Other devices without a built-in switch chip - It is possible to do VLAN filtering using the CPU, there are multiple ways to do it, but it is highly recommended by using bridge VLAN filtering.
Can some explain why this “highly recommended” method is better than my original also is there any disadvantages of using the new method!
The illustration of how you’re doing VLANs is pretty incomplete so it’s hard to tell how exactly you’re doing it.
However: when configuring VLANs in software, it is possible to either use single VLAN-aware bridge (it is similar to single managed switch) or to use several bridges, one per VLAN (which is similar to using multiple dumb switches). IMHO single bridge config is shorter and easier to read, possibly it also performs slightly better (when tagged frame ingresses vlan-aware bridge and egresses it tagged as well, no tagging/untagging is done; with “one bridge per VLAN” frames are aways untagged on ingress and tagged on egress). I can’t think of any benefit of using “one bridge per VLAN” …
Additionally: CRS3xx switches offload single bridge setup to underlying hardware.
If you stick to switch chip VLAN configuration, then you simply add all ether ports to same bridge. This bridge then acts as a dumb switch and switch chip settings take care of proper port/VLAN memberships. Just to make sure that even bridge fi]interface[/i] only receives VLANs that matter, be careful when configuring fi]switch1-cpu[/i] interface VLAN settings. It should be tagged member of those VLANs and not member of any other.
BTW, if VLANs are properly done (either on switch chip or in software), then most of times port isolation is not needed.
On the CPU side of the bridge (that’s bridge interface) you only create VLAN interfaces for those VLANs where your switch/router has to interact (e.g. management access to the switch, IP interface for routing or DHCP service). E.g. if you’re configuring device as a switch which on L2 interconnects several VLANs, you only need one vlan interface and that is for management. Other VLANs are only passed between ethernet interfaces and vlan interface is not needed (actually it’s better not to have one, less of a chance that something hacks switch via usual VLANs). OTOH router will probably have vlan interfaces for all VLANs because it’s supposed to route traffic between VLANs (and towards internet).
The recommendation mentioned in OP is about devices without switch chips, and for those linked document doesn’t really apply.
That isn’t necessarily the wrong way of doing it, in fact prior to VLAN-aware bridges being introduced it was the standard method if not using the switch chip. There are, however, a number of pitfalls as documented https://wiki.mikrotik.com/wiki/Manual:Layer2_misconfiguration