My last question is - is there a way I could make the sfp+ a trunk port without changing my current config?
# oct/25/2021 22:00:21 by RouterOS 7.1rc4
# software id = 7ZLE-935S
#
# model = RB5009UG+S+
# serial number =
/interface bridge
add admin-mac= auto-mac=no name=BaseNetwork vlan-filtering=\
yes
/interface wireguard
add listen-port=30752 mtu=1420 name=Mullvad
add listen-port=51820 mtu=1420 name="Remote Access Wireguard"
add listen-port=51822 mtu=1420 name=Utah
/interface vlan
add interface=BaseNetwork name=CAMERAS_VLAN vlan-id=40
add interface=BaseNetwork name=DMZ_VLAN vlan-id=80
add interface=BaseNetwork name=KIDS_VLAN vlan-id=20
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name=VLANS
add include=LAN,VLANS name=ALL
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=BaseNetwork ranges=10.20.2.100-10.20.2.254
add name=KIDS_POOL ranges=10.20.20.100-10.20.20.254
add name=CAMERAS_POOL ranges=10.20.40.100-10.20.40.254
add name=DMZ_POOL ranges=10.20.80.100-10.20.80.254
/ip dhcp-server
add address-pool=BaseNetwork interface=BaseNetwork lease-time=8h name=LAN
add address-pool=KIDS_POOL interface=KIDS_VLAN name=KIDS
add address-pool=CAMERAS_POOL interface=CAMERAS_VLAN name=Cameras
add address-pool=DMZ_POOL interface=DMZ_VLAN name=DMZ
/routing table
add disabled=no fib name=Utah
add disabled=no fib name=Mullvad
/interface bridge port
add bridge=BaseNetwork comment=defconf interface=ether2
add bridge=BaseNetwork comment=defconf interface=ether3
add bridge=BaseNetwork comment=defconf interface=ether4
add bridge=BaseNetwork comment=defconf interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=BaseNetwork tagged=BaseNetwork,ether2,ether3,ether4,sfp-sfpplus1 \
vlan-ids=20,40,80
/interface list member
add interface=BaseNetwork list=LAN
add interface=ether1 list=WAN
add interface=KIDS_VLAN list=VLANS
add interface=CAMERAS_VLAN list=VLANS
add interface=DMZ_VLAN list=VLANS
add interface="Remote Access Wireguard" list=LAN
add interface=Mullvad list=LAN
add interface=Utah list=LAN
/interface wireguard peers
add allowed-address=0.0.0.0/0 endpoint-address=136.36.56.240 endpoint-port=\
51822 interface=Utah persistent-keepalive=30s public-key=\
"UOKuHFY1WhC6b2beXIQGmivsFuXtqY9g8KNd6eC5qTc="
add allowed-address=0.0.0.0/0 endpoint-address=86.106.143.145 endpoint-port=\
51820 interface=Mullvad persistent-keepalive=30s public-key=\
"JQo2XN042FQbMrpvRMpEoA+CpqhRESeSWjkNB+k41Ds="
add allowed-address=10.103.103.2/32 interface="Remote Access Wireguard" \
public-key="S0v2v7bRuzOnzcuC35IOTqEoq7TFXZAeLuXMcqgneC0="
/ip address
add address=10.20.2.1/24 interface=BaseNetwork network=10.20.2.0
add address=10.20.20.1/24 interface=KIDS_VLAN network=10.20.20.0
add address=10.20.40.1/24 interface=CAMERAS_VLAN network=10.20.40.0
add address=10.20.80.1/24 interface=DMZ_VLAN network=10.20.80.0
add address=10.102.102.2 interface=Utah network=10.102.102.1
add address=10.64.111.167 interface=Mullvad network=10.64.111.167
add address=10.103.103.1/24 interface="Remote Access Wireguard" network=\
10.103.103.0
/ip cloud
set update-time=no
/ip dhcp-client
add interface=ether1 use-peer-dns=no
/ip dhcp-server lease
REMOVED
/ip dhcp-server network
add address=10.20.2.0/24 dns-server=10.20.2.6 domain=mikrotik.overseas \
gateway=10.20.2.1
add address=10.20.20.0/24 dns-server=10.20.2.6 domain=mikrotik.overseas \
gateway=10.20.20.1
add address=10.20.40.0/24 dns-server=10.20.40.1 domain=mikrotik.overseas \
gateway=10.20.40.1
add address=10.20.80.0/24 dns-server=10.20.80.1 domain=mikrotik.overseas \
gateway=10.20.80.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.20.2.0/24 comment="Local Subnets" list="Local Subnets"
add address=10.10.1.0/24 comment="Utah Subnets" list="Utah Subnets"
