No, the ER-5 is not "vlan aware". All three ports (eth2,3,4) will carry VLAN1 untagged / VLANs 2 & 3 tagged.
If the PCs are capable of handling VLANs, this'll work out okay. Otherwise, you'll need an intermediate switch to handle per-port VLAN assignments.
Moving the UAP to port1 would make it feasible, but "eth1 VLAN1" will be a separate network from "switch0 VLAN1", and you would need to route between those two networks. Really you don't lose any performance - the biggest hit would be the annoyance factor of making dlna / mdns / bonjour work between eth1 and switch0.