Another data point.
AX86U router and a second AX86U as node, both running merlin 386.4. Directly connected Ethernet backhaul (no switches) on 2.5gbps ports. Guest network 1 @ 2.4ghz with IoT devices connecting just fine on both router and node and getting 101.x IP addresses.
I have experienced the issue of failing to connect to the guest network and get an IP (unless the allow intranet access was enabled) on some prior alpha (386.2 alpha 2) version and concluded the iptables entries had been hosed by one of those earlier firmware builds and was blocking the dhcp flow. There was a fix for broken firewall rules in 386.2 beta 2, so after updating I ended up completely resetting and re-configuring the router and node and guest network with intranet access disabled worked again.
Some comments on the topic here: http://www.snbforums.com/threads/new-ax86u-node-and-iot-devices.71002/post-671422. Notice this also occurred on my AC5300 that I was in the process of replacing with AX86U's so was not device specific but rather firmware.
Figured out how to fix this (again) today. RT-AX86U main and RT-AC86U node.
The 2.5G ports break something with the guest network and INTRANET DISABLED, they lose internet access. If you backhaul on the regular port the issue resolves. Guest network devices can connect to internet with INTRANET DISABLED.
This post: https://www.snbforums.com/threads/rt-ac68p-fios-wan-dropouts-on-386-x.73214/post-727742
Clued me in that it might be port and vlan related. As I didn't have this issue with a AC86U (merlin) as the main router and an AC88U (stock) as a node. (I had to use stock on node as merlin there had this issue, at that point anyway)
I think whatever VLAN options Asus implements via GUI that was at some point fixed for nodes hasn't made its way to the 2.5G port yet.