Yes, there are two ways to proceed (in general).
In either case you are going to create four different DHCP networks
USE SAFE MODE***** at all times through your configuring process.
Just using LANs
(1) In interface settings
Use comment to identify each etherport OR
change name of the etherports from ether2 to something like eth2-LAN1 or eth2-group???
(2) in interface list members ensure to add each ethport to LAN list
(3) Create the LANS ip address, ip pool, ip dhcp-server, ip dhcp-server network.
Where interface is required enter the appropriate etherport
(4) I will assume ethport1-LAN1 is the network you use and you are the admin.
For security purpose under winbox services make sure you only allow the LAN1 subnet access and if you know it will only be your PC, you can narrow it down.
You may wish to also add a laptop. This is a second layer in security, as you also need to grant yourself access to winbox in the firewall rules below via access to the router (input chain).
(5) For filter firewall rules you want something basic like
{input chain}
accept established related
drop invalid
accept access by admin from lan1 (either by IP address or you can use source address if you want to include more PCs)
accept dns queries from lan-interface-list to both udp tcp port 53 (for DNS)
drop all else
{forward chain}
fasttrack accept established related
accept established related
drop invalid
accept access to internet by all lans so from in-interface-lan to out-interface=wan
drop all else
************* Since the LANS are on their own separate port and NOT on the same bridge, they are not connected at Layer2. Since we have not made any firewall rules allowing them to see each other they are also blocked at layer 3. If you as the admin wanted to access the other lans, here is where you would put such a rule.
In addition if there was a shared printer lets say on your lan, again here is where you would put such a rule.
If there was any port forwarding required here is where you would put such a rule.
Nat Rules
probaly a simple masquerade rule will do… the default rule that show up.
More work here needed if forwarding ports.
DNS
allow remote requests
add 8.8.8.8, 1.1.1.1 etc…
you can delete the static rule left over by default setup.
… When you have made progress post your config for evaluation.
/export hide-sensitive file=yourconfigmar02
Once you have mastered these and a few more aspects of working with the router, it would be a much better time to contemplate vlans.