It is important that the two subnets do not see each other and that there is no traffic between them.
Would VLAN be the solution?
You do need two subnets, each on different logical interfaces (each on separate broadcast domain). But you also need firewall rules to block traffic between the two subnets to prevent traffic from being routed.
So VLAN would be one solution. And it is the most general solution, but vlans are another layer of abstraction, and with that comes more complexity.
As stated, you could just need to remove the ether5 ethernet port from the bridge and assign it its own ip address in another subnet. That may be easier for a novice to understand and would be identical in behavior for most things (for example if you had a single non-vlan aware device connected to ether5, whether that was single host, or a dumb ethernet switch with many hosts attached.
The advantage of using vlans is the extra layer of abstraction, as it removes the routed interface from a specific hardware port. Instead, you associate the physical ports with the vlan(s) you want that physical port to be able to pass traffic for. This becomes important if you want to connect a vlan-aware device that needs access to mulitple vlans, for example, a wifi access point with mulitiple SSIDs, or a connection to another vlan-aware switch on the other end of a long single trunk cable. Another reason would be it you wanted two ports in each vlan, instead of 1 and 3.
My problem is that the working configuration should be modified and I am looking for help with this. I hope someone will be able to tell me what needs to be changed step by step.
If you could help me with this, I would be very happy.
Spoon feeding is not generally the level of help you will get on a forum. You are expected to put some effort in yourself.
As far as I know, the link already provided is closest thing to a "recipe book" for common use cases. You will have to read it and try to understand it, and after you have read it and gotten stuck, then come back with the specific questions that you need help with.
And when asking questions, we expect you to provide us with actionable information. You didn't even specify what type of router you have, of what version of firmware you are using, and it there is other equipment involved (like downstream switches or access points, and what your requirements are). A sanitized configuration export is the absolute minimum needed (and leave the model type and router os but remove the Serial number (I also like to remove the Software ID which I think is unique to the router's license)
# jul/30/2022 20:55:59 by RouterOS 7.4 <- leave this, it is important because it shows version and timestamp (in case you post your config multiple times, this can be used to find the correct one),
# software id = **remove** (I am not sure this needs removed, but I do)
#
# model = RB760iGS <- leave this, as it shows us what hardware you are using.
# serial number = **remove** (this is used if you save your config in the cloud)
See
Getting Answers and
How to Report Bugs Effectively
@anav's
NEW USER POSTING FOR ASSISTANCE