Something bugged me about your config but it was late last night and I was tired.
THe issue that I see is that
a. you associated the vlan to the bridge
b. you have the bridge giving out DHCP
c. you have the vlan getting DCHP separately
So thats a conflict.
If you had tied the vlan to a specific interface like ether2 or 3 or 4 etc, then it would work.
If you need the vlan to run over several ports then, keeping it on the bridge makes sense.
However if its on the bridge then you would need some bridge port settings to show the vlan possibly and definitely some bridge vlan settings.
When you say managed switch for tagged and untagged traffic do you mean there is an additonal switch in the mix??
What i did in my house is use only vlans, so lets say vlan10 is my homelan , then the bridge is not saddled with dhcp or anything else. Makes it cleaner in my mind.
For example…
/ip dhcp-server
add address-pool=dhcp disabled=no interface=VLAN10 name=homepool
add address-pool=dhcp_pool disabled=no interface=VLAN20 name=dhcp2
/ip address
add address=192.168.4.1/24 comment=defconf interface=vlan10 network=
192.168.4.0
add address=10.0.20.1/24 interface=VLAN20 network=10.0.20.0
++++++++++++++++++++++++++++++++++++++++++
This is a MUST read article for vlans on home routers.
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
However, it is possible not to use vlans and just use subnets and it depends on the complexity of your setup.
If you have multiple ports requireing vlans, then the vlan route is probably better. If you have a VLAN on only one port then either way works.
For example (subnet solution)
subnet A on bridge for etherports 2,3,4
subnet B NOT on bridge using etherport 5
In my house
I have 10 subnets that have to go through 2 ports…
Vlans is the obvious setup.