Hello everyone I am knew to Mikrotik and a newbie at networking. I have a CRS326-24G-2S-RM. From what I've seen normally the vlan is created by router then you send it to switches via trunk port and then access it from switch ports. I want to create a vlan and access it from the same switch CRS326.
The CRS326 sits behind a Verizon router with no support for vlans. The goal is to isolate some computers from the rest of LAN and put them on their own vlan, and still have internet access.
Thank You.

Start from reading this.

If you want to isolate some computers from the rest of the network, putting them to their dedicated VLAN is a good first step. You can also configure the switch in such a way that these computers would not be able to communicate directly to each other.

But to make them access the internet, they also have to be in their own IP subnet, and something must provide routing between this subnet and the internet. Since you say the ISP router doesn't support VLANs, it probably also doesn't support multiple LAN side subnets. So the routing will have to be done on your CRS. And you may even have to configure NAT there unless the ISP router supports LAN side routes.

Since CRS326 is a switch, not a router, its CPU may or may not be sufficient to handle the traffic, depending on the uplink bandwidth and the amount of tasks you will ask it to do, such as traffic prioritisation. So once you try, you may find out you need a router too. What is your uplink/downlink contract?

uplink/down link 300/300
so ideally the computers on the vlan should be able to communicate together just not with the rest of the lan.

uplink/down link 300/300

That may be a bit too much for the single core ARM at 800 MHz, but if you play it smart and let it deal only with routiing of the less demanding subnet, it might cope with it. You'll have to try. And after 5 more seconds of thinking, it should be doable without NAT even if the ISP router doesn't support routes at LAN side.

so ideally the computers on the vlan should be able to communicate together just not with the rest of the lan.

That's the default. You'd have to do a few extra steps to prevent them from communicating together.

Thank you for the help. So there's only 3 computers that need to be on the vlan.

The number of computers in each group is not important, the volume of their traffic is. If these three computers account for 90 % of the traffic volume, they have to be in the LAN subnet of the ISP modem, and all the rest, even if it meant 100 computers, have to be in the subnet routed by the CRS. Because you want the bulk of the traffic to be just switched on the CRS, and only the smaller amount of it routed.

Yikes, yes suggest picking up a cheap MT router, like a HEX S for example to do the work you are looking for.

suggest picking up a cheap MT router, like a HEX S for example to do the work you are looking for.

Hex S wouldn't make much difference, just about 150 % throughput as compared to the CRS326-24G-2S+: 94.1 kpps / 385.4 Mbps for 512-byte packets vs. 65,9 kpps / 269.9 Mbps for comparable setup (25 filter rules). hAP ac2 makes more sense: 240.8 kpps / 986.3 Mbps, that's 300 %, and enough for a 300/300 uplink.

Hmm, not my experience,
I could easily get 700 down and 500 up on my hex with my complex network..............
One of the reasons I upgraded first to an RB450Gx4 is that I couldnt max my 1gig fiber network, and then of course the "free upgrade to the CCR1009" was not to be turned down.

However, back to your point, YES concur for the same $$value, the hapac2 should outperform the hex.
If I had realized that earlier on, I would have probably got the hapac2 except that I despise routers with built in wifi, so probably didnt even think to look at it.

Oh WOW, they really changed the hex numbers............
They used to look like the hapac numbers somewhat but now the hex shows much much lower than when I bought mine.
Did they change something or were lying like rugs before, biatches.........