Well, i had some trouble maybe a month ago with a Dlink managed Switch and Vlans, a week ago i had some trouble with the “new” Unifi Controller. First time the managed was just replaced with a Dummy Switch, that made stuff easy, lol! 
thanks to @Andy_Wismer gave me some light in this matter.
For this network i didnt had this option, but all worked well, i will start with the NethServer side.
Started by Creating a Blue Network for Guests.
I did use the green network NIC to create this VLAN
TAG 20, just dont use 0 or 1.
I used 10.1.10.x but you can use whatever you want as long as is diferent than your green network.
Ex.: 172.16.1.x or 192.168.100.x or 10.1.1.x…
Go to DHCP option and enable it for your new VLAN:
DNS you can use your own preference, i like the google and opendns ones…
For the NethServer that will do… easy as that!
Now for the Switch part, in this client i had a HPE 1920S 48P…
2 Ubiquiti AP UAC LR in ports 18/19 and my NethServer in port 48.
Well, this Switch is a piece… lol, first of all you need to create a strong password to it, or else nothing will work! haha, i know i know (duh, you would leave the switch unprotected? No, of course not but for testing i usually dont use a strong password).
So yes… change default password or add one new
Then you should enter the VLAN part:
There you enter “Configuration” and create a new VLAN with the same ID than you created in your NethServer, that means in my case, 20…
After that join “Port Membership” and select VLAN ID 20 (Or whatever you created…) DO NOT change anything to VLAN 1
Select ports where your AP is connected and your NethServer, in my case (18,19 and 48)
Select Include then TAGGED and hit APPLY.
Now select the Port Configuration, select all ports and disable ingress filtering:
Your port configuration should look something like this:
With ports 18,19 and 48 VLAN 1 Untagged and VLAN 20 as Tagged.
Thats what you should do in your Switch, if it is a managed one, in a dummy nothing should and can be done lol
Now for the fun part!
The UnifiController. It has changed a lot since the last time i worked with them, so i had a hard time about VLANS…Acess the settings, (use classic view), create a new network, use the name you want, i used “visita” thats Guests in portuguese!
use “VLAN” only and set your vlan ID to the ID you created in NethServer. Dont use anything else, dont use as “guests” or corporate, it will just dont work.
It will end up like this:
Now acess the Wireless Networks tab, create a new wireless network with whatever the name you want, use the security you want, mark Guests Policy or not, but in the network tab use the new created network, in my case “visita”:
After that it should be working fine… even if it shows like this here, no “vLan”, that is just a UI bug from this new controller.
Now yall have fun correcting me, saying what i did wrong or useless configs… whahaha!