Hello,

I have network, with is divided between company LAN and guest LAN via separated bridges on MT RB2011UiAS device (with has 5 GBit and 5 100MBit ports, one bridge is on gigabit, second on 100Mbit). Company network is wirred only, guest 99% on Unifi APs. Now I need to connect one device, with is far from company wires, but close to guest infrastructure.

On route are 3 devices, before it reach router, where these 2 network met. I set tag 66 (mostly I will talk about VLAN66 in my schemas), created VLAN on unifi and set it for 2 AP, where device will connect, on route there are 2 MikroTik switches (CRS112-8P and CRS328-24P), on CRS112-8P I set "VLAN port" for SPF interface, with comunicates with next switch and on 2 ethernet devices, where AP are connected, these 3 interfaces are in separate bridge. On CRS328 SPF from previous interfaces had VLAN port and ether2 port I set as VLAN. Created bridge between these 2 ports, ether2 I removed from default bridge, because on ether2 there should be only VLAN comunication, nothing else. This switch is connected on ether1 to my router (RB2011 as I mentioned) via 100MBit to ether6 port on router (that 100MBit is purpose, I want guest limited). Ether2 should be connected to port 5 (need GBit), with is company network (VLAN added to that bridge).

When I tested this, I had comunication from device, with I wanted to connect, BUT when I wanted to connect my laptop after testing (or switch on any other computer in company network), Windows says, I have no connection (but admiting, that wire is plugged). In company network I have static IP. Strange is, that computers, with were already connected before I pluged VLAN to router, they have absolutely no problem with network work, until I restarted one device for testing purpose and that device then lost connection.

I know, that probably problem is that 2 wires between router and first switch, but I need to have guest network limited and I don't want limit device, with needs to use VLAN (all routes in guest network are gigabit), but there should be no loop, when on last switch one ether only accepting guest network and other only VLAN.

So I'm missing some setting and I can't find, with one. Do you have any ideas.

In attachment screenshots frou WinBox and Schema

One bridge, all vlans, no bridge doing dhcp. The only time something is untagged is when going to a dumb device.
viewtopic.php?t=143620

The only exception may be the bassackwards unifi devices which expect managment subnet untagged by default and data vlans tagged instead of all tagged.
Thus on the switch to the unifis create a hybrid port to the unifis.