Hi
I would like read your opinion about following configuration
Which configuration (cfg) is correct?

Both cfg works but i read on mikrotik wiki "network cfg can works but it's not always the optimal cfg"

In the first cfg i dont use vlan-filering, it's just a vlan for each physical interface and then i put them inside a bridge

The advantage is i dont put the physical interfaces on a bridge, so a broadcast traffic can't pass through the router and other layer 2 services through vlan1 neither. Only the vlan 90 can pass

The second cfg i put the physical interfaces on a bridge but i used vlan-filtering. Only vlan 90 can pass through the router and i set the "admit only vlan tagged" on the bridge port's

So i would like read your opinions. Thanks

The correct configuration is whichever produces wanted results.

The (resource utilization wise) optimal configuration for most MT device models is the one with single bridge with vlan-filtering enabled. You didn't mention the model you're using so it may not be optimal after all.

I dont understand the diagrams but my short answer is YES.

But broadcast traffic from the vlan 90 is still going through for both configurations.

All in all I would go with option 2 as it scales better if the need arises for another vlan, and it will because you are already tagging vlan 90.
Also to eliminate the potential vlan 1 rogue broadcast properly configure your ports in the bridge

• enable vlan filtering on the bridge
• set correct pvid and frame type for the ports in the bridge and also enable ingress filtering here
• another reason to use the second configuration style is that depending on the mkt hardware you have a chance of hw vlan
  doing the first option almost guarantees everything happens on the cpu of the device.