I try to use a trunk in port eth3 to eth5, eth1 as WAN.
Vlan interface in vlan 20,30,40 and 50

After that i connect my laptop into Ether4 (with vlan tagging activate for the connection in vlans 20,30,40 and 50 in the laptop), and i can get ip configuration (via dhcp from Mikrotik dhpc-servers defined ). Also i can ping (with response) from my pc to mikrotik to all vlan interfaces (20,30,40,50),
BUT I can't ping from mikrotik to my landtop ip. (leased via dhcp)
Also i can't reach my external network (via eth1, i have a srcnat and masquerade)

The same happend from my wireless conection. I can connect, i get a IP from scratch but dont reach any external network.

PD. Routes are ok.
[admin@MikroTik] /ip route> print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADS 0.0.0.0/0 192.168.15.1 1
1 ADC 10.2.20.0/24 10.2.20.1 int-VLAN20 0
2 ADC 10.2.30.0/24 10.2.30.1 int-VLAN30 0
3 ADC 10.2.40.0/24 10.2.40.1 int-VLAN40 0
4 ADC 10.2.50.0/24 10.2.50.1 int-VLAN50 0
5 ADC 192.168.15.0/24 192.168.15.253 ether1 0


¿Any idea?

CONFIG:

# dec/19/2018 22:15:00 by RouterOS 6.43.7
# s
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number =
/interface bridge
add frame-types=admit-only-vlan-tagged ingress-filtering=yes name=bridge1 \
vlan-filtering=yes
/interface wireless
set [ find default-name=wlan1 ] disabled=no frequency=auto mode=ap-bridge \
ssid=AT-2 vlan-id=40 vlan-mode=use-tag
set [ find default-name=wlan2 ] band=5ghz-a/n/ac disabled=no frequency=auto \
mode=ap-bridge ssid=AT-5 vlan-id=50 vlan-mode=use-tag
/interface vlan
add interface=bridge1 name=int-VLAN20 vlan-id=20
add interface=bridge1 name=int-VLAN30 vlan-id=30
add interface=bridge1 name=int-VLAN40 vlan-id=40
add interface=bridge1 name=int-VLAN50 vlan-id=50
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=pool-vlan20 ranges=10.2.20.100-10.2.20.190
add name=pool-vlan30 ranges=10.2.30.100-10.2.30.190
add name=pool-vlan40 ranges=10.2.40.100-10.2.40.190
add name=pool-vlan50 ranges=10.2.50.100-10.2.50.190
add name=dhcp_pool4 ranges=10.10.10.2-10.10.10.254
/ip dhcp-server
add address-pool=pool-vlan20 disabled=no interface=int-VLAN20 lease-time=1h10m name=dhcp-vlan20
add address-pool=pool-vlan30 disabled=no interface=int-VLAN30 lease-time=1h10m name=dhcp-vlan30
add address-pool=pool-vlan40 disabled=no interface=int-VLAN40 lease-time= 1h10m name=dhcp-vlan40
add address-pool=pool-vlan50 disabled=no interface=int-VLAN50 lease-time= 1h10m name=dhcp-vlan50
add address-pool=dhcp_pool4 interface=bridge1 name=dhcp1 relay=10.10.10.1
/interface bridge port
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether2
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether3
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether4
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether5
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=wlan1
add bridge=bridge1 frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=wlan2
/interface bridge vlan
add bridge=bridge1 tagged=ether2,ether3,ether4,ether5,bridge1 vlan-ids=20
add bridge=bridge1 tagged=ether2,ether3,ether4,ether5,bridge1 vlan-ids=30
add bridge=bridge1 tagged=ether2,ether3,ether4,ether5,bridge1,wlan1 vlan-ids= 40
add bridge=bridge1 tagged=ether2,ether3,ether4,ether5,bridge1,wlan2 vlan-ids= 50
/ip address
add address=10.2.20.1/24 interface=int-VLAN20 network=10.2.20.0
add address=10.2.30.1/24 interface=int-VLAN30 network=10.2.30.0
add address=10.2.40.1/24 interface=int-VLAN40 network=10.2.40.0
add address=10.2.50.1/24 interface=int-VLAN50 network=10.2.50.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip dhcp-server config
set store-leases-disk=1h15m
/ip dhcp-server network
add address=10.2.20.0/24 dns-server=8.8.8.8 gateway=10.2.20.1 netmask=24 ntp-server=150.214.94.5
add address=10.2.30.0/24 dns-server=8.8.8.8 gateway=10.2.30.1 netmask=24 ntp-server=150.214.94.5
add address=10.2.40.0/24 dns-server=8.8.8.8 gateway=10.2.40.1 netmask=24 ntp-server=150.214.94.5
add address=10.2.50.0/24 dns-server=8.8.8.8 gateway=10.2.50.1 netmask=24 ntp-server=150.214.94.5
/ip firewall nat
add action=masquerade chain=srcnat
add action=accept chain=srcnat
/system clock
set time-zone-name=Europe/Madrid

The first step : Disable de FW in your laptop

ufff!. At least the config run.

Just to understand
Eth3, Eth4 and Eth5 are trunk ports that will handle vlans 20, 30,40, 50

Eth2 is ???

Eth4 is connected to your laptop but how does your laptop provide all VLANS? Is your laptop able to output VLAN traffic already tagged?
If not, then Eth4 can either be regular LAN traffic or it can be ONE VLAN only.


I understand WLAN1 is running on vlan40 and WLAN2 is running on vlan50.
I understand regular LAN is 10.10.10.1 network.
But who uses regular LAN?? (pool4)

Fix masquerade rule only need one entry here.
/ip firewall nat
action=masquerade chain=srcnat out-interface=eth1

I do not understand the purpose of relay command here.......
add address-pool=dhcp_pool4 interface=bridge1 name=dhcp1 relay=10.10.10.1