You will also need to look at your DHCP service provider, and make sure it has address ranges for all the subnets on the various VLANs you create. There are two or three common ways of doing this. One is by configuring a DHCP helper IP (sometimes called dhcp relay ip) in your layer3/layer4 router (where you defined the VLANs in the first place). Alternatively, you can have your DHCP server running on a system that you can pass all the VLANs to it and configure tagged virtual interfaces for each VLAN and setup a local IP on that interface for the DHCP server (this is what I did). Also be sure to properly configure VLAN specific default gateways/routes, DNS service, NTP/time server for each VLAN range (it is easier than it sounds, once you get your head around it).
As has been said above, if you are transitioning an existing configuration to one with VLANs, you first start by setting up and defining the VLANs. Next, go through setting up the routing, ACL, and firewall rules on the VLANs. This will take time and require a system that you can configure software defined tagged interfaces and connect that to a port on a switch that has all the VLANs configured on it (sometimes called a trunk port, as it "trunks" multiple VLANs onto a single physical interface). You can then go about testing through the virtual tagged interfaces using ping, web browsing, and/or ssh to the other tagged interfaces or to the internet (or from the "internet" if you created a VLAN for your internet side like I mentioned earlier) to see that all the rules you have created are properly functioning to isolate the various VLANs and only allow the communications you have defined.
Once you have tested the VLANs, routing rules, firewall rules, etc., you will want to setup your DHCP services for all the VLANs, and then you can use the same test device you previously setup for testing the VLAN routing rules, and firewall rules, and just configure the virtual tagged interfaces to attempt to obtain an IP address via DHCP instead of hard coding it like you would have needed to originally on each VLAN subnet. If it gets proper IP addresses, and functions, you are ready.
You can then start going through your devices and reconfiguring them. This will be a combination of tagging the port on the switch(es) that the device connects into with the appropriate VLAN ID(s) and reconfiguring the device itself to use a new IP on the new VLAN subnet (or if it is already set to DHCP, just update any static IP rules defined in DHCP for the device to the new subnet IP). I am using DD-WRT on a wireless access point to handle my DNS and DHCP and it has had no real problem with handling all my VLANs and VAPs (that is virtual access points, which is essentially a VLAN for wireless, and is how a guest wireless network is created, but I have WAPs for any VLAN that has wireless devices on it).
All of this needs to basically be done on the TP-Link router and switch using the interfaces they provide to you. I really can not tell you how to do that, as I do not own that kind of gear. My main network core switch is a Ruckus/Brocade IPX-6610, which runs FastIronOS (almost a clone of CISCO's IOS in terms of command line configure, but also has a web interface). This switch (and a few others in its family) have an extensive thread about them and how to configure/use over on servethehome forums:
NOTE #1: do not PM me with switch questions, they will be ignored - post them in this public thread, where hundreds of other members can also answer, and the answer will be public for future users NOTE #2 06-22-2023: Yes, this post is still up to date and nothing has changed: in fact judging by...
forums.servethehome.com