Interesting. I think the issue with the Trunk mode setting on the Asus (from a quick look at the documentation) is that it only passes tagged traffic so if the pvid on the switch trunk port is set to 1 then switch management traffic will be untagged and dropped by the router. This also assumes that the router is tagging its default LAN VLAN as 1 which I’m not entirely sure of from what I could find in the documentation..

MikroTik, pfSense, OPNsense will definitely have much better VLAN support and allow configuration of firewall rules between the VLANs. I’m personally using a couple of MikroTik RB5009s which have been great routers with pretty much any feature you would ever need.