but it does not tell you that the PVID setting is acting on ingress and egress. This caused, at least to me, some confusion due to how WinBox shows tagged/untagged in the Bridge VLAN overview, as described here Why is there “Current Tag” & “Current Untagged” in each VLAN.
At least that solved my mystery (still need to post that in the other topic).
As a beginner, I would love to see this mentioned somewhere. I’m open to suggestion on how to structure the rule-set otherwise :).
p.s reading now through RouterOS bridge mysteries explained what hopefully clarifies some question raised in Bridge VLAN Filter : not possible to use tagged traffic with VLAN ID = 1 - MikroTik and helps me to get my Management VLAN eventually running