OK so how many VLANs are you looking to setup, just the two, one without tagging (VLAN0) and one with tagging (VLAN1)? What tag number are you using for the tagged VLAN? I personally have 3 VLANs, an untagged VLAN0, VLAN1 with a tag of 10 (this is for my guest WiFi) and a VLAN2 tagged with 20 (this is for my IOT devices).

This is my port setup on my 2862, note that VLAN0 is served by an external DHCP server while the other two VLANs obtain their leases from the internal Draytek DHCP server on two different subnets

https://app.box.com/s/0d86vs3fczpnd5ntu5k2p8ob6msdw1jm

Here is the VLAN setup on one of my two APs, SSIDs 1 & 4 will have access to my main network, the guest network is isolated from the main network and client to client and SSID 1 is isolated from everyone else and has a hidden SSID

https://app.box.com/s/8i0w0jfqo6gv27dl7iaq21pph3mc2fo4

When you say that it kills that 'guest' port 6 on the 2860 what exactly are you using as a guage of this, are you pinging the gateway from the guest device or from the 2860 to the guest device or are you trying from another device elsewhere. Are you putting your VLANs on separate subnets, if yes have you setup inter-lan routing and firewall rules on the 2860?

Thanks for the reply.
The computer that is connected to port 6 looses its connection to the internet as soon as I enable tags.
I am looking for two Vlans one untagged, one tagged.

Link to port set up here:
https://www.dropbox.com/s/9ltsextmvb4thgp/Port%20Settings.bmp?dl=0

As it is in this picture all works fine, but, I cannot use the AP-900's to run 2 SSID's as I lose the internet connection on the hard wired guest port 6 as soon as I enable the tagging.
I was using the tag of 10 as you can see in the screenshot greyed out, the internal network is untagged.
Thus I cannot extend the guest network wifi which is a bit of a pain because of what it is used for.

I think you've linked to the wrong screenshot, that looks like firewall rules, not VLAN setup

SORRY!!!
Try this one, I'm getting issues with our Acronis backup software too as it doesn't like https on our Synology!

https://www.dropbox.com/s/8yownw74gc1vkbr/Firewall%20Settings.bmp?dl=0

I'm seeing the same screenshot again.

Out of interest which firmware version are you using on your 2860?

Regarding your lack of internet on the port 6 device, can you ping the 2860's gateway IP from it which you can find by doing "ipconfig /all" (sorry if this is stuff you already know), if the gateway is reachable then can it ping its DNS servers? Is it configured to use your ISP's DNS servers or another DNS server on your network (if you're using your own DNS then this would also have to be added to your VLAN)? Also what about ping from the 2860 to the port 6 device, does that work?

3rd time lucky?
https://www.dropbox.com/s/ewj1uh43g04412f/VLan%20port%20tags.gif?dl=0


This should be the dashboard view, with the external addresses redacted.
https://www.dropbox.com/s/nrv2fnte69vvxit/System%20Status-Redacted.gif?dl=0

I'll have to do the checks you're asking for in the morning.
I do know what you are talking about, so it should be no issue to do the checks.