VLAN on MikroTik RB493AH

I have been using a MikroTik RB493G for some time, and I have the router configured with three VLANS. One VLAN covers the WAN (Eth1) port (DHCP), one covers Eth2-Eth5 (192.168.1.0), and one covers Eth6-Eth9 (192.168.1.128).

I recently purchased a MikroTik RB493AH to serve as a backup, and I would like to configure this router similarly. However, I cannot seem to figure out how to use VLANs to build two subnets.

I do know that the RB493AH has only one switch chip, which covers the 8+1 Ethernet ports. The RB493G has two chips, one that covers 4+1 and one that covers 4.

I thought that something like this would work:

config switch
        option name switch0
        option enable 1
        option reset 1
        option enable_vlan 1
                                                       
config switch_vlan
        option device switch0
        option vlan 1
        option ports "0 1 2 3  8t" # 8 is CPU.

config interface privlan
        option ifname eth1.1
        option type bridge
        option proto static
        option ipaddr 192.168.1.129
        option netmask 255.255.255.128

However, this renders the router's Ethernet ports unusable by a computer.

When I study the documentation and the example RB493 configuration, it seems that I am missing something about how to assign an IP address to the two VLANs. I thought I understood the "implicit" notation (i.e., eth1.1).

Everything works when I reference eth1 (rather than eth1.1) in the "config interface" section. But this of course does not allow me to assign two different subnets to the to VLANs.

I have continued to experiment, and I think there might be something wrong in the kernel.

I checked to confirm all of the physical interfaces were untagged using "swconfig dev switch0 show," and everything looked okay. Still unable to obtain an IP address using DHCP, I manually set an IP address on my laptop. I then tried to ping my laptop from the router. This I observed on the laptop using Wireshark, and I even saw the laptop sending back echo replies. I could see the router in my laptop's ARP table.

However, the router was clearly not processing the echo replies. The laptop did not appear in the router's ARP table.

I don't understand default configuration: it configures switch with vlan 1, but it is accessed in lan as eth1, not eth1.1 Add vlan 2, and try to access it as eth1.2

I agree that the default configuration is odd. However, it does not work if I replace "eth1" with "eth1.1." The same is true of adding VLAN 2 and "eth1.2." This is consistent with the further experimentation I describe above.