I'm wondering why there is still no official statement on this? A lot of people are requesting it. I'm currently setting up my OPNSENSE router and was really disappointed when finding out that my Deco doesn't support VLAN tagging in AP mode.

But it seems pointless to beg for it cause tp-link is not considering it apparently.

I'm also going to jump on the bandwagon.

I want to use the guest network for my IoT devices. I already have DHCP, DNS, firewall, router etc on my network so my Decos have to be in AP mode.

VLAN tagging is a requirement for this configuration.

  @TP-Link 

I use my 3 Deco M5 in AP mode and I provide network parameters from my own dhcp server. I also have my own internal DNS server. According to your explanation, my guest devices won't be able to talk to my DNS server (which is the case). There is no indication of the "vlan" or a different Relay Agent IP Address in the dhcp discover and request packets. How do I know which DNS ip address I should send to the guest dhcp client in an offer or ack reply without a VLAN ID or a Relay Agent IP Address?

SSID Wall-e:
No. Time Vlan Source Destination Protocol Length Info
1 21:31:43.418366240 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID 0xf1cc91c5
Frame 1: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) on interface 0
Ethernet II, Src: 10:00:20:81:54:65, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Bootstrap Protocol (Discover)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0xf1cc91c5
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 10:00:20:81:54:65
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Discover)
Option: (55) Parameter Request List
Option: (57) Maximum DHCP Message Size
Option: (61) Client identifier
Option: (51) IP Address Lease Time
Option: (12) Host Name
Option: (255) End
Padding: 000000000000000000000000000000000000

SSID Wall-e_guest:
No. Time Vlan Source Destination Protocol Length Info
7 21:31:54.667481552 0.0.0.0 255.255.255.255 DHCP 342 DHCP Discover - Transaction ID
0x8e8893a5
Frame 7: 342 bytes on wire (2736 bits), 342 bytes captured (2736 bits) on interface 0
Ethernet II, Src: 10:00:20:81:54:65, Dst: ff:ff:ff:ff:ff:ff
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Bootstrap Protocol (Discover)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x8e8893a5
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: 10:00:20:81:54:65
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Discover)
Option: (55) Parameter Request List
Option: (57) Maximum DHCP Message Size
Option: (61) Client identifier
Option: (51) IP Address Lease Time
Option: (12) Host Name
Option: (255) End
Padding: 000000000000000000000000000000000000

  @ArcticCascade Yeah same here. @TP-Link Without some way to configure the guest network, the feature is unusable for anyone with a custom DHCP/DNS/etc setup

@TP-Link 

most people need basic configuration for Access Points. However, some small offices need a good mesh network and some advanced configurations for Vlans. 

Multi-SSID, VLAN's and networking isolation should be an access point mode must have since some of your switches already provide it.

What is causing the delay for that feature is available on Deco's?

Thank you!

I've just run into this issue as well. Switching to the Omada line will not be cheap - I have two X90 and five M9 plus units.

My workaround has been to have the router hand out two DNS IPs - where they can only be reached from their individual networks. A RPi Zero W connected onto the guest WLAN and a regular server that's connected to the main network.

This gives me _some_ control over the guest network devices compared to main, but lacks endless amounts of functionality VLAN tagging would offer.

I bet tp-link is ignoring this request at all. We need VLAN tagging. A simple use case would be, for guest network, I'd like my guest to access my TV but not other IOT devices. My TV has ethernet and wiresless - ethernet is assigned with an IP address within the main network thus discoverable by trusted devices, and wireless I assigned it to guest VLAN so that guests can discover and play stuff on it. Simply masking everything off in guest network is not a solution for us. VLAN tagging is a simple request as well.

Also my guest devices are randomly assigned IP addresses as my main router has no clue about those devices. This mess up my DHCP reserve patterns.

For the BE95 and all others, supporting tagged traffic is a no-brainer in AP mode, especially on a pair of devices that cost $1200.

Congratulations, TP Link. Your customer base been asking for this basic capability for three years, yet the only official response from TP Link has been, "What do you need that for?" Many have responded. More have asked for this again and again.

Due to lack of attention to your customers, I have decided to replace my Deco M series mesh WiFi. You can safely bet the solution won't have a TP-Link nameplate on it.