Is there any problem in the firmware with vlan filtering per bridge?
Mikrotik 4011 os 7.5
I would like one of the vlans to be available on both the router and the connected switch ports
when I turn on
add ingress-filtering = no name = bridge1 vlan-filtering = yes
the vlan port on the router on the switch is not working
when I turn off
add name = bridge1
works on switch and vlan does not work on router


/interface bridge
add ingress-filtering=no name=bridge1 vlan-filtering=yes

/interface vlan
add interface=bridge1 name=vlan10 vlan-id=10
add interface=bridge1 name=vlan20 vlan-id=20

/ip pool
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool2 ranges=192.168.20.2-192.168.20.254

/ip dhcp-server
add address-pool=dhcp_pool1 interface=vlan10 name=dhcp1
add address-pool=dhcp_pool2 interface=vlan20 name=dhcp2

/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether2 pvid=10
add bridge=bridge1 ingress-filtering=no interface=ether3 pvid=20
add bridge=bridge1 ingress-filtering=no interface=ether4

/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged=ether2 vlan-ids=10
add bridge=bridge1 tagged=bridge1 untagged=ether3 vlan-ids=20
add bridge=bridge1 tagged=bridge1 untagged=ether2,ether3 vlan-ids=1

/ip address
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0

/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.20.0/24 gateway=192.168.20.1

/export config (minus serial number and any public WANIP information). Snippets dont give a proper story.

all config

/interface bridge
add ingress-filtering=no name=bridge1 vlan-filtering=yes
/interface vlan
add interface=bridge1 name=vlan10 vlan-id=10
add interface=bridge1 name=vlan20 vlan-id=20
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
add name=dhcp_pool2 ranges=192.168.20.2-192.168.20.254
/ip dhcp-server
add address-pool=dhcp_pool1 interface=vlan10 name=dhcp1
add address-pool=dhcp_pool2 interface=vlan20 name=dhcp2
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether2 pvid=10
add bridge=bridge1 ingress-filtering=no interface=ether3 pvid=20
add bridge=bridge1 ingress-filtering=no interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged=ether2 vlan-ids=10
add bridge=bridge1 tagged=bridge1 untagged=ether3 vlan-ids=20
add bridge=bridge1 tagged=bridge1 untagged=ether2,ether3 vlan-ids=1
/ip address
add address=192.168.10.1/24 interface=vlan10 network=192.168.10.0
add address=192.168.20.1/24 interface=vlan20 network=192.168.20.0
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
add address=192.168.20.0/24 gateway=192.168.20.1

(1) Improvement.
from:
/interface bridge port
add bridge=bridge1 ingress-filtering=no interface=ether2 pvid=10
add bridge=bridge1 ingress-filtering=no interface=ether3 pvid=20
add bridge=bridge1 ingress-filtering=no interface=ether4
TO:
/interface bridge port
add bridge=bridge1 ingress-filtering=yes frame-types=admit-priority-and-untagged interface=ether2 pvid=10
add bridge=bridge1 ingress-filtering=yes frame-types=admit-priority-and-untagged interface=ether3 pvid=20
add bridge=bridge1 ingress-filtering=yes frame-types=admit-only-tagged interface=ether4

(2) from:
/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged=ether2 vlan-ids=10
add bridge=bridge1 tagged=bridge1 untagged=ether3 vlan-ids=20
add bridge=bridge1 tagged=bridge1 untagged=ether2,ether3 vlan-ids=1
TO:
/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether4 untagged=ether2 vlan-ids=10
add bridge=bridge1 tagged=bridge1,ether4 untagged=ether3 vlan-ids=20

I would like one of the vlans to be available on both the router and the connected switch ports

Which vlan did you want the RB4011 CPU (routing engine) to see? You stated one, but you have two vlan interfaces defined.

For each /interface vlan that is "under" the bridge (that's what creates the interface for the router engine to associate an ip address with, and an associated tagged connection to the internal trunk link to the bridge/switch), you also need a corresponding /interface bridge vlan statement (this configures the vlan membership and tagging of the layer 2 ports on the layer 2 bridge/switch, including the layer 2 port connected to the "internal trunk link" between the routing engine and the layer 2 bridge/switch)

See RouterOS bridge mysteries explained for more info about what the bridge is in a MikroTik device.

That's why, as @anav pointed out, that the following lines are in conflict:

/interface bridge vlan
add bridge=bridge1 tagged=bridge1 untagged=ether2 vlan-ids=10
add bridge=bridge1 tagged=bridge1 untagged=ether3 vlan-ids=20
add bridge=bridge1 tagged=bridge1 untagged=ether2,ether3 vlan-ids=1

Each bridge "port" (e.g. ether2, or bridge1) should only have a single vlan untagged. Otherwise it would be ambiguous what vlan an untagged frame belongs to. Also both ends of a hybrid trunk link need to agree on what vlan untagged ethernet frames should be classified into. Otherwise you will get unintentional vlan hopping (what cisco routers with cdp enabled will report as Native VLAN mismatch). See this for more info.

Thank you for your help. Works the way I wanted.