I was reading the example here about IGMP and VLANs Source : https://help.mikrotik.com/docs/pages/vi ... nwithVLANs

According to the example the Querier can only send untagged IGMP queries...
So what would happen instead if VLAN 10 was tagged as well and sfp-plus1 was a Trunk port for VLAN10 ?

I'm guessing: bridge interface is used as IGMP querier. If bridge interface has PVID set (by default it's PVID=1), then IGMP queries will be sent to VLAN ID 1. If the rest of L2 configuration doesn't mention VLAN 1, then those queries will be discarded by bridge the switch-like entity due to lack of egress ports. If bridge interface has frame-types=admit-only-vlan-tagged (so that untagged is really cut off bridge interface), then those queries will be discarded by bridge interface (actually bridge vlan filtering code).
So basically it doesn't matter if VLAN 10 is tagged on inter-switch connection or switch-PC ports, it only matters if bridge interface is untagged member of said VLAN or not (and by default it's not).

Which means that according to my thinking (explained above) IGMP snooping in the case from illustration above would actually not work because no magic would tell ROS to direct IGMP queries to VLAN10 ... from bridge point of view VLAN10 and VLAN20 are no different apart from the fact that some bridge ports are untagged members of VLAN 10 while none are untagged members of VLAN 20 ... and bridge interface is untagged member of neither (it has default setting of PVID=1 which makes bridge untagged member of VLAN 1).

@mkx i agree with you...
That is why i don't really understand why it is implemented like that ...

I 've done some implementations with IGMP snooping without use of untagged traffic for the IGMP queries and to be honest i 've not seen any problems ...
According to the Wiki untagged traffic should be used for the queries... But the example is also confusing since Bridge is not member of VLAN10 as you said as well, so queries will be sent with VLAN id 1 that will be dropped on egress on all other ports...

I think the IGMP snooping implementation for the Mikrotik switches is a bit confusing using bridges. We have several CRS3xx switches in use. Has anyone ever set up a vlan based IGMP snooping which means vlan 10 has snooping on and vlan 20 off? It seems to be possible with swos but I havenˋt seen a routeros implementation so far…

After talking with the Support Team i resolved all my questions and everything is now clear...

First of all, the multicast-Querier feature is not VLAN aware, meaning that a Bridge ( supposing we also have VLANs configured ) with IGMP snooping enabled and multicast-Querier=yes will always send untagged General Membership Queries. No matter what the VLAN configuration is or if frame-types=admit-only-vlan-tagged is configured on the Bridge and/or on any of its ports, the IGMP queries will still be sent untagged. So, VLAN configuration is ignored on the Multicast Querier (as far as IGMP is concerned ), and the Queries will be sent Untagged !

It then depends on the switch connected to the Multicast Querier, if those membership queries will get forwarded as Tagged or Untagged.
The Bridge with multicast-queries=yes is considered as External Querier for the rest of the Switches with IGMP Snooping enabled. We can see that on 6.49 when monitoring the Bridge through Terminal.

So in the Manuals example, the Multicast Querier sends untagged Queries, those untagged General Membership Queries are received from Bridge2 and they are added to VLAN10. So those Membership queries belong to VLAN10 and they will be forwarded to any device on that specific VLAN only.

I want to do the same as the example, but I have clients on switch 2 that need to be tagged to vlan 10. The client will do the tagging, so the ports need to pass tagged vlan 10. I know how to make a port tagged instead of untagged on vlan 10 on vlan filtering on the bridge, but is there anything different that needs to be done with multicast and IGMP snooping to make this work?