Mikrotik

RouterOS VLAN trunk + access. Eternal problem?

Dobronochi.

Given:
1. The cheapest managed switch with the letter "D". (Looking ahead: changed to HP, but did not help)
2. Mikrotik 951Ui-2HnD. RuterOS 6.46.1. Reset to default. In 3 minutes, vlans are configured, the diagram is in the picture. Internet comes to ether1 via DHCP. VLAN10, VLAN20 somewhere to computers through the access ports of the switch, MGMT99 - control (also in access). These velans are hung on the default bridge. DHCP is hung on them. Firewall - default as well as other rules. Clients receive the necessary IP, the network works, there is an Internet, everything is gorgeous, the packets are running.

/interface bridge port
add bridge=bridge comment=defconf interface=ether1 hw=yes
add bridge=bridge comment=defconf interface=ether2 hw=yes
add bridge=bridge comment=defconf interface=ether3 hw=yes
add bridge=bridge comment=defconf interface=ether4 hw=yes
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
add interface=bridge name=vlan20 vlan-id=20
add interface=bridge name=mgmt99 vlan-id=99

What you want: The switch ran out of holes, you need to use a couple of holes from the router. Those. Ports 3 and 4 make access to VLAN20. As soon as I do the official mana, the grid falls, and nothing goes anywhere and nothing is pinged from the router, clients do not see the router:

/interface ethernet switch vlan
add ports=ether2 switch=switch1 vlan-id=10
add ports=ether2 switch=switch1 vlan-id=99	
add ports=ether2,ether3,ether4 switch=switch1 vlan-id=20

/interface ethernet switch port
set ether2 vlan-header=add-if-missing vlan-mode=secure
set ether3 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure
set ether4 default-vlan-id=20 vlan-header=always-strip vlan-mode=secure