I'm trying to formulate some rules for VLANS on Mikrotik. My hope is that if they were followed anyone could build VLANs on MT to do what they want. There seems to be a lot of confusion about how MT performs VLANing... me included some days.

This is assuming you are using ROS and not switch functions to Tag. Please correct me if I'm wrong.

1] VLAN Tags are added on Egress
2] Put a single VLAN ON a physical Interface to add that VLAN Tag to the packet as it leaves the router through that interface
3] Put VLANs _ON_ (Not IN) a Bridge Interface, and add Physical Interfaces IN that Bridge Interface to Trunk those VLANs through those physical Interfaces
4] Put a VLAN _IN_ (Not ON) a Bridge Interface to make that VLAN locally accessible via the IP you put _ON_ that same Bridge Interface
5] Put a VLAN and a Physical Interface _IN_ a Bridge to make that Physical Interface a member of that VLAN that will add VLAN Tag inbound as would be used for a PC to access a particular VLAN.
6] Do Not put VLANs ON Bridge Interfaces AND IN that same Bridge Interface
7] Do Not put IP Addresses ON Physical Interfaces that have VLANS on them
8] Do Not put IP Address ON the VLANs themselves
9] Do not put IP addresses ON Bridge Interfaces that have _Multiple_ VLANs ON them

Input appreciated...
Z

I'm trying to formulate some rules for VLANS on Mikrotik. My hope is that if they were followed anyone could build VLANs on MT to do what they want. There seems to be a lot of confusion about how MT performs VLANing... me included some days.

This is assuming you are using ROS and not switch functions to Tag. Please correct me if I'm wrong.

1] VLAN Tags are added on Egress
2] Put a single VLAN ON a physical Interface to add that VLAN Tag to the packet as it leaves the router through that interface
3] Put VLANs _ON_ (Not IN) a Bridge Interface, and add Physical Interfaces IN that Bridge Interface to Trunk those VLANs through those physical Interfaces
4] Put a VLAN _IN_ (Not ON) a Bridge Interface to make that VLAN locally accessible via the IP you put _ON_ that same Bridge Interface
5] Put a VLAN and a Physical Interface _IN_ a Bridge to make that Physical Interface a member of that VLAN that will add VLAN Tag inbound as would be used for a PC to access a particular VLAN.
6] Do Not put VLANs ON Bridge Interfaces AND IN that same Bridge Interface
7] Do Not put IP Addresses ON Physical Interfaces that have VLANS on them
8] Do Not put IP Address ON the VLANs themselves
9] Do not put IP addresses ON Bridge Interfaces that have _Multiple_ VLANs ON them

Input appreciated...
Z

Lots of the rules aren't hard rules... it just depends on what your trying to do.

I'm not sure what you mean by Hard rules ? There are some basic things that you must do and some that you cannot/should not do. I'm trying to find the most basic set of rules for anyone trying to configure VLANs on MT to enable them to do it with the least amount of confusion.