(that does seem like a strange UI decision to put the advanced options under a “?” which generally denotes “help” or additional “info”.
You will get used to this pretty quick as you configure your network. The more interesting and/or advanced features are usually found through links in the ? bubbles. I find myself clicking them whenever I see one, looking for more features.
Both the VLANs have “Inter VLAN routing” turned off which I assumed would not let them see outside of their own VLAN
With Inter VLAN routing turned off for a given VLAN, any client devices on that network will only be able see other devices on that network and the gateway (aka internet).
and that the Layer 2 Isolation would not let them see other devices within the VLAN.
If the SOHO’s AP is the only physical AP on your network, then client devices on that SSID will not be able to see each other.
The goal is that all the devices on a VLAN have complete isolation (they can’t see each other inside their own VLAN and can’t see outside of the VLAN)
Again assuming the SOHO AP is the only physical AP on your network, your configuration should A) isolate wireless clients from each other and B) isolate clients on VLAN2 and VLAN3 from the other two networks (Untagged and VLANx).
the home network can see everything inside its network.
I also have the switch set up like this with the trunk being the home server.
You will probably need to set LAN Port 1 to Access and Untagged LAN rather than Trunk and Any. If your server’s IP is 192.168.0.x and you are not running VMs with IPs in VLAN2 or VLAN3, there really is no need to trunk traffic to that port. Moreso, the NIC may not even support 802.1Q tags and/or be configured for such, so you couldn’t even send tagged traffic if you wanted to. With an IP in the Untagged VLAN (192.168.0.x) and Inter VLAN routing enabled, you will be able to communicate with properly configured devices on VLAN2 and VLAN3 from the server.