Hello. I have ring topology of my network.
All RBD52G-5HacD2HnD has to the same configuration.
All CRS328-24P-4S+ has to the same configuration.
Streamers generate up to 190mbps traffic. I have selected VLAN for multicast traffic. All bridges on RBD52G-5HacD2HnD and CRS328-24P-4S+ IGMP Snooping.
I have a strange situation - on part of the ports from the switch to the routers, I get normal traffic for the channel requested by the TV set-top box (about 6 Mbit).
On the other part of the ports, the entire multicast stream from streamers goes to the routers.
I need to get to the router only the stream of the group that the prefix on the router port requests. Below are the configs of switches and routers.
How can I achieve this?


config RBD52G-5HacD2HnD (RoS 6.48.2)

/interface bridge
add add-dhcp-option82=yes dhcp-snooping=yes igmp-snooping=yes name=bridge-mgmt vlan-filtering=yes
/interface wireless
# managed by CAPsMAN
# channel: 2412/20/gn(14dBm), SSID: work, CAPsMAN forwarding
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode ssid=MikroTik station-roaming=enabled
# managed by CAPsMAN
# channel: 5785/20-eC/ac(16dBm), SSID: work, CAPsMAN forwarding
set [ find default-name=wlan2 ] adaptive-noise-immunity=ap-and-client-mode ssid=MikroTik station-roaming=enabled
/interface vlan
add interface=bridge-mgmt name=vlan10-mgmt vlan-id=10
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge-mgmt interface=ether1 trusted=yes
add bridge=bridge-mgmt interface=ether2 pvid=30
add bridge=bridge-mgmt interface=ether3 pvid=60
add bridge=bridge-mgmt interface=ether4 pvid=70
add bridge=bridge-mgmt interface=ether5 pvid=70
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge-mgmt comment=mgmt tagged=ether1,bridge-mgmt vlan-ids=10
add bridge=bridge-mgmt comment=lan tagged=ether1 vlan-ids=20
add bridge=bridge-mgmt comment=voip tagged=ether1 vlan-ids=30
add bridge=bridge-mgmt comment=video tagged=ether1 vlan-ids=40
add bridge=bridge-mgmt comment=audio tagged=ether1 vlan-ids=50
add bridge=bridge-mgmt comment=tv tagged=ether1 vlan-ids=60
add bridge=bridge-mgmt comment=guest tagged=ether1 vlan-ids=70
add bridge=bridge-mgmt comment=staff tagged=ether1 vlan-ids=80
add bridge=bridge-mgmt comment=arendator tagged=ether1 vlan-ids=90
/interface wireless cap
#
set discovery-interfaces=vlan10-mgmt enabled=yes interfaces=wlan1,wlan2
/ip dhcp-client
add disabled=no interface=vlan10-mgmt
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=AP_10.10_hAPac^2
/system routerboard settings
set auto-upgrade=yes
/tool romon
set enabled=yes



config CRS328-24P-4S+ (RoS 6.48.2)

