That’s funny. I had not seen @anav’s latest post, when I just posted. it wasn’t what I quoted. I quoted post #13.
But I think my answer d matched his question.
BTW, @sindy’s excellent RouterOS bridge mysteries explained post has the following:
However, I think the following section
In particular:
- parameters bearing the same names as those on the /interface bridge port rows, such as pvid or ingress-filtering, are parameters of the router-facing port of the virtual switch
- parameters bearing the same names as those on the /interface ethernet rows, such as mtu or arp-timeout, are parameters of the switch-facing interface of the router
- parameters that don’t fit to any of the two groups above are mostly parameters of the virtual switch; an exception are the admin-mac and auto-mac parameters, which are also parameters of the switch-facing interface of the router.
should be changed to:
In particular:
- parameters bearing the same names as those on the /interface bridge port rows, such as pvid, ingress-filtering or frame-types, are parameters of the external ports of the virtual switch and apply to ingress traffic entering the virtual switch from external devices.
- parameters bearing a vlan-ids=<vlan #> /interface bridge vlan rows, such as tagged=<interface(s)> or untagged=<interface(s)>, are parameters of either the the external ports of the virtual switch or to the router-facing port of the virtual switch and apply to egress traffic leaving the virtual switch to external devices or to the Router. Note that all traffic from the switch to the router (the bridge interface) must be tagged, with the exception being the pvid of the bridge interface itself with is untagged.
- parameters on the bridge definition line i.e the /interface bridge row, such as pvid, ingress-filtering or frame-types, are parameters of the router-facing port of the virtual switch and apply to ingress to the switch entity from the CPU port of the router.
- parameters bearing the same names as those on the /interface ethernet rows, such as mtu or arp-timeout, are parameters of the switch-facing interface of the router
- parameters that don’t fit to any of the two groups above are mostly parameters of the virtual switch; an exception are the admin-mac and auto-mac parameters, which are also parameters of the switch-facing interface of the router.
And perhaps the “switch ports” on the right side of the graphic should be changed to blue
