Hello.

I've got a CRS125-24G-1S for SOHO needs. Basically it will operate as L2 access switch for 2 small separate networks (VLANS) which should be isolated from each other and a server with 2 different VMs as gateways. Those 2 VLANs should be completely separated and doesn't requires inter-communication (at least if it will, it will be done inside gateways, L7 filtered, not with the swich).
I would like to know what are the best practice to setup those. I prefer security>reliability>performance.
Server has 2 NICs, each internally attached to its own VM. I know I could do the 802.11ad bonding of the ports and setup a tagged VLAN trunk on that bonding. But I don't really need more than 1 Gbps on each port, so the only reason to do this is to improve reliability in case of link failure. But it will also make things a little more complex and probably insecure with wrong setup.
The other option I see here is to have each of the ports in its own untagged PVID.
Also I'm kinda trying to get that master-slave port thing. At the default my CRS was setup with ether1 as master and all other ports as slaves for ether1. Do I need to put all them to masters or two groups of master-slave for each VLAN?

Since you only need two seperated switches I wouldn't make it to complex (VLAN's on a CRS is still a nightmare for me).

Just define two groups of ports, each with their own master switch port... that's all you need.