I am trying to rebuild my network. I have an APU 4C4 with OpnSense 25.7: igb0 is LAN, igb1 is WAN, and igb{2,3} is LAGG/LACP 'lagg0_downstream'. This goes to a Cisco Switch SG200-8, where g7,8 is configured as LAG chan1 'lagg0_upstream'. All other ports on the SG200-8 are trunk or default. My dumb Openwrt Unify AP is connected to this.
In addition, I have configured VLAN 10,20,30 (User, Guest, IoT) on the OpnSense with their own networks, which are placed on lagg0. The LAN cable also goes to the SG-200.
Now to the question: I want to put the VLAN and the LAN itself untagged on the LAGG, but so far I haven't been able to do it without locking myself out. The LAN and the 3 VLANs should then go to the Unifi AP on the switch. The other ports on the SG200 would then serve as access ports. I would use the LAN igb0 port that would then be free for the DMZ. Would that make sense, or should I also put the DMZ in VLAN?