/interface bridge
add add-dhcp-option82=yes dhcp-snooping=yes igmp-snooping=yes name=bridge-mgmt vlan-filtering=yes
/interface vlan
add interface=bridge-mgmt name=vlan10-mgmt vlan-id=10
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/interface bridge port
add bridge=bridge-mgmt interface=sfp-sfpplus1 trusted=yes
add bridge=bridge-mgmt interface=sfp-sfpplus2 trusted=yes
add bridge=bridge-mgmt interface=sfp-sfpplus3 trusted=yes
add bridge=bridge-mgmt interface=sfp-sfpplus4 trusted=yes
add bridge=bridge-mgmt interface=ether1 pvid=40
add bridge=bridge-mgmt interface=ether2 pvid=40
add bridge=bridge-mgmt interface=ether3 pvid=40
add bridge=bridge-mgmt interface=ether4 trusted=yes
add bridge=bridge-mgmt interface=ether5 trusted=yes
add bridge=bridge-mgmt interface=ether6 pvid=60
add bridge=bridge-mgmt interface=ether7 pvid=30
add bridge=bridge-mgmt interface=ether8 trusted=yes
add bridge=bridge-mgmt interface=ether9 pvid=60
add bridge=bridge-mgmt interface=ether10 pvid=30
add bridge=bridge-mgmt interface=ether11 trusted=yes
add bridge=bridge-mgmt interface=ether12 pvid=60
add bridge=bridge-mgmt interface=ether13 pvid=30
add bridge=bridge-mgmt interface=ether14 trusted=yes
add bridge=bridge-mgmt interface=ether15 trusted=yes
add bridge=bridge-mgmt interface=ether16 trusted=yes
add bridge=bridge-mgmt interface=ether17 trusted=yes
add bridge=bridge-mgmt interface=ether18 trusted=yes
add bridge=bridge-mgmt interface=ether19 trusted=yes
add bridge=bridge-mgmt interface=ether20 trusted=yes
add bridge=bridge-mgmt interface=ether21 pvid=60
add bridge=bridge-mgmt interface=ether22 pvid=30
add bridge=bridge-mgmt interface=ether23 pvid=40
add bridge=bridge-mgmt interface=ether24 pvid=40
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge-mgmt comment=mgmt tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,bridge-mgmt,ether4,ether5,ether8,ether11,ether14,ether15,ether16,ether17,ether18,ether19,ether20 vlan-ids=10
add bridge=bridge-mgmt comment=lan tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether4,ether5,ether8,ether11,ether14,ether15,ether16,ether17,ether18,ether19,ether20 vlan-ids=20
add bridge=bridge-mgmt comment=voip tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether4,ether5,ether8,ether11,ether14,ether15,ether16,ether17,ether18,ether19,ether20 vlan-ids=30
add bridge=bridge-mgmt comment=video tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether4,ether5,ether8,ether11,ether14,ether15,ether16,ether17,ether18,ether19,ether20 vlan-ids=40
add bridge=bridge-mgmt comment=audio tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether4,ether5,ether8,ether11,ether14,ether15,ether16,ether17,ether18,ether19,ether20 vlan-ids=50
add bridge=bridge-mgmt comment=tv tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether4,ether5,ether8,ether11,ether14,ether15,ether16,ether17,ether18,ether19,ether20 vlan-ids=60
add bridge=bridge-mgmt comment=guest tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether4,ether5,ether8,ether11,ether14,ether15,ether16,ether17,ether18,ether19,ether20 vlan-ids=70
add bridge=bridge-mgmt comment=staff tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether4,ether5,ether8,ether11,ether14,ether15,ether16,ether17,ether18,ether19,ether20 vlan-ids=80
add bridge=bridge-mgmt comment=arendator tagged=sfp-sfpplus1,sfp-sfpplus2,sfp-sfpplus3,sfp-sfpplus4,ether4,ether5,ether8,ether11,ether14,ether15,ether16,ether17,ether18,ether19,ether20 vlan-ids=90
/ip dhcp-client
add disabled=no interface=vlan10-mgmt
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=S10.1_CRS328-24P-4S+
/system routerboard settings
set auto-upgrade=yes boot-os=router-os
/tool romon
set enabled=yes

That behavior is covered in the second paragraph of the introduction section here.

All enabling IGMP snooping does is makes the switch aware that there's a multicast stream going between the ports. The next question is, what do you want to do about each stream? Under the stock configuration, the CRS won't guess, in the name of broadest compatibility; you have to tell it.

For IPTV, you probably want to disable multicast flood-by-default (first paragraph, same link) so a port has to explicitly ask for a stream before it will start flowing, and you also want to start an IGMP querier on one of your devices so abandoned streams get pinched off.

Having done this, you may then want to be sure all the other IGMP services are still working. Did you break mDNS, for example?

Incidentally, I suspect you should turn off the "trusted" flags on those apparently-unused bridge interfaces, the ones without VLAN tags, since you're using DHCP snooping. If I understand your configuration properly, you should have only one trusted interface: the one going up toward the hAP ac².