I plugged a device int port 8 of my RB5009 and for the love of all network I can’t make it be inside VLAN 30.
I thought simple setting PVID for port in /interface/bridge/port to 30 would do the trick, but it didn’t.
I feel I am missing something basic here, and I thank you in advance for restoring my sanity. I attached my config (sans firewall stuff to make it more readable).
rb5009.rsc (4.0 KB)
Your bridge lags vlan filtering:
/interface/bridge
set vlan-filtering=yes
Be aware that you could lock yourself out.
To prevend such a thing:
Relevant documentation:
Using RouterOS to VLAN your network - RouterOS / Useful user articles - MikroTik community forum
The twelve Rules of Mikrotik Club - RouterOS / Beginner Basics - MikroTik community forum
Oh, that could be it! I’ll make one port available for management, and test it. Thank you for your reply 
If you want more detailed instructions on removing a port, you can see this
But as long as you have not changed the pvid on the bridge-port you are working from, and have not changed the pvid on the bridge interface, then switching to vlan-aware mode (aka vlan-filtering=yes), then you should not lock yourself out when you make the change to vlan-filtering=yes.
What it will do is to turn the switch from "dumb mode" where the switch just ignores the value in the ethertype field in its forwarding descisions. Tagged in tagged out, untagged in untagged out. When you enable vlan-filtering, it fundamentally changes the behavior of the switch, and in vlan-aware mode if the port receives a frame with the ehtertype set to the TPID value (0x8100), the the switch knows this frame is special, and it will interpret the next 2 bytes to extract the vlan id and priority. See IEEE802.1Q for more details about tagged vs untagged ethernet frames.
When in vlan-aware mode the switch itself can add or remove tags on a per vlan per port basis.
Thanks for this useful info (and especially the setup article).
Actually, it’s not a switch, but a router. I don’t know if it makes sense, but I know hardware can be quite different.
What’s fun is that I am already using VLANs. 4 APs cAP ax’s are connected and VLAN setup is set up and enabled there. I am accessing the router via one of them. After I have set up APs I stopped since things just worked, and it never occurred to me to look at VLAN filtering on the router itself. So, if I enable it, I think nothing will change, but knowing my network savvy: things will probably break.
Since all ports are used, I’ll find some time over the weekend to free one and play with this 
/interface detect-internet
set detect-interface-list=all
Rule #5, JFYI:
The twelve Rules of Mikrotik Club
You have a strange configuration, you have no NAT nor firewall, though you have ether1 as WAN,I understand it is a temporary/experimenting setup, but from your configuration it is not entirely clear the role of the device, right now - excluded ether1 - it seems like operating as a (dumb) switch on the other ports.
Thanks, didn’t know about detect-internet !
On the other hand, router does have NAT and firewall, but I removed it from the export since it’s rather big and not at all relevant to my issue (which is VLAN everything coming from this port).
Now that I have set detect-internet to none Mikrotik mobile application doesn’t display nice Internet usage graph 
Then you can set it (instead of "all") limited to the port that actually has "internet" connected.
The problem with it is that in some cases, possibly more complex than yours with only one WAN, the "detect-internet" may wrongly believe that on a given port there is internet and silently change a few settings based on this mis-detection.
Thank you! I have set it to WAN list (which has only one port, appropriately) and I have graphs!
The RB5009 is a router, and that is it main purpose, but it has a dedicated switch chip built in, and all ports are connected to the switch, and the only way to get to the router is through the switch. See the block diagram for the RB5009.
So when you use the bridge, the Layer 2 switching fuctionality is offloaded to the Marvell 88E6393X chip, which is a quite capable L2 switch, which will offload all vlan operations when the vlan-filtering=yes mode is active.
So in your case, the 10Gb/s link between the CPU and the switch chip acts like a hybrid link between the interfaces that the router uses to the vlans that the switch uses.
For more info about the "different personalities of the bridge", see RouterOS bridge mysteries explained and Vlan-aware bridge mysteries
This thread may also be of interest, because it is RB5009 related Tutorial: Home VLAN configuration (RB5009, cAP ACs, multiple SSIDs)