@GThiesen
First of all: Thank you for your quick reply.
I'm not really sure that I understand your answer so I'm going to describe my network topology and switch config, then apply what I think is your suggestion.
let's say I currently have 3 VLANS: 20 for management devices, 30 for devices not allowed to manage stuff and 40 for IOT stuff hanging around. I used to have three different WIFI networks with the same VLAN tags. The AP is connected via a managed switch to the rest of the network. The VLAN id's are also configured on the wired network. The switch used to be configured to send tagged network traffic to the AP. Because I had management VLAN of the old AP set to 20, devices in that VLAN could manage the AP.
What I think you are saying is that the AP just needs internet connection for management. There is no web interface so the AP being in the same VLAN as the management devices is not necessary. I can follow you here.
However, the AP needs an IP address. There is no DHCP server listening on VLAN1, so I need the AP set to VLAN 20 or set the PVID of the switch port to 20 to allow the AP to get an IP-address. This PVID setting however, also means that the VLAN 20 traffic will be *untagged* on egress of the switch. Given the fact that I have devices on the VLAN 20 WIFI, how are wired devices able to communicatie with the WIFI devices. They cannot. I therefore have to turn off the VLAN ID of the management WIFI as well. Correct ?
Another option would be to create yet another DHCP server to allow the AP to get an IP address without a PVID on the switch port, but this would require me to also reconfigure the router to allow traffic from that range to reach internet. Correct ?
I am a bit confused as it took me some time the have the iPhone app discover the AP after connecting it as my network topology did not allow it to get an IP-address (see my tagged 20,30 and 40 remark combined with not having a DHCP server listening on VLAN1).