I am trying to wrap my head around the subject.

Are VLANS only required when you need to trunk between two or more network devices (i.e. share networks across multiple switches/routers)?

I guess another way of asking this question is: Do I need to use VLANs if I have only one switch and I need to create and use multiple networks on that one switch? Could I not just use bridge ports?

When would I want to use one over the other?

Bridges use processor for forwarding traffic. VLAN's can be cofigured with switch-chip,and in this scenario are fester than using bridges. But vlans can be configured also with cpu too (slower througput)

For your purpose (usually most cases) using switch-chip is better. Bridges are simple to understand, but IMO it's EVIL)!
Sometimes, when you have no switch-chip (some CCRs), or using caps-man, or want to see traffic and use firewall - you just need them.

So the rule of thumb is always use vlans where possible even if there is only one network device involved. Vlans perform better.

Next question: When do you make an exception? When do you use bridges?

Sent from my SM-G920I using Tapatalk

Next question: When do you make an exception? When do you use bridges?

I've answered you in the previous post: no switchc-chip, capsman, firewall rules in forwarding traffic, etc.

@czolo

I'm sorry. I'm having a very hard time understanding how this all works.

So I get it, VLANs use a switch chip, bridges use the CPU; VLANs make better use of the hardware.

Let's use an exact scenario:
Let's say I want to split a 24 ports CRS into two VLANs.
VLAN1 (Ports 1 thru 12) - DepartmentA
VLAN2 (Ports 13 thru 24) - DepartmentB

Lets say all of my routing, DHCP, firewall (smart stuff) are done on actual routers. In this case, two routers, each connecting to a VLAN.

That would be:
Router1 -> Switch1 (VLAN1) Port 1
Router2 -> Switch1 (VLAN2) Port 13

***I have no intention of creating a trunk port between to physical network devices, just simple split my one physical switch into two logical switches.

How would you accomplish this?

Just use master-port feature. In CRS you can configure more than one group of ports.
VLAN1 (Ports 1 thru 12) - master port 1
VLAN2 (Ports 13 thru 24) - master port 13

But remember that you can use also the same CRS like a router.

If I'm reading the documentation correctly, it seems I lose whatever port I choose as the master port.

In the above example, I lose two ports. Is this the case?

Sent from my SM-G920I using Tapatalk

If I'm reading the documentation correctly, it seems I lose whatever port I choose as the master port.

In the above example, I lose two ports. Is this the case?

Sent from my SM-G920I using Tapatalk

No, you don't lose the master ports. In fact, if you're using the routing functions of the same device, you're actually saving a port. The master port is the "link" between the switch interfaces and the router. In simple terms, you put IP addresses, firewall rules, queues, dhcp server settings, hotspot, etc - all of these IP-related things - you put them on the master interface. The slave interfaces are what you "lose" from the router's perspective. Whatever configurations you put on the master port also apply to all of the slave ports of that master port.

If I'm reading the documentation correctly, it seems I lose whatever port I choose as the master port.

This is just a misunderstanding from the way it is described in the documentation. Maybe a revision of that description is in order, since it is misleading.
I had the same doubts when I first read the documents, and that text it hasn't changed for years.
Just the quote from the wiki:

A 'master' port will be the port through which the RouterOS will communicate to all ports in the group. Interfaces for which the 'master' port is specified become inactive - no traffic is received on them and no traffic can be sent out.

It should read something like:

The 'master' port becomes a name placeholder for the whole port group through which RouterOS communicates with all ports in that group. Slave ports of that groups can not be directly accessed by RouterOS, except for attaching VLAN interfaces to a slave port.
(On some specific models like the CRS series, more advanced switch chip functions are available in the Switch menu)

Clarity. Thanks!

Sent from my SM-G920I using Tapatalk

I like to think of the "port" not as the physical interface that I plug a cable into, but rather as an addressable part of the logic board. Remember, even "switch1-cpu" is considered a port. MikroTik's description tripped me up a lot when I first started with RouterOS, but you'll get the hang of it eventually.