Yeah in Cisco land you need to configure the interface as a trunk if you want it to have multiple vlans or support tagged vlans.

The native vlan is the untagged vlan, all other vlans are tagged. An interface can only have one untagged vlan but multiple tagged vlans.

You would have your configuration as;

switchport mode trunk

switchport trunk native vlan (your untagged vlan)

switchport trunk allowed vlan (your tagged vlan/vlans)

@AndRam 

Thanks for clarification. Do i need to apply the trunk config to all the switchport facing the Decos? I have 2 M5 (one of them is the main) and 2 M4R in my environment.

@jarbiscuit I've only been using Deco a few days and seeing the diagram it make a bit more sense. Your Main Deco will be wired into 2 ports, 1 port vlan 70 accces, port 2 vlan 71 access, you shouldn't need to trunk/tag vlans.

All other AP's will be vlan 71 as an access port.

The only time I think you need to use vlan tagging/trunk ports is if you are looking to use Guest WiFi.

@AndRam yep. I have no problem with normal wifi setup using access. But i hit roadblock when trying to setup guest wifi 😭

@jarbiscuit yeah if you are doing wired backhaul with guest wifi then it your port config for each device would be

Main Deco
Port 1 - Access vlan 70

Port 2 - Trunk native/untagged 71, tagged 591(tp link default guest vlan)

All other Deco's

Port 1 - Trunk native/untagged 71, tagged 591

@AndRam should i also configure on the trunk between the switches on ground floor and first floor?

Switchport trunk native vlan 71

@jarbiscuit on the trunk between switches vlan 71 should be tagged not native. Your M4's will send backhaul to the switch with an untagged frame. By making vlan 71 native on the cisco port, the switch then tags the frame on VLAN 71 and when it is forwarded across the trunk to the other switch it will already be tagged.

Cisco by default on a trunk port will allow all tagged vlans, but its generally considered best practice to allow specific vlan's using the "switchport trunk allow vlan" statement

@AndRam i somehow can imagine the configuration based on your input.

Ground Floor:

Switch A

interface gi1/0/1

  description "M5 Main Deco from Internet"

  switchport mode access

  switchport access vlan 70

interface gi1/0/2

  description "M5 Main Deco Backhaul"

  switchport mode trunk

  switchport trunk native vlan 71

  switchport trunk allowed vlan 591

interface gi1/0/10

  description "AP1 - M4R Deco Ethernet"

  switchport mode trunk

  switchport trunk native vlan 71

  switchport trunk allowed vlan 591

interface gi1/0/25

  description "Cascade switch to Level 1"

  switchport mode trunk

  switchport trunk allowed vlan 71

===================

Level 1

Switch B

interface gi1/0/1

  description "AP2 - M5 Deco Ethernet"

  switchport mode trunk

  switchport trunk native vlan 71

  switchport trunk allowed vlan 591

interface gi1/0/2

  description "AP3 - M4R Deco Ethernet"

  switchport mode trunk

  switchport trunk native vlan 71

  switchport trunk allowed vlan 591

interface gi1/0/25

  description "Cascade to Ground Floor"

  switchport mode trunk

  switchport trunk allowed vlan 71

@jarbiscuit that's close.

On your cascade ports you would need to include both 71 and 591 as they both need to be able to use that trunk. Also any other vlan's you think will be needed. eg if the management interface for the switch is on vlan 70 for example you would also need to include that as well otherwise you would lose management connectivity to that switch if trying to connect from the ground floor.

eg;

switchport trunk allowed vlan 70-71,591

If you aren't sure what vlans you need and want them all then just exclude the allowed vlan statement and it will be;

interface gi1/0/25

  description "Cascade to Ground Floor"

  switchport mode trunk