Vlan on Hex device

Scoured the internet 3 days on this.

I literally just want to setup a vlan on a single port on my Hex router.

Diagram as follow

Modem -----------RD750GR3

Port 1 off router = WAN
Port 2 = Switch
Port 5 = Port i want a vlan of 500, from what i understand this is a vlan access port where all traffic is automatically given a vlan tag.

I see 3 different vlan option.

Do i make an interface vlan and attach it to Ethr5
Do i make a new bridge and give it a PVID of 500 and attach the port and also give it a tag of 500?
Do i separate the port in the switch and give it a vlan tag?

Do i do all 4 of these?

none of this is clear on the wiki.

All of it really depends on what you want to do with VLAN 500.

I just want any traffic on port 5 to get a vlan tag of 500.

I also want my DHCP to assign addresses based on that VLAN tag as well.

No luck in implementing it though.

If ether5 won’t be used for switching traffic (tagged or not) to any other port (or wireless or …), then make sure it’s not member of any bridge. Create vlan interface on top of it with VLAN ID set to 500. Then use this vlan interface for L3 uses (IP address, DHCP server with its own settings such as address pool, DNS servers, …).
Router will route between VLAN 500 interface and other interfaces with own IP address (either statically set or dynamically obtained) unless firewall rules prevent it.

So keep the ethernet 5 interface,

Make a vlan on it,

then remove the port from all bridges?

That should be all it takes besides assigning address and DHCP to the new vlan interface?

Create the vlan assigned to the port that you need and create the DHCP to the vlan interface (not to the physical).

That’s all.

nah doesn’t work.

I literally removed eth5 from the bridge.

I simple create a new vlan interface on eth 5.

I assign the addresses and the dhcp server to the vlan interface on eth5,

It just gives no ip address whatsoever.

Here is an example to study.

# RouterOS 6.43
# Router with VLAN

# Create a bridge to manage all desired VLANs. You could use one bridge for everything.
# However, if you don't have the hardware support, it will be switched via CPU.
/interface bridge
add name=bridge-LAN protocol-mode=none vlan-filtering=no

# Setup ingress. Choose ports to go on the bridge. 
# The pvid specifies which VLAN untagged ingress traffic is assigned.
/interface bridge port
add bridge=bridge-LAN interface=ether1
add bridge=bridge-LAN interface=ether2
add bridge=bridge-LAN interface=ether3
add bridge=bridge-LAN interface=ether4
add bridge=bridge-LAN interface=ether5 pvid=500

# Setup egress
/interface bridge vlan
add bridge=bridge-LAN tagged=bridge-LAN,ether5 vlan-ids=500

# Create a Guest VLAN interface to allow routing on it
/interface vlan
add interface=bridge-LAN name=vLAN500 vlan-id=500

# Assign IP Address to VLAN interface
/ip address
add interface=vLAN500 address=10.0.0.1/24

# Setup DHCP on VLAN interface
/ip pool add name=pool-vLAN500 ranges=10.0.0.2-10.0.0.254
/ip dhcp-server add address-pool=pool-vLAN500 interface=vLAN500 name=dhcp-vLAN500 disabled=no
/ip dhcp-server network add address=10.0.0.0/24 dns-server=9.9.9.9 domain=guest.lan gateway=10.0.0.1

# Allow VLAN Internet access but not to LAN
/ip firewall filter
add chain=forward action=accept connection-state=new in-interface=vLAN500 out-interface=ether1 comment="Allow VLAN"

# Enable the VLAN
/interface bridge set bridge-LAN vlan-filtering=yes

Note that after you configure ether5 as I outlined, packets coming out of ether5 will be VLAN tagged. Most (if not all) LAN devices (including PCs with any OS, APs, servers, …) will expect non-VLAN ethernet and things will just not play together. Either you have to configure whatever is on the other side of ether5 port to use tagged VLAN or you have to reconsider your intentions. I asked about your intentions and you didn’t really answer so it’s hard to comment your problems.