CRS112 VLANs on switch chip configuration.

RouterOS Beginner Basics
1

Hi!
I got a problem with configuring CRS112 so it’s doing hardware offloading on switch chip instead of CPU.

The scheme is as follows (please excuse my design capabilities :smiley: ):

And here is what I got now and it is not working as intended:

/interface bridge
add admin-mac=DC:2C:6E:21:2D:E0 auto-mac=no comment=defconf name=bridge
add name=bridge-sw
/interface vlan
add interface=bridge-sw name=MGMT vlan-id=20
/interface list
add name=list-uplink
add name=list-LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge-sw interface=ether3
add bridge=bridge-sw interface=ether5
add bridge=bridge-sw interface=ether6
add bridge=bridge-sw interface=ether8
/interface ethernet switch egress-vlan-tag
add tagged-ports=switch1-cpu,ether8 vlan-id=20
add tagged-ports=ether5,ether6,ether8 vlan-id=40
/interface ethernet switch ingress-vlan-translation
add customer-vid=0 new-customer-vid=40 ports=ether3
add customer-vid=0 new-customer-vid=20 ports=ether5,ether6
/interface ethernet switch vlan
add ports=ether5,ether6,ether8 vlan-id=20
add ports=ether3,ether5,ether6,ether8 vlan-id=40
/interface list member
add interface=ether2 list=list-LAN
add interface=ether3 list=list-LAN
add interface=ether4 list=list-LAN
add interface=ether5 list=list-LAN
add interface=ether6 list=list-LAN
add interface=ether7 list=list-LAN
add interface=ether8 list=list-uplink
add interface=ether1 list=list-LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=192.168.88.0
add address=172.29.12.1/24 interface=MGMT network=172.29.12.0
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=CRS112

The concept is working with bridge vlans but as it uses CPU the performance is not great ~150mbps makes CPU ~100%.
After I apply the new configuration the communication between APs and controller is gone.

So my question is: is my CRS112 configuration correct? If not - what am I missing?