Bridging two SFP ports with VLANs enabled

Hey

Both my mind and google failed

Topology:
I have a CCR2116 that functions as a main gateway in my company and is connected to my ISP using an fiber SFP module. The fiber is configured with 2 parallel VLANS - primary and secondary (used as backup in case of DDoS). On the sfp1 interface I have an vlan interface configured and an public IP bound to it - everything works up to this moment.
Problem:
Now I need to configure a second device parallel to this one. I have 6 public IPs and the second device is connected by a DAC cable to the sfp3 interface on my mikrotik. I created a bridge, turned on vlan filtering, added both sfp ports to it and added the primary vlan to it as tagged on both ports. The new device cannot connect to the web using the next available IP. Tried to add an plain ethernet port to the bridge - same result.

Help

When your bridge has no VLAN filtering, it will just pass all VLANs.
When you have enabled VLAN filtering, you need to add the VLANs you want to bridge and configure them to have the proper ports as tagged members.

Solved!

The problem was elsewhere.
After joining sfp1 and sfp3 with the bridge I moved the vlan interfaces from sfp1 to bridge and it started working.
Seems that if you have an active vlan interface on bridge slave the trafic will_not get passed to the other bridge slaves.

As I wrote, that depends on the “VLAN filtering” capability of the bridge.
But indeed when you want to pass VLAN traffic into the router (vs between the ports) you need to configure the VLAN subinterface on the bridge.