Looking to add a guest vlan and iot vlan to my network setup which also requires vlan40 tagging for internet access

One bridge, no dchp by bridge, if you have a house subnet, simply use a vlan for that as well. Do not use vlan-id=1

Now for best of luck and trouble free its best to take one port off the bridge and do all the configuration from there ( the last step being turning bridge vlan filtering on ).
How to:

Notes:

  1. FIRST STEP add Offbridge settings, and do all vlan configuration from this safe spot. ( using port 9). Recommend this for all devices…
  2. added Management Interface List entity
    3 Removed duplicate IP Pool
  3. Assume 3 vlans, one is management vlan (all devices get IP address on this vlan) / Trusted VLAN (like home users) / Guest or IOT Vlan
  4. Since RB4011 has two groupings of ports, put the first five ports together same bridge, moved WAN port to 6.
  5. Normally for PPPOE one does NOT use ip dhcp client OR an ip address for WAN.
  6. Changed ppoe peer dns server to NO. Reason it appears you want users to go via 1.1.1.1 and not ISP..

STEP1:
To work on vlans as it can get sticky when applying vlans or trying to change from default to your steup, its best to do so from a safe spot. Saves much grief!
So use an off bridge port for the configuration and also as an emerg access port on the device at any time… or revert back to normal bridge port for any specific purpose using vlans.

Associated config entries ( remove ETHER5 from the bridge in /interface bridge port settings) :
/interface ethernet
set [ find default-name=ether5] name=OffBridge5
/ip address
add address=192.168.77.1/30 interface=OffBridge5 network=192.168.77.0 comment=“Offbridge and Emerg access”
/interface list member
add interface=OffBridge5=MGMT ( if you have a separate base or management vlan }
add interface=OffBridge5 list=LAN


Note: to access the router simply plug your device into port 5 and configure your PC/laptop with IPV4 settings of 192.168.77.2 and via username and password you should have access.