetime='12h'
uci set dhcp.guest.dhcpv4='server'
uci set dhcp.guest.dhcpv6='server'
uci set dhcp.guest.ra='server'
uci set dhcp.guest.ra_slaac='1'


# /etc/config/firewall
uci add firewall zone
uci rename "firewall.@zone[-1]"='guest'	
uci set "firewall.@zone[-1].name"='guest'
uci set "firewall.@zone[-1].input"='REJECT'
uci set "firewall.@zone[-1].output="'REJECT'
uci set "firewall.@zone[-1].forward="'REJECT'
uci add_list "firewall.@zone[-1].network"='guest'


# /etc/config/network
uci add network bridge-vlan
uci rename "network.@bridge-vlan[-1]"='vlan-1'
uci set "network.@bridge-vlan[-1].device"='br-lan'
uci set "network.@bridge-vlan[-1].vlan"='1'
uci add_list "network.@bridge-vlan[-1].ports"='lan3'
uci add_list "network.@bridge-vlan[-1].ports"='lan4'
uci add_list "network.@bridge-vlan[-1].ports"='lan5'
uci add_list "network.@bridge-vlan[-1].ports"='lan6'
uci add_list "network.@bridge-vlan[-1].ports"='lan7'
uci add_list "network.@bridge-vlan[-1].ports"='lan8'
uci add_list "network.@bridge-vlan[-1].ports"='lan9'
uci add_list "network.@bridge-vlan[-1].ports"='lan10:t*'
uci add_list "network.@bridge-vlan[-1].ports"='lan11:t*'
uci add_list "network.@bridge-vlan[-1].ports"='lan12'


uci add network bridge-vlan
uci rename "network.@bridge-vlan[-1]"='vlan-2'
uci set "network.@bridge-vlan[-1].device"='br-lan'
uci set "network.@bridge-vlan[-1].vlan"='2'
uci add_list "network.@bridge-vlan[-1].ports"='lan10:t'
uci add_list "network.@bridge-vlan[-1].ports"='lan11:t'

uci set network.lan.device='br-lan.1'
uci set network.lan.vlan_filtering="0"

uci set network.guest=interface
uci set network.guest.device='br-lan.2'
uci set network.guest.proto='static'
uci set network.guest.ipaddr='192.168.27.1'
uci set network.guest.netmask='255.255.255.0'
uci set network.guest.ip6assign='60'

cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd4e:813a:4b7d::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'lan5'
	list ports 'lan6'
	list ports 'lan7'
	list ports 'lan8'
	list ports 'lan9'
	list ports 'lan10'
	list ports 'lan11'
	list ports 'lan12'

config interface 'lan'
	option device 'br-lan.10'
	option proto 'static'
	option ipaddr '192.168.7.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option vlan_filtering '1'

config device
	option name 'br-wan'
	option type 'bridge'
	list ports 'wan1'
	list ports 'wan2'

config device
	option name 'wan1'
	option macaddr 'e0:cb:bc:25:6e:9c'

config device
	option name 'wan2'
	option macaddr 'e0:cb:bc:25:6e:9c'

config interface 'wan'
	option device 'br-wan'
	option proto 'dhcp'
	option peerdns '0'
	list dns '8.8.8.8'
	list dns '8.8.4.4'

config interface 'wan6'
	option device 'br-wan'
	option proto 'dhcpv6'
	option peerdns '0'
	list dns '2001:4860:4860::8844'
	list dns '8.8.4.4'

config interface 'fr'
	option proto 'none'
	option delegate '0'
	option device 'tun0'

config interface 'hk'
	option proto 'none'
	option delegate '0'
	option device 'tun1'

config interface 'uk'
	option proto 'none'
	option delegate '0'
	option device 'tun2'

config interface 'us'
	option proto 'none'
	option delegate '0'
	option device 'tun3'

config interface 'docker'
	option device 'docker0'
	option proto 'none'
	option auto '0'

config device
	option type 'bridge'
	option name 'docker0'

config bridge-vlan
	option device 'br-lan'
	option vlan '20'
	list ports 'lan10:t'
	list ports 'lan11:t'

config interface 'guest'
	option device 'br-lan.20'
	option proto 'static'
	list ipaddr '192.168.27.1'
	list netmask '255.255.255.0'
	option ip6assign '60'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'lan5'
	list ports 'lan6'
	list ports 'lan7'
	list ports 'lan8'
	list ports 'lan9'
	list ports 'lan10:u*'
	list ports 'lan11:u*'
	list ports 'lan12'

cat /etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list device 'tun0'
	list device 'tun1'
	list device 'tun2'
	list device 'tun3'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule 'wan_ssh'
	option name 'WAN SSH'
	option src 'wan'
	option dest_port '22'
	option target 'ACCEPT'
	option family 'ipv4'
	list src_ip '192.168.0.0/16'

config rule 'wan_http'
	option name 'WAN HTTP'
	option src 'wan'
	option dest_port '80'
	option target 'ACCEPT'
	option family 'ipv4'
	list src_ip '192.168.0.0/16'

config zone 'z_fr'
	option name 'FR'
	option input 'REJECT'
	option output 'REJECT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'fr'

