I was the one not paying proper attention then. Sorry. Anyhow: all interactions with the vlans will happen through the bridge, so don’t add a vlan on ether4 either.
If you’re talking about the one you created on ether4, then yes, delete that. It won’t be needed.
As to dynamic entries: Mikrotik’s system tries to be helpful (it actually is), by adding entries that are implied by other configuration. As you go along configuring everything correctly, the dynamic entries will either disappear or line up with your configuration. Disregard them - they will change as you go along. In the end all will turn out fine.
For access ports, the devices on the other side are not aware of vlans, they only handle the traffic untagged. Their traffic is tagged/untagged when entering/leaving the router. Think of it like this: a simple naïve PC is connected: it has no idea about vlans. If the port it’s connected to is an access port to vlan 10, that means that the traffic received from it will appear in the router as tagged to vlan 10. The traffic that is sent it is also tagged in your router with vlan 10, but the tag is removed before it is sent to the PC. Therefore an access port only provides access to exactly one vlan.
Trunk ports are when you want to inter-connect vlan-aware devices. Usually several vlans are sent over a trunk port, and the tag travels with them: that’s what separates the traffic belonging to the different vlans.
That sounds like a fine configuration.
Disregard the switch chip thing. The whole point of doing the configuration in such a round-about way on Mikrotiks is that the configuration remains the same whether it is done is software or offloaded to the switch chip. If an appropriate switch chip is present, offloading is automatic and happens in the background - you don’t have to do anything differently.
After you have added your vlans (both) in bridge->vlan, the next step is setting up the access ports. This is done in the bridge->port part of the config. It happens thus:
/interface bridge port set X pvid=10 ingress-filtering=yes frame-types=admit-only-untagged-and-priority-tagged
and similarly for the other ports. The pvid specifies to which vlan they are access ports to. You should see dynamic vlan entries appear corresponding to the pvid values specified as you go along.