KB Article "How to bridge wireless AP to VLAN": Question about needed Interfaces/VLANs and their configuration

I followed this guide: https://community.sophos.com/kb/en-us/132518

to create several WLAN networks.

We have a Sophos UTM SG210/9.702-1 with AP55C access points.


Why do I need a non-VLAN interface for "Bridge to VLAN" ?

Does that mean that I must configure my switch with an untagged VLAN and tagged VLANS (2, 15, 20 and 30) at the same time for a port?

What exactly means "VLAN trunk interface" in this case, how exactly looks the switch configurartion?

I see on the UTM config there is a normal (untagged) interface ("Bride to VLAN) and 4 tagged VLANS on the same physical interface and I think that's a bit crazy?!

In general I only can(should?) use one VLAN interface type per switchport.(or not?) What I mean is, that I use either one Vlan UNTAGGED or several TAGGED Vlans at one switch port.


In the moment I configured just three VLAN Interfaces and no "Brigde to VLAN" and on my switch I configured there 3 VLANS as TAGGED on every Port which is connected to an acces point or the UTM. It works with 3 SSIDs but first it was difficult to make the APs recive the config. I tried different VLAN settings on the switch and after a while the APs get their config. I think this struggle is because I skipped some steps of the guide. Now I want to do the best practice AND want to understand every single task.