I cannot get bridge VLANs to work (RB5009)

I have a RB5009 (RB5009UG+S+) and a wAP ac (RBwAPG-5HacD2HnD) and I am trying to set up some simple VLANs.
I have read every peace of documentation I can find and watched tons of videos online, and I think I am doing what I am supposed to do, but I fail to get it to work. Can someone give me some pointers on what I am doing wrong?

On the wAP I have set up a single WLAN interface (just for testing, I will have more later) that should be going to VLAN ID 61. When I use the packet sniffer I can see the packets and they leave thru ether1 as they are supposed to. But when I do the same packet sniff on the RB5009 side I cannot see the packets on the incoming interface (ether3). I can see some other packets belonging to the management VLAN (ID 2) but not much else. However, if I turn off VLAN filtering then I see all packets and the communication is working. But I need VLAN filtering turned on for all the VLAN capabilities to work (right?). I have also tried to add some bridge log filters to see what happens to the traffic there is nothing in the log, not even things for the management traffic. If I do the same on the wAP I see the traffic, so perhaps this is a bug in the RB5009.
What do you think? Do you have any idea on what I am doing wrong?

Packet capture from wAP (DHCP request on the WLAN):

Packet capture from RB5009 (Nothing…):

Versions used:
RB5009: 7.1rc4
wAP ac: 6.49

See this listing for my config:

/interface bridge
add admin-mac=2C:C8:1B:FF:9C:CA auto-mac=no ingress-filtering=no name=bridge priority=0 protocol-mode=mstp pvid=2 \
    vlan-filtering=yes
/interface bridge port
add bridge=bridge ingress-filtering=no interface=ether1
add bridge=bridge ingress-filtering=no interface=ether2 pvid=2
add bridge=bridge ingress-filtering=no interface=ether3 pvid=2
add bridge=bridge ingress-filtering=no interface=ether4
add bridge=bridge ingress-filtering=no interface=ether5
add bridge=bridge ingress-filtering=no interface=ether6
add bridge=bridge ingress-filtering=no interface=ether7
add bridge=bridge ingress-filtering=no interface=sfp-sfpplus1
/interface bridge vlan
add bridge=bridge tagged=ether1,ether3,bridge untagged=ether2 vlan-ids=2
add bridge=bridge tagged=ether1 vlan-ids=3
add bridge=bridge tagged=ether1 vlan-ids=20
add bridge=bridge tagged=ether1 vlan-ids=21
add bridge=bridge tagged=ether3,ether1 vlan-ids=41
add bridge=bridge tagged=ether3 vlan-ids=61
add bridge=bridge tagged=ether3 vlan-ids=62
add bridge=bridge tagged=ether3 vlan-ids=4
add bridge=bridge tagged=ether3 vlan-ids=5
add bridge=bridge tagged=ether3 vlan-ids=6

/interface ethernet
set [ find default-name=ether1 ] comment="2.5G Server Trunk"
set [ find default-name=ether2 ] comment="Management Access"
set [ find default-name=ether3 ] comment="WLAN AP"
set [ find default-name=ether4 ] comment="Office LAN"
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] comment=WAN
set [ find default-name=sfp-sfpplus1 ] disabled=yes

/interface vlan
add comment="Management LAN" interface=bridge name=vlan2 vlan-id=2
add comment="Public Servers" interface=bridge name=vlan3 vlan-id=3
add comment="Security VLAN" interface=bridge name=vlan4 vlan-id=4
add comment=Printers interface=bridge name=vlan5 vlan-id=5
add comment="Office Server" interface=bridge name=vlan20 vlan-id=20
add comment="Application Backend" interface=bridge name=vlan21 vlan-id=21
add comment="Office VPNs" interface=bridge name=vlan30 vlan-id=30
add comment="Office LAN" interface=bridge name=vlan40 vlan-id=40
add comment="Office WLAN" interface=bridge name=vlan41 vlan-id=41
add comment="Testing LAN" interface=bridge name=vlan50 vlan-id=50
add comment="Guest WLAN" interface=bridge name=vlan61 vlan-id=61
add comment="PLL WLAN" interface=bridge name=vlan62 vlan-id=62

/ip address
add address=10.10.2.1/24 interface=bridge network=10.10.2.0
add address=10.10.3.1/24 interface=vlan3 network=10.10.3.0
add address=10.10.4.1/24 interface=vlan4 network=10.10.4.0
add address=10.10.5.1/24 interface=vlan5 network=10.10.5.0
add address=10.10.20.1/24 interface=vlan20 network=10.10.20.0
add address=10.10.21.1/24 interface=vlan21 network=10.10.21.0
add address=10.10.30.1/24 interface=vlan30 network=10.10.30.0
add address=10.10.40.1/24 interface=vlan40 network=10.10.40.0
add address=10.10.41.1/24 interface=vlan41 network=10.10.41.0
add address=10.10.50.1/24 interface=vlan50 network=10.10.50.0
add address=10.10.61.1/24 interface=vlan61 network=10.10.61.0
add address=10.10.62.1/24 interface=vlan62 network=10.10.62.0

There is a mismatch between tagged and untagged settings on ports and bridge membership, and you do not have a link between the bridge and CPU for all but one of the VLANs.

Most third-party blogs/wikis/videos are outdated, suboptimal or just wrong - stick to the Mikrotik help/wiki pages and the forum. See http://forum.mikrotik.com/t/routeros-bridge-mysteries-explained/147832/1 regarding the bridge architecture and http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1 for general VLAN setup.

Than you for your reply! It helped! I added the bridge as a tagged member for all VLANs and now it works! The answer seems so obvious now that you say it, but I have been trying for days to understand the issue. I feel a bit stupid now Anyway, thanks!