diff --git a/bundles/routeros/items.py b/bundles/routeros/items.py
index cd1ec29..e55536a 100644
--- a/bundles/routeros/items.py
+++ b/bundles/routeros/items.py
@@ -1,3 +1,5 @@
+ROUTEROS_VERSION = node.os_version[0]
+
 routeros['/ip/dns'] = {
     'servers': '8.8.8.8',
 }
@@ -18,7 +20,7 @@ for service in (
     'ssh',
     'www',
 ):
-    routeros[f'/ip/service?name={service}'] = {
+    routeros[f'/ip/service?name={service}&dynamic=false'] = {
         'disabled': False,
     }
 
@@ -57,16 +59,26 @@ routeros['/system/clock'] = {
     'time-zone-name': 'UTC',
 }
 
+routeros['/ip/neighbor/discovery-settings'] = {
+    'protocol': 'lldp',
+}
+
 routeros['/system/identity'] = {
     'name': node.name,
     # doing this first gives us some chance to notice an IP mixup
     'before': {'routeros:'},
 }
 
-routeros['/system/ntp/client'] = {
-    'enabled': True,
-    'server-dns-names': 'de.pool.ntp.org',
-}
+if ROUTEROS_VERSION < 7:
+    routeros['/system/ntp/client'] = {
+        'enabled': True,
+        'server-dns-names': 'de.pool.ntp.org',
+    }
+else:
+    routeros['/system/ntp/client'] = {
+        'enabled': True,
+        'servers': 'de.pool.ntp.org',
+    }
 
 if node.metadata.get('routeros/gateway'):
     routeros['/ip/route?dst-address=0.0.0.0/0'] = {
@@ -76,6 +88,7 @@ if node.metadata.get('routeros/gateway'):
 routeros['/interface/bridge?name=bridge'] = {
     'priority': node.metadata.get('routeros/bridge_priority', '0x8000'),
     'protocol-mode': 'rstp',
+    'igmp-snooping': False,
     'vlan-filtering': True,
 }
 
@@ -159,7 +172,13 @@ for vlan, conf in node.metadata.get('routeros/vlans').items():
         }
 
         # assign ports to vlans
-        routeros[f"/interface/bridge/vlan?vlan-ids={conf['id']}"] = {
+        #
+        # Be sure to only consider non-dynamic VLANs: When you remove a
+        # port from a VLAN (if that VLAN is the PVID of the port) while
+        # the port is UP, then a dynamic temporary VLAN object will be
+        # created in the switch. That is harmless and it will vanish as
+        # soon as the PVID of the port also changes.
+        routeros[f"/interface/bridge/vlan?vlan-ids={conf['id']}&dynamic=false"] = {
             'bridge': 'bridge',
             'untagged': sorted(conf['untagged']),
             'tagged': sorted(conf['tagged']),
@@ -170,3 +189,25 @@ for vlan, conf in node.metadata.get('routeros/vlans').items():
                 'tag:routeros-vlan',
             },
         }
+
+# purge unused vlans
+routeros['/interface/vlan'] = {
+    'purge': {
+        'id-by': 'name',
+    },
+    'needed_by': {
+        'tag:routeros-vlan',
+    }
+}
+
+routeros['/interface/bridge/vlan'] = {
+    'purge': {
+        'id-by': 'vlan-ids',
+        'keep': {
+            'dynamic': True,
+        },
+    },
+    'needed_by': {
+        'tag:routeros-vlan',
+    }
+}
diff --git a/nodes/home.switch-rack.toml b/nodes/home.switch-rack.toml
index 57014f0..6a0a223 100644
--- a/nodes/home.switch-rack.toml
+++ b/nodes/home.switch-rack.toml
@@ -1,3 +1,4 @@
 groups = ["switches-mikrotik"]
 hostname = "172.19.138.4"
 password = "encrypt$gAAAAABkI1Eqsust7XuYFK2-FaRzXWM5fOXumhdi5fWNokLtM0CBAqVqc5zcg37XH_JIZvkhp3buKvswcvd_znaV3Rb8kKeJTs4_VJo6OsvbiWkujfT50HspoUXER0JSZSmeZts8a_2i"
+os_version = [6]