Hello everyone

this is my first post in this forum.
I'm trying to learn network part by a litle homeLab in my house.

I bought a router hEX and.. i'm trying to build a VLAN inside...
The hardest parts for me to understand are the firewall and the routes.

I have my Vlan but, impossible to have an access to internet by this one

Can you help me ?

//here config removed by me

You should start with viewtopic.php?t=143620

Yes, I read it and read it again
thanks

Change this: Into this: With this change you will get Internet on both networks.

Yes, I read it and read it again
thanks

You might want to have another read, you use a hybrid solution while VLAN-ing everything will make your config much more readable.

If you will notice, there is one bridge all vlans, so the bridge does no dhcp or subnet work............. simply create a vlan for that subnet as well.

Actually the best thing to do is take ether5 off the bridge and do all the config from a safe location.
Okay how to create an offbridge port. REMOVE ether5 from /interface bridge ports

/interface ethernet
set [ find default-name=ether5 ] comment=OffBridge5

/interface list
add list=TRUSTED

/interface list member
add interface=OffBridge5 list=TRUSTED
add interface=OffBridge4 list=LAN

/ip address
add address=192.168.77.1/30 interface=OffBridge4 network=192.168.77.0

Now simply plug in laptop to ether5 on the router, change IPV4 settings on the laptop to 192.168.77.2 and you should be in!!
Repeat for any mikrotik device when doing vlans and bridge.

thanks for your answers !
i will test the solution from @erlinden
and try also the other point of vue from @anav
both should be are good for my case

i want to understand ..
Do you have a good method for learning all this smoothly?
I have some basics, but they are definitely insufficient.

and, is it possible to clean config or check the config ?
maybe I have a lot of test stuff that is no longer useful.

First do not ask any questions and only show snippets on the config of what you think we should see, if you dont know the problem how can you know where to look.
You now have almost duplicate SrcNAT Rules and that is redundant, get rid of the second one.

For the export to see what is causing your issues.
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys )

I mean the latest copy as each time you change the config, you need to provide the latest version.................

By the way your missing the boat. you should have as many vlans as you do POOLS/subnets and the bridge should have no dhcp assigned to it.
viewtopic.php?t=143620

In fact your whole config is a mess, two bridges with the exact same name.........nothing matches,

ok here my latest version of my config :

//remove by me

Thank you for your analysis.

I try, I break, I repair, I learn...

Where can I start?

By rereading the article, where are frame types list on bridge ports, also basic networking, you got the pools but dont you realize each subnet needs
a. pool
b. dhcp server
c. dhpc server network
d. address

ok great !

thanks a lot