I'm newbie with MikRotik and does not know some specifick tricks. Please advise me.
I have MikRotik CCR1036. I have bonded interfaces ether5-ether8 with bond name UPLINK (to some upstream router) and sfp1+sfp2 as DOWNLINK (to my LAN)
Uplink interface have white public IP and accessible from Internet.
Now I want to separate LAN data traffic and management-only traffic.
I have create two VLANs in interfaces. (VLAN_MGMT - VLAN ID: 100, ip: 10.10.0.242/24, VLAN_DATA - VLAN ID 4000, ip 10.250.1.1/24)
All works as expected - I can manipulate with UPLINK, DOWNLINK and VLAN_XXX interfaces in firewall rules etc.
I have stuck at the next point.
As per my understanding (from Mikrotik WiKi) - I need a bridge for vlan filtering.
I have create bridge1 and add ports UPLINK and DOWNLINK to the bridge.
And now I can not operate with firewall because only bridge1 allowed as input and output interface in firewall rules because of UPLINK and DOWNLINK are the slaves.
When I'm going wrong?