Hello,
My VLAN's work but I need help understanding the visual grid on the bridge-->VLANs tab.
I have a single bridge. I have "VLAN filtering" enabled in the bridge. WAN is on port 1. My trunk port to my LAN switch is connected on ether2.
Why does "bridge" and "ether2" need to be tagged?
How did ether2 get untagged in 1? I want it that way, but I didn't set it that way. Options in vlan 1 seem grayed out.
In the other image, I have ether6 untagged in VLAN 3. That works fine and my laptop pulled a vlan 3 IP but it doesn't show up in the grid as untagged. Why?
Thank you!

I suggest you to go through two excelent tutorials which have potential to clear up the mist in your head (hope you don't mind the pun):

Different bridge personalities: viewtopic.php?t=173692
VLAN setup on bridge: viewtopic.php?t=143620

To be clear, when you set your Bridge ports and assign a PVID to an interface that does a couple of things.

a. ensures packets coming into the port (from a dumb device) will get assigned the appropriate vlan tag.
b. automatically creates untagging of that port so that one does not have to manually insert the untagging on the /interface bridge vlans ( so when packet egresses the port the tag is stripped off). However this automated activity requires a not so clear rule .........

" Any vlan associated with a bridge must be identified with at least one interface on the bridge in the /interface bridge vlan settings. "

The untagging is dynamically done by the router on the fly when needed and is the reason it doesnt necessarily show on a config.
That is why I advocate always manually inserting untagging part of the config to.
a. cross-check the config at anytime between /interface bridge ports and /interface bridge vlans
b. allows any admin to quickly understand another config and to see an error in configuration.
c. ensures new users more fully understand how the config determines actual functionality.

The hardest part of the vlan configuration for most new users following the above docs, especially looking at pcunites discussion, is to understand the difference between
when that that vlan is used only for an access port or access ports, and when that vlan is also used for other trunk ports. The difference being the vlan somewhere along the line has to be tagged to an interface and if not so, it needs to be tagged to the bridge. He calls it L3 switching.............

Take for example a CAPAC, all vlans are tagged on the incoming trunk port (ether1) but none of the PVID=xx interfaces for WLAN need to be tagged to the bridge.
Why because on ether1, the WLAN vlans were tagged at least once to a port on the bridge.

This is not the case typically on the first Mikrotik device (such as a single wifi router) as there is no trunk port IN, however there may be a trunk port out where that vlan is selected and thus any associated vlans need not be noted for any untagged ports. So the confusion mainly falls on the case of one originating device and no trunk ports containing a vlan. That vlan even though untagged on all ports needs to be tagged to something at least once and in this case it would have to be the bridge.

This is explained or shown on pcunites description like so, under the example of Router+AP but its not an OBVIOUS POINT that leads to successful configs in my experience.......
# L3 switching so Bridge must be a tagged member
/interface bridge vlan
set bridge=BR1 tagged=BR1 [find vlan-ids=10]
set bridge=BR1 tagged=BR1 [find vlan-ids=20]
set bridge=BR1 tagged=BR1 [find vlan-ids=99]

What he is showing, in practical terms, is that one has to tag the bridge in the case where the vlan has not been tagged yet on any port.
The config the way I would write it would look like this......
add bridge=BR1 tagged=BR1 untagged=WLAN1 vlan-ids=10
add bridge=BR1 tagged=BR1 untagged=WLAN2 vlan-ids=20
add bridge=BR1 tagged=BR1 untagged=WLAN3 vlan-ids=99

What would also perfectly fine although ridiculous looking is this,which many members would use...... As now the vlan is associated with an interface in this case the bridge, and the router will create the untagging dynamically as determined by the /interface bridge settings........

set bridge=BR1 tagged=BR1 vlan-ids=10
set bridge=BR1 tagged=BR1 vlan-ids=20
set bridge=BR1 tagged=BR1 vlan-ids=99

To further illustrate this functionality, imagine if, for example, VLAN10 was also on a trunk port on ether2 lets say to a switch along with vlan99 the config would then look like so.......
add bridge=BR1 tagged=BR1.ether2 vlan-ids=10
add bridge=BR1 tagged=BR1 untagged=WLAN2 vlan-ids=20
add bridge=BR1 tagged=BR1.ether2 vlan-ids=99

Since the vlan has actually been tagged on another port, one no longer has to implicitly untag the associated wlan as its handled automatically/dynamically by the router.

However I personally still manually tag them so that my INTERFACE BRIDGE ports & vlans can be cross-checked more easily.
add bridge=BR1 tagged=BR1,ether2 untagged=WLAN1 vlan-ids=10
add bridge=BR1 tagged=BR1 untagged=WLAN2 vlan-ids=20
add bridge=BR1 tagged=BR1,ether2 untagged=WLAN3 vlan-ids=99

In the other image, I have ether6 untagged in VLAN 3. That works fine and my laptop pulled a vlan 3 IP but it doesn't show up in the grid as untagged. Why?

By default, WinBox only displays "current", and if you don't have an interface plugged into one of the access ports that vlan 3 is on, then it won't be displayed in the "current untagged".

I had a similar question here Bridge VLANS hEX S v7.2rc4 /interface bridge vlan print with the solution post #3. But even after that, I couldn't get it to work, because I didn't understand how to select columns, which I was expecting to behave more like wireshark. How you must add columns is described in post #7

As far as ether2, it is hard to say without seeing your sanitized exported config. My guess is that it is because of default pvid 1.