I understand the concept of VLAN's, however, I'm not a network expert and need some recommendations on settings up VLAN's on my network. I have MR18 AP's, MS220 Switches and an UnTangle Core router. 

I want to set up the following VLAN's

Guest - used for guest device access to the internet only

IoT - used for IoT device access to each other and the internet

Internal - used for all other devices for access to each other internally and to the internet

I have configured three separate SSID's on the MR18's for each of the different devices to connect to (i.e. IoT devices connect to the IoT SSID, Guests to the Guest SSID etc 

Each port on my MS220 is configured as a trunk port. Each MR18 is configured in Bridge mode.

As I understand it, I need to enable VLAN tagging for each SSID on the MR18 AP"s and assign an appropriate VLAN tag e.g. 

SSID Guest - VLAN2

SSID IoT - VLAN3

SSID Internal - VLAN1

Since the MS220's are configured as trunk ports, then presumably the only other thing I need to do is configure the UnTangle Core Router to recognize VLAN tagged traffic and route appropriately. Is that correct?