I’m missing out on something with the vlan setup. On a hAP AC running ROS 6.39.1 the goal is to use switching on port 3-5, while ports 1 and 2 are standalone. Port 5 is the master port. On port 4 and 5 I want tagged vlan1 and vlan2, while on port 3 I want vlan1 to be untagged. In my current config, port 4 and 5 is working as wanted, but port 3 is not. I think port 3 either rejects incoming untagged packets, or does not strip tag from packets. Is anyone able to see why port3 does not work as wanted?
/interface bridge
add comment=defconf name=bridge
add name=bridge-wlan
/interface ethernet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether5 ] comment="wlan kjokken" poe-out=off
set [ find default-name=ether3 ] master-port=ether5
set [ find default-name=ether4 ] comment="wlan oppe" master-port=ether5
/interface vlan
add interface=bridge-wlan name=vlan1 vlan-id=1
add interface=bridge-wlan name=vlan2 vlan-id=2
/interface ethernet switch port
set 2 default-vlan-id=1 vlan-header=always-strip vlan-mode=secure
set 3 vlan-mode=secure
set 4 vlan-mode=secure
/interface bridge port
add bridge=bridge comment=defconf interface=ether2-master
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge-wlan interface=ether5
/interface ethernet switch vlan
add independent-learning=yes ports=switch1-cpu,ether5,ether4,ether3 switch=\
switch1 vlan-id=1
add independent-learning=yes ports=switch1-cpu,ether5,ether4 switch=switch1 \
vlan-id=2