Hi all.
I need some help on setting up VLAN’s on a RB2011.
What I want to achieve:
Let the RB2011 act as a switch (wire speed where possible).
SFP1 is uplink to out firewall, needs to be trunk port (native vlan 1, vlan 100 and vlan202)
Port 1-8 need to be access port in VLAN 202, Port 9 access port in VLAN100 and Port 10 a trunk port connecting to another switch.
I’ve been struggling for a while and the more I read the more I become confused 
Could anyone provide some configuration snippets?
Help would be highly appreciated!
Thanks in advance,
Christian
You will need to put at least ports SFP1, ether2 and ether6 in a bridge (can use bridge-local for that)
as the RB2011 has 2 switches and the SFP1 is separate from that.
You can set ether1 master port to ether2.
To configure switchports as access ports on a VLAN use:
/interface ethernet switch port
set 4 default-vlan-id=202 vlan-header=always-strip vlan-mode=secure
etc (for all ports)
Thanks for your reply.
And how to configure the trunks?
Did try that already with
/interface ethernet switch port
but did not get it to work 
Right now I have the following configuration:
# jun/05/2016 07:41:43 by RouterOS 6.20
# software id = HNN6-5J2A
#
/interface bridge
add name=bridge
add name=bridge-vlan100
add name=bridge-vlan202
add name=switchlink
/interface vlan
add [b]interface[/b]=ether5 l2mtu=1594 name=ether5-vlan100 [b]vlan-id[/b]=100
add [b]interface[/b]=ether5 l2mtu=1594 name=ether5-vlan202 [b]vlan-id[/b]=202
add [b]interface[/b]=sfp1 l2mtu=1594 name=sfp1-vlan100 [b]vlan-id[/b]=100
add [b]interface[/b]=sfp1 l2mtu=1594 name=sfp1-vlan202 [b]vlan-id[/b]=202
/port
set 0 name=serial0
/system logging action
set 2 remember=yes
/interface bridge port
add [b]bridge[/b]=bridge-vlan100 [b]interface[/b]=ether7
add [b]bridge[/b]=bridge-vlan202 [b]interface[/b]=ether3
add [b]bridge[/b]=bridge-vlan202 [b]interface[/b]=ether2
add [b]bridge[/b]=bridge-vlan202 [b]interface[/b]=ether4
add [b]bridge[/b]=bridge-vlan202 [b]interface[/b]=ether5
add [b]bridge[/b]=bridge-vlan100 [b]interface[/b]=sfp1-vlan100
add [b]bridge[/b]=bridge-vlan202 [b]interface[/b]=sfp1-vlan202
add [b]bridge[/b]=switchlink [b]interface[/b]=ether6
add [b]bridge[/b]=switchlink [b]interface[/b]=sfp1
/ip address
add [b]address[/b]=192.168.202.2/24 [b]interface[/b]=sfp1-vlan202 network=192.168.202.0
add [b]address[/b]=192.168.100.2/24 [b]interface[/b]=sfp1-vlan100 network=192.168.100.0
/ip dns
set allow-remote-requests=yes servers=192.168.202.10
/ip route
add distance=1 dst-address=46.4.28.205/32 gateway=192.168.202.1
add distance=1 dst-address=178.63.64.14/32 gateway=192.168.202.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set winbox disabled=yes
set api-ssl disabled=yes
/ip upnp
set allow-disable-external-interface=no
/system clock
set time-zone-name=Europe/Berlin
/system ntp client
set enabled=yes primary-ntp=178.63.64.14 secondary-ntp=46.4.28.205
/system routerboard settings
set boot-device=nand-only
What is the difference in these two ways of configuring?
Also here not sure if the trunk (port5) is configured correctly.
Thanks!!!