Hi,
First off I’m going to make some presumptions about your environment since you haven’t specified model numbers or OS versions. Your diagram #2 shows some weird addressing, that doesn’t match with the config given, again I’ll presume it’s a typo.
When attempting to do what you want from a router, bridging VLAN’s together is a bit different when you want to trunk them. There’s no need on the router to use the bridge for just trunking unless you have spanning tree requirements or other layer 2 needs. The switch will handle the trunk and all the “magic” happens there. All of this is only good for ROS 6.40.X, in the next ROS there are MAJOR changes to this functionality and will require using bridging on the switch. If you are currently using bridging on the switch for this, you will be using the switch CPU INSTEAD of the switching chip, which is faster and designed to work with VLAN trunks. See this wiki for more info: https://wiki.mikrotik.com/wiki/Manual:CRS_examples
In the current stable ROS 6.40.x, to accomplish what you want create your VLAN’s on their interfaces this will form your “TRUNK” on ether1 of your router.
Note: that if your main interface has no addressing on it the default VLAN 1 is still part of the trunk, there is just no layer 3 config for it.
If you are planning on managing the switch “in-band” then you’ll need to untag one of your trunk VLANs on the switch so it can get an ip address.
/interface vlan
add interface=ether1 name=vlan4 vlan-id=4
add interface=ether1 name=vlan5 vlan-id=5
add interface=ether1 name=vlan10 vlan-id=10
Add your addressing on those VLAN’s
/ip address
add address=192.168.2.2/24 interface=vlan10 network=192.168.2.0
add address=192.168.4.2/24 interface=vlan4 network=192.168.4.0
add address=192.168.5.2/24 interface=vlan5 network=192.168.5.0
Do any additional routing / NATing etc.
Plug ether1 into your switch, I never use the master port as an uplink port for various reasons, that choice is up to you.
If your switch is at default configuration then the master port is ether1, regardless which ever port you plug the router into will be your “egress port” for VLAN switching.
Time for the switch to do it’s magic. (BTW, there is not port 0 (zero) so I’m using port 2 for vlan 4)
First create the vlan’s with their port assignments, on the port you plugged the router into (let’s just say it was port 24) and all the access ports you will have in that vlan on the switch.
/interface ethernet switch vlan
add ports=ether24,ether2 vlan-id=4 learn=yes
add ports=ether24,ether4 vlan-id=10 learn=yes
add ports=ether24,ether5 vlan-id=5 learn=yes
Now create the “access” ports where your devices will plug into.
/interface ethernet switch ingress-vlan-translation
add ports=ether2 customer-vid=0 new-customer-vid=4 sa-learning=yes
add ports=ether4 customer-vid=0 new-customer-vid=10 sa-learning=yes
add ports=ether5 customer-vid=0 new-customer-vid=5 sa-learning=yes
Now you need to configure the egress tagging on the port you plugged the router into. (let’s just say it was port 24)
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether24 vlan-id=4
add tagged-ports=ether24 vlan-id=5
add tagged-ports=ether24 vlan-id=10
This configuration is a standard build for access ports on a switch.
For managing the switch in-band: (I’m not sure which VLAN you want to use for the, let’s just say 4 and you can change it later)
The simplest thing to do is create a VLAN on the switch that the SWOS/ROS will use for management, on the MASTER port!
Again, I’m presuming a default config here, change if required.
/interface vlan
add interface=ether1-master name=equipment-vlan vlan-id=4
If you’re using DHCP then:
/ip dhcp-client
add disabled=no interface=equipment-vlan
If you’re using static addresses then
/ip address
add address=192.168.2.x/24 interface=equipment-vlan network=192.168.2.0
I hope this helps you out.
Cheers,
Icosa