It may sound stupid, but how do I mark VLANs that pass through Mikrotik box configured as bridge?
I can not understand what exactly do you mean. However, there is a problem about marking whatever traffic on bridge interfaces in 2.9.x versions 
.
You would do that in bridge firewall.
I propably asked question incorrectly. Let’s assume that I have a Mikrotik box with two interfaces configured as bridge. I want the traffic which is passing trough it to belong to certain VLAN. On a hardware switch it would be setting one port to VLAN ID 32 (for example) and other to trunk port. It is very simple thing, but I can’t find it in Mikrotik. 
Hmmm.. I may stand corrected, but configure the Bridge with the VLAN Interface, not the Ethernet Interface.
May you explain in a more detailed way? 
NETWORK → Ether1 (MT) VLAN Interface → NETWORK
Bridge acrross Ether1 and VLAN Interface.
Basically, you wont be able to bridge into a VLAN if the bridge is not part of the VLan, that’s what the ‘setting one port to VLAN ID 32’ does. So basically, create a VLAN Interface on the MT, join the correct VLAN ID and make sure that works. Then bridge your other Ethernet Interface and the newly created VLAN Interface together and pass the traffic.
Not tested, but it should work fine…
It is still not exactly that.
Please, consider following situation. We have 2 layer network which is connected to MT switch. In that network traffic is flawing without any VLAN tags because it is built not on “smart” switches. To go to another network segment, traffic needs to pass MT switch, which has 2 ports. I want traffic which goes through this MT bridge to start belonging to some VLAN. Am I clear enough?
Thank you for your help, I appreciate it so much.
Have you tried it?
I know what you’re talking about - MT should be able to do it like that. If it doesn’t work MT would need to look at it because it should strip the VLAN tag off the packet when it exits over Ethernet.
What you are configuring is basically standard Ethernet going into a VLAN Trunk on another Ethernet segment. MT should strip the VLAN Tag of packets exiting via Ethernet, and add the VLAN Tags for packets going into the trunk.
Your alternative if you don’t wish to try it and report back on it, would be to go and buy something like a Catalyst and configure a VLAN Trunk port.
–
C
Let’s assume that ether1 is interface connected to “internal” network, and ether2 is connected to “external” one, it means traffic going from ether1 to ether2 should start belonging to vlan, and traffic going from ether2 to ether1 should be stripped (vlan ids removed). To what interface should I add VLAN interface? After adding vlan interface, what interfaces should be bridged?
To the interface connected to the vlan obviously… ?
Ether1
- Internal Network
Ether2
VLAN Interface ID 10
VLAN Interface ID 40
VLAN Interface ID 100
Bridge between Ether1 and VLAN 40, traffic over the bridge will be part of VLAN 40 exiting on Ether2, and not be part of any VLAN on Ether1. For this to work the Interfaces that you bridge over, will be Ether1 and VLAN Interface ID 40
You must first create a Virtual Interface on the MT that is part of the VLAN, and then bridge that Virtual Interface to what ever Interface you want to pass into the VLAN… It can’t be that hard to understand?
–
C
Ok, I see. Now I understand it clearly, we will make some tests now. Thank you!