add address=10.10.10.0/24 list="Utah Subnets"
add address=10.10.30.0/24 list="Utah Subnets"
add address=10.10.50.0/24 list="Utah Subnets"
add address=10.20.20.0/24 list="Local Subnets"
add address=10.20.80.0/24 list="Local Subnets"
add address=10.20.20.10 comment="Kids Devices" list=KidsDevices
add address=10.20.20.11 list=KidsDevices
add address=10.20.20.22 list=KidsDevices
add address=10.20.20.23 list=KidsDevices
add address=10.20.20.20 list=KidsDevices
add address=10.20.20.21 list=KidsDevices
add address=10.20.20.22 comment="Kids Laptops" list="Kids Laptops"
add address=10.20.20.23 list="Kids Laptops"
add address=10.20.2.50 comment=Sonos list=Sonos
add address=10.20.2.3 comment=Streaming list=Streaming
add address=192.168.88.0/24 list="Local Subnets"
add address=10.20.20.0/24 comment="Kids Network" list="Kids Network"
add address=10.20.2.0/24 comment="Local Trusted Subnet" list=\
"Local Trusted Network"
add address=10.20.2.4 list=Streaming
add address=10.20.2.8 list=Streaming
add address=10.20.2.9 list=Streaming
add address=10.20.2.51 list=Sonos
add address=10.20.2.52 list=Sonos
add address=10.20.2.53 list=Sonos
add address=10.20.2.54 list=Sonos
add address=10.20.2.55 list=Sonos
add address=10.20.2.56 list=Sonos
add address=10.20.2.57 list=Sonos
add address=10.102.102.0/24 comment="Utah Wireguard" list="Utah Wireguard"
add address=10.20.20.30 list=Streaming
add address=10.20.20.31 list=Streaming
add address=10.20.2.7 list=Streaming
add address=10.103.103.0/24 list="Local Subnets"
add address=10.20.2.70 comment="Management devices" list="Management Devices"
add address=10.20.2.71 list="Management Devices"
add address=10.20.2.72 list="Management Devices"
add address=10.20.2.73 list="Management Devices"
add address=10.20.80.0/24 comment="DMZ network" list=DMZ
add address=10.103.103.0/24 list="Management Devices"
add address=10.20.40.0/24 comment=Cameras list=Cameras
add address=10.20.40.0/24 list="Local Subnets"
/ip firewall filter
add action=accept chain=input comment="allow established and related" \
connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=accept chain=input comment="management devices to router" \
connection-state="" src-address-list="Management Devices"
add action=accept chain=input comment="allow ICMP" protocol=icmp
add action=accept chain=input comment="allow ssh" dst-port=55512 protocol=tcp
add action=accept chain=input comment="remote access wireguard" dst-port=\
51820 in-interface=ether1 protocol=udp
add action=accept chain=input comment="utah wireguard" dst-port=51822 \
in-interface=ether1 protocol=udp
add action=accept chain=input comment="DNS " dst-port=53 in-interface-list=\
ALL protocol=tcp
add action=accept chain=input dst-port=53 in-interface-list=ALL protocol=udp
add action=accept chain=input comment=NTP dst-port=123 in-interface-list=ALL \
protocol=udp
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=fasttrack-connection chain=forward comment=\
"allow established and related" connection-state=established,related \
hw-offload=yes
add action=accept chain=forward comment="allow established and related" \
connection-state=established,related
add action=accept chain=forward comment="remote wireguard" in-interface=\
"Remote Access Wireguard"
add action=accept chain=forward comment="LAN firewall" dst-address-list=!DMZ \
in-interface=BaseNetwork
add action=accept chain=forward comment="kids firewall" dst-address=10.20.2.6 \
dst-port=53 in-interface=KIDS_VLAN protocol=tcp
add action=accept chain=forward dst-address=10.20.2.6 dst-port=53 \
in-interface=KIDS_VLAN protocol=udp
add action=accept chain=forward in-interface=KIDS_VLAN out-interface=Utah \
src-address-list=Streaming
# inactive time
add action=accept chain=forward in-interface=KIDS_VLAN out-interface=ether1 \