config forwarding 'f_fr'
	option src 'lan'
	option dest 'FR'

config zone 'z_hk'
	option name 'HK'
	option input 'REJECT'
	option output 'REJECT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'hk'

config forwarding 'f_hk'
	option src 'lan'
	option dest 'HK'

config zone 'z_us'
	option name 'US'
	option input 'REJECT'
	option output 'REJECT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'us'

config forwarding 'f_us'
	option src 'lan'
	option dest 'US'

config zone 'z_uk'
	option name 'UK'
	option input 'REJECT'
	option output 'REJECT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'uk'

config forwarding 'f_uk'
	option src 'lan'
	option dest 'UK'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'

config include 'pbr'
	option fw4_compatible '1'
	option type 'script'
	option path '/usr/share/pbr/pbr.firewall.include'

config zone 'docker'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option name 'docker'
	list network 'docker'

config zone 'guest'
	option name 'guest'
	option input 'REJECT'
	option output 'REJECT'
	option forward 'REJECT'
	list network 'guest'

uci add network bridge-vlan
uci set "network.@bridge-vlan[-1].device"='br-lan'
uci set "network.@bridge-vlan[-1].vlan"='1'
uci add_list "network.@bridge-vlan[-1].ports"='lan3:u*'
uci add_list "network.@bridge-vlan[-1].ports"='lan4:u*'
uci add_list "network.@bridge-vlan[-1].ports"='lan5:u*'
uci add_list "network.@bridge-vlan[-1].ports"='lan6:u*'
uci add_list "network.@bridge-vlan[-1].ports"='lan7:u*'
uci add_list "network.@bridge-vlan[-1].ports"='lan8:u*'
uci add_list "network.@bridge-vlan[-1].ports"='lan9:u*'
uci add_list "network.@bridge-vlan[-1].ports"='lan10:t*'
uci add_list "network.@bridge-vlan[-1].ports"='lan11:t*'
uci add_list "network.@bridge-vlan[-1].ports"='lan12:u*'

uci set network.lan.device='br-lan.1'
uci set network.lan.vlan_filtering="1"

uci add network bridge-vlan
uci set "network.@bridge-vlan[-1].device"='br-lan'
uci set "network.@bridge-vlan[-1].vlan"='2'
uci add_list "network.@bridge-vlan[-1].ports"='lan10:t'
uci add_list "network.@bridge-vlan[-1].ports"='lan11:t'

uci set network.guest=interface
uci set network.guest.device='br-lan.2'
uci set network.guest.proto='static'
uci set network.guest.ipaddr='192.168.8.1'
uci set network.guest.netmask='255.255.255.0'
uci set network.guest.ip6assign='60'

uci set "dhcp.guest"=dhcp
uci set "dhcp.guest.interface"='guest'
uci set "dhcp.guest.start"='100'
uci set "dhcp.guest.limit"='150'
uci set "dhcp.guest.leasetime"='12h'
uci set "dhcp.guest.dhcpv4"='server'
uci set "dhcp.guest.dhcpv6"='server'
uci set "dhcp.guest.ra"='server'
uci add_list "dhcp.guest.ra_flags"='managed-config'
uci add_list "dhcp.guest.ra_flags"='other-config'

uci add firewall zone
uci rename "firewall.@zone[-1]"='guest'	
uci set "firewall.@zone[-1].name"='guest'
uci set "firewall.@zone[-1].input"='REJECT'
uci set "firewall.@zone[-1].output="'ACCEPT'
uci set "firewall.@zone[-1].forward="'REJECT'
uci add_list "firewall.@zone[-1].network"='guest'

uci add firewall rule
uci rename "firewall.@rule[-1]"='guest_dns'
uci set "firewall.@rule[-1].name"='Allow-DNS-guest'
uci set "firewall.@rule[-1].src"='guest'
uci set "firewall.@rule[-1].proto"='udp'
uci set "firewall.@rule[-1].dest_port"='53'
uci set "firewall.@rule[-1].target"='ACCEPT'

uci add firewall rule
uci rename "firewall.@rule[-1]"='guest_dhcp'
uci set "firewall.@rule[-1].name"='Allow-DHCP-guest'
uci set "firewall.@rule[-1].src"='guest'
uci set "firewall.@rule[-1].proto"='udp'
uci set "firewall.@rule[-1].dest_port"='67'
uci set "firewall.@rule[-1].target"='ACCEPT'
uci set "firewall.@rule[-1].family"='ipv4'

uci add firewall rule
uci rename "firewall.@rule[-1]"='guest_dhcpv6'
uci set "firewall.@rule[-1].name"='Allow-DHCPv6-guest'
uci set "firewall.@rule[-1].src"='guest'
uci set "firewall.@rule[-1].proto"='udp'
uci set "firewall.@rule[-1].dest_port"='547'
uci set "firewall.@rule[-1].target"='ACCEPT'
uci set "firewall.@rule[-1].family"='ipv6'

uci add firewall forwarding
uci rename "firewall.@forwarding[-1]"='f_guest_wan'
uci set "firewall.@forwarding[-1].src"='guest'
uci set "firewall.@forwarding[-1].dest"='wan'