Hello everyone,

I've been having a problem with proper configuration of DHCP on different VLANs on RB3011. I apologize if the following has already been asked on this this forum, but I haven't found a post with similar configuration demands (or maybe the problem is, that i've been searching for a wrong solution).

What I'm trying to do is to configure separate VLANs on the same bridge:

- VLAN for management on port 2, which allows access to bridge port (Winbox/telnet/web...)
- VLAN for users on ports 3-5, which blocks access to bridge port, + DHCP

Here is the config that has been done according to wiki: https://wiki.mikrotik.com/wiki/Manual:Bridge_VLAN_Table

Now my understanding is that allowing access to bridge port (CPU) and management of the device is implemented with the part

/interface bridge vlan
add bridge=bridge tagged=bridge untagged=ether2 vlan-ids=400

allowing access only to packets that have tag 400. This actually works correctly. Access to management is only possible through port 2.
The part that doesn't work is the access VLAN, the devices do not get the IP from configured server, also on interface ACCESS there is no traffic detected. I've tried to switch the server to MANAGEMENT interface and added user device to port 2 and the IP is allocated immediately. I assumed that the problem is with missing tagged=bridge in the table for VLAN id 35. Fixed it, but even then on ACCESS interface DHCP does not work. It is practically the same as MANAGEMENT interface but it didn't work. So my question would be:

- is this the right way to allow access, with tagging bridge port in bridge VLAN table and block it without tagging bridge?
- where could be the problem of DHCP not working on ACCESS interface? (dhcp-server is also marked red)

Thank you in advance!