time=5h-20h30m,sun,mon,tue,wed,thu,fri,sat
add action=accept chain=forward comment="cameras firewall" dst-address=\
10.20.2.10 in-interface=CAMERAS_VLAN
add action=accept chain=forward dst-address=10.20.2.10 in-interface=\
CAMERAS_VLAN
add action=accept chain=forward comment="DMZ firewall" in-interface=DMZ_VLAN \
out-interface=ether1
add action=drop chain=forward comment="drop everything else" log-prefix=\
"drop all"
/ip firewall nat
add action=masquerade chain=srcnat comment=ISP out-interface=ether1
add action=masquerade chain=srcnat comment=Mullvad out-interface=Mullvad
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Mullvad pref-src="" \
routing-table=Mullvad scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=10.10.1.0/24 gateway=Utah pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=10.10.10.0/24 gateway=Utah pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no distance=1 dst-address=10.10.30.0/24 gateway=Utah pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add disabled=no dst-address=10.10.50.0/24 gateway=Utah routing-table=main \
suppress-hw-offload=no
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=Utah routing-table=\
Utah scope=30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=55512
set api disabled=yes
set winbox address=10.20.0.0/16,10.103.103.0/24
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/routing rule
add action=lookup disabled=no dst-address=10.20.0.0/16 src-address=\
10.103.103.0/24 table=main
add action=lookup comment="Local to LTE Mikrotik" disabled=no dst-address=\
192.168.88.0/24 src-address=10.20.2.0/24 table=main
add action=lookup-only-in-table comment="Local to Utah" disabled=no \
dst-address=10.10.0.0/16 min-prefix=0 src-address=10.20.2.0/24 table=Utah
add action=lookup comment="Local to Local" disabled=no dst-address=\
10.20.0.0/16 src-address=10.20.0.0/16 table=main
add action=lookup comment=kw.zain.com disabled=no dst-address=\
212.43.17.129/32 src-address=10.20.2.0/24 table=main
add action=lookup comment=Sonos disabled=no src-address=10.20.2.50/32 table=\
main
add action=lookup disabled=no src-address=10.20.2.51/32 table=main
add action=lookup disabled=no src-address=10.20.2.52/32 table=main
add action=lookup disabled=no src-address=10.20.2.53/32 table=main
add action=lookup disabled=no src-address=10.20.2.54/32 table=main
add action=lookup disabled=no src-address=10.20.2.55/32 table=main
add action=lookup disabled=no src-address=10.20.2.56/32 table=main
add action=lookup disabled=no src-address=10.20.2.57/32 table=main
add action=lookup comment=PiHole disabled=no src-address=10.20.2.6/32 table=\
main
add action=lookup-only-in-table comment="Fire Tablets" disabled=no \
min-prefix=0 src-address=10.20.20.30/32 table=Utah
add action=lookup-only-in-table disabled=no src-address=10.20.20.31/32 table=\
Utah
add action=lookup-only-in-table comment=FireTV disabled=no src-address=\
10.20.2.3/32 table=Utah
add action=lookup-only-in-table comment=AppleTV disabled=no src-address=\
10.20.2.9/32 table=Utah
add action=lookup comment="LAN to Mullvad" disabled=no src-address=\
10.20.2.0/24 table=Mullvad
/system clock
set time-zone-name=Asia/Kuwait
/system identity
set name=RB5009overseas
/system ntp client
set enabled=yes
/system ntp server
set enabled=yes manycast=yes multicast=yes
/system ntp client servers
add address=1.pool.ntp.org
add address=2.pool.ntp.org
add address=3.pool.ntp.org
add address=0.pool.ntp.org
/system package update
set channel=development
/system routerboard settings
set silent-boot=yes
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Is this causing me issues because I am using the default vlan1 which is untagged versus tagged?