Will add comments as a I read through ti.
- Recommend you do not use VLAN1, 1 is used as a default in many devices and its best not to use it for any functional primary vlan purposes.
- Do not put VLAN IDs in the wifi rules. The wifi rules are for wifi parameters only, vlan identification is using Vlan bridge filtering and bridge port settings
- Your entire Bridge Vlan structure is hosed.
Best to read through this reference:
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
Basically the bridge port settings are to indicate Ingress and bridge vlan settings to indicate egress
access ports on ingress are assigned a pvid and one adds frame-types=admit-only-untagged-and-priority-tagged
trunk ports on ingress only require usually to add frame-types=admit-only-vlan-tagged
The bridgevlan settings are tricky so read and give it your best shot, and when done I will have a look.
(this bridge frame settings for vlans themselves never seen before)