Hi folks, welcome to the fray!

[ Need Help Starting To Config Your Router go to this link - viewtopic.php?t=182373 ]

Need Help Creating The Perfect Post To Get Assistance!

This article is designed to get you to the point where you can provide a coherent request for support. No one will be able to resist well articulated and described issues! Avoid being this person.... https://xyproblem.info/

NEW USER APPROACH ---> Each line in a configuration has a story. The story has to make sense in context of being within a Book. The Book provides the context, the subject matter, diagrams, and the user requirements.
TRUTH: Working on a config without knowing the book is a waste of time!
FACT: The config is just the implementation of the Book and is the last step!

Step1: Provide a network diagram of your setup with enough detail so that the subnets (vlans), devices and their relationships are clearly established. If able, on the same, or perhaps separate diagram indicate the purpose of each port on your device. The mikrotik configuaration is simply implementing the Book.

NETWORK DIAGRAM APPS:
https://nulab.com/cacoo/
https://online.visual-paradigm.com/diag ... -software/
https://www.lucidchart.com/pages/
https://drawio-app.com/product/
https://www.diagrams.net/ (its older sibling soon to be discontinued https://drawio-app.com/product/)
( Other links for diagrams.net - https://www.youtube.com/watch?v=P3ieXjI7ZSk & https://www.youtube.com/watch?v=mpF1i9sfEJ0 )
https://sourceforge.net/projects/dia-installer/
https://www.yworks.com/products/yed (and icons for yed --> https://github.com/danger89/yEd_cisco_network_icons )
https://www.libreoffice.org/discover/draw/

http://kilievich.com/fpinger/ - has a simple drawing program but not its main intent.

Step2: Provide your latest working config. This is done by going to your winbox menu and selecting the TERMINAL menu selection. At the command prompt enter the following:
VERS7 : /export file=anynameyouwish ( minus router serial# and any public WANIP information )
VERS6: /export hide-sensitive file=anynameyouwish ( minus router serial# and any public WANIP information )

Then go to FILES in winbox and download ( right click ) the filename to your PC. Use NOTEPAD++ to open and make any changes to the file required. Then paste in the forum thread and use the code blocks to encapsulate the configuration ( see black square and white brackets in the same line as B and U ).

Note 1: In software vers 7 'hide-sensitive' is no longer required .
Note 2: Why serial # - If one uses cloud functionality (under /ip cloud), specially if ddns-enabled is set to yes, then a DNS entry in form <serial_number>.sn.mynetname.net will appear. So if somebody posts config which is a good example of misconfigured firewall, an attacker would have pretty easy task to compromise that device (before owner/admin could fix the problems). Hence advice to redact serial number when posting full config.

After that go to your FILES menu selection and locate the file name. A right click and download to your desktop. Open in notepad++ and copy and paste into your thread. Note, please use the CODE icons ( black square with white square brackets - on the same line as Bold Underline etc.. ) to select the text and apply the functionality. There may be some additional requests to see jpegs of your winbox screen etc, but that will be specifically asked for during assistance.

Caution: Ensure any actual Public IP or Public Gateway IP, if found in the config, is removed or replaced with fake numbers or syntax like x.x.x.x ! Also be sure to remove the router serial number.

Step3: Now that you have given us the the complete facts of your config (and not snippets please), it is time to communicate what you would like to accomplish with your config. Yes, you heard right, we dont want to hear about the issue just yet, but instead we want to know what you are trying to accomplish that is being thwarted by the config or the lack of knowledge on MT RoS.

***** List the user requirements/use cases: (user includes the admin!)
- what you want your user or groups of users, or devices or groups of devices, to be able to do
- what you want your user or groups of users, or devices or groups of devices, to be blocked from doing
- what are the controls and functionality you wish the router to provide

***** HINT: There should be NO mention of the config or config parameters in the use cases. This is strictly descriptions of the ability for users/devices to conduct their work or normal activities. What is that work or activity that they must be able to perform.

Step4: Finally, now is the time to state what is NOT working. This includes what issues you may be seeing on the config of the router; what traffic flow is not occurring that should be occurring or that you wish to occur; or simply that you are stumped as to what to do next on the config. Provide sufficient detail so that you can be understood.

Note: If english is not your primary language be sure to use google translate or similar to provide a full translated description!

WHAT TO AVOID - THE XY FACTOR --> https://xyproblem.info/

HINT: DONT use quickset to configure the router, if you use it to set an initial mode of the router (like WISP for wifi router or ap), NEVER touch it again for config purposes.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Few more tips:

Details are important!

Wrong: I want to access my NAS in VLAN 10 from PC in VLAN 20, but it doesn't work. And you have several firewall rules with different conditions for IP addresses, so someone can have "fun" guessing what rules apply and what don't.
Correct: I want to access my NAS (192.168.30.10) in VLAN 10 from PC (192.168.40.50) in VLAN 20. I tried ping and it worked, but I can not access shared folders from Windows (and because I'm clever user, I also know for sure that it's standard SMB prococol). Much better.

If you want to keep some info private (IP adresses, etc), do not make a mess of it

Wrong: Silently remove some parts of config, because you think they are not important. If you knew for sure, you wouldn't be asking here (there may be some exceptions).
Correct: Write what you removed (e.g. DHCP leases). At least we will know that something may be there.

Wrong: My PC is 10.x.x.x.
Correct: My PC is 10.11.12.13. It's private (= non-public and non-unique) address, there's no need to hide it.

Wrong: My first WAN has x.x.x.x and second WAN has x.x.x.x. Best combined with firewall rules with dst-address=x.x.x.x.
Correct: My first WAN has x.x.x.2/30 (static) and second WAN has y.y.y.17/24 (DHCP). We can tell them apart, and it's also clear that it's two different networks.
Correct: My first WAN has 23.x.x.2/30 (static) and second WAN has 13.x.x.17/24 (DHCP). Also clear, and as a bonus, we're sure that those are public addresses.

Wrong: I have 2001:xxxx:xxxx:xxxx::2/64 on WAN and 2001:xxxx:xxxx:xxxx::1/64 on LAN.
Correct: I have 2001:xxxx:xxxx:yyyy::2/64 on WAN and 2001:xxxx:xxxx:zzzz::1/64 on LAN. It's important to show that some parts (yyyy and zzzz) are different.

Learn about public addresses

If it's 10.x.x.x, 100.64-127.x.x, 172.16-31.x.x, 192.168.x.x, it's not public and has limited use, access from internet may be a problem (there's still some hope if ISP forwards ports to you, as NAT 1:1 or otherwise).

Share original instructions, if you got some

Wrong: I did this and that, but it doesn't work.
Correct: This is what I got from ISP: <some things to configure>. I then did this and that, but it doesn't work. Of course it doesn't, when you completely misunderstood what should be done.

Versions matter

There are significant differences not only between RouterOS v6 and v7, but sometimes also between minor versions. Knowing what you use can help a lot.

All good, which should prompt me to give an example at the end of the post!

Because some people don't know how to open a new topic, here is how with screenshots.

From Forum index, choose the category your question fits in. It will probably be "Beginner Basics"
Then click the New Topic button.