Problem with setting up and having internal Switch VLANs on the hapac2 router nothing works as it should

Hi,
I would like to use my hapac2 router to have following configuration,
ether1 → connects to the ISP (not available yet)
lte1 → connects to the internet
ether2 → with Ip address in subnet 192.168.110.1/24 to be used only for router managment
ether3 → work as VLAN 30 (VIP) with DHCP range 10.30.30.1/24
ether4 → work as VLAN 40 (ROOMMATE) with DHCP range 10.40.40.1/24
ether5 → work as Trunk port for VLAN30, VLAN40, VLAN99(GUEST) (which does not have dedicated ether port, but has dedicated wireless)

wlan3 (virtual wlan derived from physical wlan1 via CAPSMAN) to have ssid:vip24
wlan4 (virtual wlan derived from physical wlan1 via CAPSMAN) to have ssid:rmt24
wlan5 (virtual wlan derived from physical wlan1 via CAPSMAN) to have ssid:gst24

wlan6 (virtual wlan derived from physical wlan2 5Ghz via CAPSMAN) to have ssid:vip50
wlan7 (virtual wlan derived from physical wlan2 5Ghz via CAPSMAN) to have ssid:rmt50
wlan8 (virtual wlan derived from physical wlan2 5Ghz via CAPSMAN) to have ssid:gst50

so another vlan VLAN 99 (GUEST) which does not have any designated etherport on the router except the wlan8 and wlan5 should be available on the Trunk (ether5) as well

I want to use internal Switch VLAN configuration for ether ports in addition I want VLANS
to be accessible on the different wlan interfaces (gst,rmt,vip).

Anyways I failed to implement VLAN on the ether interfaces, all the VLANS should have access to the internet and must not talk to each other.
But in my case none of them worked, no correct IP address assigning for different port no access to the internet on any ether3,4,5 port.

By the way I would like to know why I connect to ether3,ether4,ether5 I do not get correct IP address assigned and there is no internet,.
In addition what would be the assigned IP address if I connect to the ether5 (Trunk) port?

Below I have attached the configuration,
Any guide at any part is really appreciated

# 2024-08-03 00:11:38 by RouterOS 7.15.3
# software id = 2LGH-Q5N6
#
# model = RBD52G-5HacD2HnD
# serial number = 8FDE097B20A9
/interface bridge
add admin-mac=B8:69:F4:1B:F5:3F auto-mac=no comment=defconf name=bridgeLocal vlan-filtering=yes
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] ssid=MikroTik
# managed by CAPsMAN
set [ find default-name=wlan2 ] ssid=MikroTik
/interface vlan
add comment="vlan30-vip-ether3-ether5(trunk)" interface=ether5 name=vlan30 vlan-id=30
add comment="vlan40-rmt-ether4-ether5(trunk)" interface=ether5 name=vlan40 vlan-id=40
add comment="vlan99-gst-etherX-ether5(trunk)" interface=ether5 name=vlan99 vlan-id=99
/interface ethernet switch port
set 2 default-vlan-id=30 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=40 vlan-header=always-strip vlan-mode=secure
set 4 default-vlan-id=0 vlan-header=add-if-missing vlan-mode=secure
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=10.30.30.2-10.30.30.254
add name=dhcp_pool1 ranges=10.40.40.2-10.40.40.254
add name=dhcp_pool2 ranges=10.99.99.2-10.99.99.254
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether3 pvid=30
add bridge=bridgeLocal comment=defconf interface=ether4 pvid=40
add bridge=bridgeLocal comment=defconf interface=ether5
/interface ethernet switch vlan
add independent-learning=no ports=ether5,ether3 switch=switch1 vlan-id=30
add independent-learning=no ports=ether5,ether4 switch=switch1 vlan-id=40
add comment="add wlan later to this switch since the guest does  not have any physical interface and only wlan" independent-learning=no ports=ether5 \
    switch=switch1 vlan-id=99
/interface list member
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=lte1 list=WAN
add interface=ether1 list=WAN
/interface wireless cap
# 
set bridge=bridgeLocal discovery-interfaces=bridgeLocal enabled=yes interfaces=wlan1,wlan2
/ip address
add address=10.30.30.1/24 interface=vlan30 network=10.30.30.0
add address=10.40.40.1/24 interface=vlan40 network=10.40.40.0
add address=10.99.99.1/24 interface=vlan99 network=10.99.99.0
/ip dhcp-client
add comment=defconf interface=bridgeLocal
add interface=ether1
/ip dhcp-server
add address-pool=dhcp_pool0 interface=vlan30 name=dhcp1
add address-pool=dhcp_pool1 interface=vlan40 name=dhcp2
add address-pool=dhcp_pool2 interface=vlan99 name=dhcp3
/ip dhcp-server network
add address=10.30.30.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.30.30.1
add address=10.40.40.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.40.40.1
add address=10.99.99.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.99.99.1
/ip firewall nat
add action=masquerade chain=srcnat
/system clock
set time-zone-name=Europe/Stockholm
/system note
set show-at-login=no
/system routerboard settings
set auto-upgrade=yes

Your VLANs are messed up and you are missing CAPsMAN configuration:

/interface bridge port
set [ find interface=ether3 ] pvid=1
set [ find interface=ether4 ] pvid=1

/interface vlan
set [ find interface=ether5 ] interface=bridgeLocal

/interface ethernet switch port
set 2 vlan-header=leave-as-is
set 3 vlan-header=leave-as-is
set 4 vlan-header=leave-as-is

