Afternoon, I am installing a CRS tomorrow, can someone just verify my config.

I need port 1 an 2 untagged on 2000 and tagged on 135 and 2002
Port 3 tagged for 135, 2000, 2002

Does the bridge need to be tagged on all vLans?

\

model = CRS309-1G-8S+

/interface ethernet
set [ find default-name=sfp-sfpplus1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,10000M-full
auto-negotiation=no l2mtu=1500 name=sfp-sfpplus1-LD5-R1 speed=10Gbps
set [ find default-name=sfp-sfpplus2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full
auto-negotiation=no l2mtu=1500 name=sfp-sfpplus2-LD5-R2 speed=10Gbps
set [ find default-name=sfp-sfpplus3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full
auto-negotiation=no l2mtu=1500 name=sfp-sfpplus3-SSE10GB speed=10Gbps
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus1-LD5-R1 pvid=2000
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus2-LD5-R2 pvid=2000
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus3-SSE10GB
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus4
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus5
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus6
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus7
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus8
/interface bridge vlan
add bridge=bridgeLocal tagged=sfp-sfpplus3-SSE10GB,bridgeLocal untagged=sfp-sfpplus1-LD5-R1,sfp-sfpplus2-LD5-R2 vlan-ids=
2000
add bridge=bridgeLocal tagged=sfp-sfpplus1-LD5-R1,bridgeLocal,sfp-sfpplus2-LD5-R2,sfp-sfpplus3-SSE10GB vlan-ids=222
add bridge=bridgeLocal tagged=sfp-sfpplus1-LD5-R1,bridgeLocal,sfp-sfpplus2-LD5-R2,sfp-sfpplus3-SSE10GB vlan-ids=2002

Thanks

There is no /interface bridge section to create the bridge.

Does the bridge need to be tagged on all vLans?

Only if you wish to access services on the Mikrotik itself from them, e.g. management access.

Not enough info to make any determinations worth discussion.
Please post config
/export hide-sensitive file=anynameyouwish

Also a network diagram is helpful to understand what is on the receiving end/functionality of the devices the vlans are headed towards.

Here is the fully config not much different.

I don’t have a diagram to hand but i just need need port 1 an 2 untagged on 2000 and tagged on 135 and 2002, Port 3 tagged for 135, 2000, 2002

\

model = CRS309-1G-8S+

serial number = BE140AB02200

/interface bridge
add admin-mac=74:4D:28:AD:A5:CB auto-mac=no comment=defconf name=bridgeLocal
/interface ethernet
set [ find default-name=sfp-sfpplus1 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,10000M-full auto-negotiation=no l2mtu=1500 name=sfp-sfpplus1-LD5-R1
speed=10Gbps
set [ find default-name=sfp-sfpplus2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full auto-negotiation=no l2mtu=1500 name=
sfp-sfpplus2-LD5-R2 speed=10Gbps
set [ find default-name=sfp-sfpplus3 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full auto-negotiation=no l2mtu=1500 name=
sfp-sfpplus3-SSE10GB speed=10Gbps
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus1-LD5-R1 pvid=2000
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus2-LD5-R2 pvid=2000
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus3-SSE10GB
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus4
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus5
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus6
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus7
add bridge=bridgeLocal comment=defconf interface=sfp-sfpplus8
/interface bridge vlan
add bridge=bridgeLocal tagged=sfp-sfpplus3-SSE10GB,bridgeLocal untagged=sfp-sfpplus1-LD5-R1,sfp-sfpplus2-LD5-R2 vlan-ids=2000
add bridge=bridgeLocal tagged=sfp-sfpplus1-LD5-R1,bridgeLocal,sfp-sfpplus2-LD5-R2,sfp-sfpplus3-SSE10GB vlan-ids=222
add bridge=bridgeLocal tagged=sfp-sfpplus1-LD5-R1,bridgeLocal,sfp-sfpplus2-LD5-R2,sfp-sfpplus3-SSE10GB vlan-ids=2002
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh address=172.16.97.0/24,172.16.90.0/24,192.168.5.0/24
set api disabled=yes
set winbox address=172.16.97.0/24,172.16.90.0/24,192.168.5.0/24
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/London
/system identity
set name=LD5_10G_Interconnect
/system ntp client
set enabled=yes server-dns-names=0.uk.pool.ntp.org,1.uk.pool.ntp.org
/system routerboard settings
set boot-os=router-os
[admin@LD5_10G_Interconnect] >

Nevertheless, it does show the important part which was missing in the OP.

vlan-filtering must be activated on the bridge so that VLAN tagging and untagging worked, and your /interface bridge section shows it is currently not. Yes, the name of the behaviour is a bit confusing, it controls more handling than just filtering.

The manual has more details.

Other than this, there is only a discrepancy between your text description:

and the configuration:
/interface bridge vlan
…
add bridge=bridgeLocal tagged=sfp-sfpplus1-LD5-R1,bridgeLocal,sfp-sfpplus2-LD5-R2,sfp-sfpplus3-SSE10GB vlan-ids=222

Geez Sindy, can you leave me the easy ones, and you take the ones that really need networking understanding