I have a CCR2004-1G-12S+2XS. I am going to use this in my lab to connect all my Mikrotik devices via fiber SFP+ modules. I have 109 Mikrotik devices to connect on seperate vlans to individual SFP+ ports on the CCR. I assume I will need to setup 10 VLANS, 1 per port. Port 11 will be spare and port 12 will be my fiber connection from my ISP. I will use the Management port for out of band management.

Can anyone help me get started with the proper setup of all the VLANS? This is a new adventure on my part so I don't have a config to post yet.

Here is my equipment list.

CCR2004-1G-2s+2XS
BRIDGE PORTS 1 through 11
SFP+1       VLAN 100          CSS318-16G Switch 1    176.100.10.1/24
SFP+2       VLAN 200          CSS318-16G Switch 2    10.10.20.1/24
SFP+3       VLAN 300          Phone Sys          172.16.30.1/24
SFP+4       VLAN 400          CRS 317-1G-16S+RM    225.40.40.1/24
SFP+5       VLAN 500          CSS810-8P-2S+RM       125.50.50.1/24
SFP+6       VLAN 600        CRS326-24G-2S+RM   125125.60.60.1/24
SFP+7       VLAN 700          CSS326-24G-2S+RM      125.70.70.1/24
SFP+8       VLAN 800          RB3011-UI-AS-RM       125.80.80.1/24
SFP+9       VLAN 900          HAP ax3 Wireless        125.90.90.1/24
SFP+10      VLAN 1000         CSS326-24G-2S+ RM      125.100.100.1/24
SFP+11      VLAN 1100         SPARE                 125.110.110.1/24
SFP+12      WAN              Static Address     192.168.1.100
ETH 1                         Management Port   10.0.0.99/27
SFP+28 Ports 1&2 Not Used at This Time

The device doesn't have a switch chip so using bridge based VLANs will end up going through the CPU.

I'm open to correction on this but I think it's probably best not to bridge any ports at all and instead assign an IP address relevant to each port. That is to say L3 routing only and no VLANs on the CCR.

For example SFP+1 with IP address 176.100.10.1/24 is connected to a port on a switch that is tagged for VLAN 100 and so on. SFP+2 with IP 10.10.20.1/24 is connected to a switch port that is tagged for VLAN 200 and so on for the others.

Your CCR is just a router and doesn't need to be configured for tagging and can do what it was designed for and just route.

As @elobob2002 said, it's not clear why you want vlans. Your description is that all devices connected though any specific SFP will all be using the same subnet, and no two CCR SFP ports will have the same subnet, so no need for a bridge either.

I wouldn't have used @elobob2002's terminology for the switch connection, I would have used "access port for vlan X".

But there other "oddities" in the proposal, for example "I assume I will need to setup 10 VLANS, 1 per port". Also it isn't clear how you are going to connect the hAP ax3 to the SPF+ with a fiber connection. "connect all my Mikrotik devices via fiber SFP+ modules. I have 109 Mikrotik devices to connect on seperate vlans"

There isn't much point in making suggestions until you understand what you really want to do. But for a non-vendor specific description of what vlans are and when they are a good solution, see Virtual Local Area Networks (VLANs) by Ed Harmoush.

A good network diagram will help planning as well....

Thanks to you all. I am going to just apply seperate IP addresses to each port and elimate the bridge thought. I will design a network per ANAV. As I tried to state this is a task that I have taken on because I have all this Mikrotik equipment and would like to see if I can accomplish this.
I will post a network design as soon as I get the bugs worked out. This is why I love the forum for eye opening answers.

Here is the Port assignment for my CCR setup. I am just starting the configuration of the CCR. I hope I get the Addresses setup correctly using VLANS.

Are you stating that there is no port with more than one vlan going through it???
At a minimum there should be two vlans per port if all are trunk ports going to smart devices, one being the management vlan which all smart devices should get their IP address from.

Would one just assign addresses to each port with a DNS server for each address or use VLANS for each port?

OK, I have decided to start over from scratch on my new CCR. This is my personal goal that I have set for myself, I intend to use all my new Mikrotik equipment in a strictly lab application. My configuration will start with this idea.I would like to know if I need to set addresses on each SFP+ ports or add VLANS along with the addresses. This is where I am confused.
Any pointers will be appreciated. I don't want anyone to think I am looking for configuration by anyone else. I am just trying to educate myself on Mikrotik configurations.
I will post a total network drawing for my lab setup. Thank you all for any help for my task. I am very hopefull to get the needed pointers from the tallented members of this group.

Why do you want vlans? There is no need, there is never a duplication of any subnet over a single port?
In reality, every device would be on a managed vlan, so every device would have at least two vlans coming in a trunk port.

Suggest you look at basic videos and read this article.
viewtopic.php?t=143620
https://www.youtube.com/watch?v=YLtGQAQ ... 4JAYcqIYzv

Why do you want vlans? There is no need, there is never a duplication of any subnet over a single port?
In reality, every device would be on a managed vlan, so every device would have at least two vlans coming in a trunk port.

Suggest you look at basic videos and read this article.
viewtopic.php?t=143620
https://www.youtube.com/watch?v=YLtGQAQ ... 4JAYcqIYzv

This is where my confusion starts. You state that there needs to be two vlan management trunks assigned tto each port, Is this correct?[end quote]

No I said,
a. if you only have one vlan per port then you dont really need vlans.
b. also since this is a lab environment then you dont need any security.
c. if you are trying to practice for real world setups then it would be nutso to have to manage 10 or more devices (config them) using all the different subnets.
much easier to managed each device via single trusted interface, that of the management vlan and thus you would need at least two vlans per etherport,
one being the managment vlan and one being the traffic vlan you want going to the switch or next device.
All the devices get their IP address from the management vlan.

Observation: You also dont really need all those managed switches since they are one flat network per switch and you could do it more cheaply with unmanaged switches but understand this is a lab playground.

Thank you for the clarification. I am going to work on a method to use the equipment I have on hand and see how it turns out. I knew that I could depend on this forum to help me get pointed in the right direction.