/interface ethernet switch vlan
set [ find vlan-id=30 ] ports=ether5,ether3,switch1-cpu
set [ find vlan-id=40 ] ports=ether5,ether4,switch1-cpu
set [ find vlan-id=99 ] ports=ether5,switch1-cpu

/caps-man configuration
add channel.band=2ghz-onlyn name=master_24ghz security.authentication-types=wpa2-psk,wpa3-psk .passphrase=securepassword ssid=whatevernameyouwish
add channel.band=5ghz-only-ac name=master_50ghz security.authentication-types=wpa2-psk .passphrase=securepassword1 ssid=whatevernameyouwish1
add datapath.local-forwarding=yes .vlan-id=30 .vlan-mode=use-tag name=slave_24ghz_vip security.authentication-types=wpa2-psk .passphrase=securepassword2 ssid=vip24
add datapath.local-forwarding=yes .vlan-id=40 .vlan-mode=use-tag name=slave_24ghz_rmt security.authentication-types=wpa2-psk .passphrase=securepassword3 ssid=rmt24
add datapath.local-forwarding=yes .vlan-id=99 .vlan-mode=use-tag name=slave_24ghz_gst security.authentication-types=wpa2-psk .passphrase=securepassword4 ssid=gst24
add datapath.local-forwarding=yes .vlan-id=30 .vlan-mode=use-tag name=slave_50ghz_vip security.authentication-types=wpa2-psk .passphrase=securepassword5 ssid=vip50
add datapath.local-forwarding=yes .vlan-id=40 .vlan-mode=use-tag name=slave_50ghz_rmt security.authentication-types=wpa2-psk .passphrase=securepassword6 ssid=rmt50
add datapath.local-forwarding=yes .vlan-id=99 .vlan-mode=use-tag name=slave_50ghz_gst security.authentication-types=wpa2-psk .passphrase=securepassword7 ssid=gst50

/caps-man provisioning
add action=create-enabled master-configuration=master_24ghz slave-configurations=slave_24ghz_vip,slave_24ghz_rmt,slave_24ghz_vip
add action=create-enabled master-configuration=master_50ghz slave-configurations=slave_50ghz_vip,slave_50ghz_rmt,slave_50ghz_vip

/caps-man interface set enabled=yes

@TheCat12
The mix of your configuration my mine still does not work at all.
I mean connecting to the ether3,4,5 does not provide correct IP address according to their DHCP servers address pool
Let´s leave CAPS man aside .
Would you mind send a self sufficient minimum configuration for do following.
Using the Switch feature of the router have it configured as follows,

-1- ether 1 - reserved with DHCP client for future WAN connection.
-2- ether 2 - as separate isolated interface only and only be used for configuring the router (this interface) should only be used for configuring
the router and no other interfaces address 192.168.128.1 for the router and 192.128.128.2 for the connected PC, this interface
should not be connected to the internet
-3- lte1 - for should be used as WAN interface having DHCP client and share the internet between RMT,VIP

Now I would like the vlans to be configured as follows (using router board switch)
-a- ether3 - vlan30 with vlan_id:30 used for VIP getting the address in range 10.30.30.x/24, gateway 10.30.30.1 and dns 10.30.30.1/8.8.8.8/8.8.4.4
-b- ether4 - vlan40 used vlan_id:40 for RMT getting the address in range 10.40.40.x/24, gateway 10.40.40.1 and dns 10.40.40.1/8.8.8.8/8.8.4.4
-c- wlan1 - vlan99 used vlan_id:99 for GST getting the address in range 10.99.99.x/24, gateway 10.99.99.1 and dns 10.99.99.1/8.8.8.8/8.8.4.4
-d- ether5 - Trunk for all vlan30,vlan40,vlan99

Please note that all vlan30,vlan40,vlan99 should have access to the internet but they should be totally isolated from each other.

I presume following,
Attaching ethernet cable to ether2 gives a single ip address 192.168.128.2 to the PC and it should be used for configuring the Router with no internet.

Attaching ethernet cable to ether 3 gives a single ip address 10.30.30.X for the VIP and should provide internet to the client
Attaching ethernet cable to ether 4 gives a single ip address 10.40.40.Y for the RMT and should provide internet to the client
Connecting to the wlan1 ssid should give a singe ip address 10.99.99.Z for the GST and should provide internet to the client

I do not know what IP address would ether5 provide but that port should work as trunk for VIP,GST,RMT.
By the way all the VIP/GST/RMT should be isolated from each other.

Any explanation or scripts clarifying the setup is really appreciated.

Your configuration is a bit tricky bacause it is better to use the Switch menu for VLANs yet the wifi interfaces cannot be used in it because they are not physical ports. With respect to that the following should be done:

1. The VLAN interfaces should be assigned to the bridge itself and not the trunk port
2. The interfaces on which the DHCP servers should run are the VLAN interfaces
3. The wifi interfaces should somehow be added to the bridge (either through CAPsMAN or manually) and should have in their individual datapaths a respective VLAN ID
4. None of the bridge members should have a PVID because VLAN is managed by the switch
5. In the MikroTik documentation it is said that vlan-id=leave-as-is should be used in /interface ethernet switch port for Atheros8327 switch chip, like the one used in hAP ac²
6. The switch1-cpu should be a member of the VLANs in /interface ethernet switch vlan because the CPU handles the L3 part of the VLAN (DHCP)

For point 3 (the trickiest part of the configuration) please refer to the following topic:

http://forum.mikrotik.com/t/use-mikrotik-hap-ac3-as-combined-ap-switch/154808/1