Thank you for the response and my apology for the late reply because I had to figure out first how to edit the text file. As requested here is the current configuration of the MT i am working with. I just edited/changed the IP addresses for security purposes and also removed the PPPoE Secrets and Hotspot Users.
Note: Firewall and Route entries were already set by the previous IT guy who initially configured the MT. It seems that he put some recursive routing for the failover but I just leave them as is because I don't have a full understanding yet on how recursive routing works. If you have a better recommendation, I am very much open.
# jun/24/2022 09:39:14 by RouterOS 6.48.3
#
# model = CCR1009-7G-1C-1S+
# serial number = XXXXXXXXXXXX
/interface bridge
add name="bridge-PPPoE - Ether"
add name=bridge-VLAN-21
add name=bridge-VLAN-22
add name=bridge-VLAN-23
/interface ethernet
set [ find default-name=combo1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full \
rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full disabled=yes \
name=ether1-VTT-DIA rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether2-VTT-DSL rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
ether3-PNT-DSL rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
"ether4 OLT 1 - Area1 " rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether5 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full name=\
"ether5-OLT 2 - Area2" rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether6 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full \
rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether7 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full,10000M-full \
loop-protect=on name="ether7 " rx-flow-control=auto tx-flow-control=auto
set [ find default-name=sfp-sfpplus1 ] advertise=\
1000M-full,2500M-full,5000M-full,10000M-full
/interface vlan
add interface="ether4 OLT 1 - Area1 " name=VLAN-21_eth4 vlan-id=21
add interface="ether5-OLT 2 - Area2" name=VLAN-21_eth5 vlan-id=21
add interface="ether4 OLT 1 - Area1 " name=VLAN-22_eth4 vlan-id=22
add interface="ether5-OLT 2 - Area2" name=VLAN-22_eth5 vlan-id=22
add interface="ether4 OLT 1 - Area1 " name=VLAN-23_eth4 vlan-id=23
add interface="ether5-OLT 2 - Area2" name=VLAN-23_eth5 vlan-id=23
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
add dns-name=wifi-hotspot-portal.net hotspot-address=192.168.21.1 login-by=\
http-chap,mac-cookie name="V21 - WIFI Hotspot Portal"
add dns-name=gaming.portal hotspot-address=192.168.22.1 html-directory=\
hotspot_ML login-by=http-chap,mac-cookie name=\
"V22 - Gaming Portal"
add dns-name=adventure-park.wifi hotspot-address=192.168.23.1 \
html-directory=hotspot_PARK login-by=http-chap,mac-cookie name=\
"V23 - Adventure Park WiFi"
add dns-name=wifi.hotspot hotspot-address=192.168.123.1 login-by=\
http-chap,mac-cookie name="WIFI Hotspot"
/ip hotspot user profile
add name=admin_test on-login=":put (\",,0,,,noexp,Disable,\")" parent-queue=\
none rate-limit="50M/50M 100M/100M 30/30" shared-users=4 \
transparent-proxy=yes
/ip pool
add name=HS-V21 ranges=192.168.21.2-192.168.21.254
add name=HS-V22 ranges=192.168.22.2-192.168.22.254
add name=HS-V23 ranges=192.168.23.2-192.168.23.254
add name=HS-NoVLAN-Pool ranges=192.168.123.100-192.168.123.254
/ip dhcp-server
add address-pool=HS-NoVLAN-Pool disabled=no interface="bridge-PPPoE - Ether" \
lease-time=1h name="dhcp1 - No VLAN"
add address-pool=HS-V21 disabled=no interface=bridge-VLAN-21 lease-time=\
1h name="dhcp2 - V21"
add address-pool=HS-V22 disabled=no interface=bridge-VLAN-22 lease-time=\
1h name="dhcp2 - V22"
add address-pool=HS-V23 disabled=no interface=bridge-VLAN-23 lease-time=\
1h name="dhcp2 - V23"
/ip hotspot
add address-pool=HS-V21 addresses-per-mac=1 disabled=no interface=\
bridge-VLAN-21 name="V21 - WIFI Hotspot Portal" profile=\
"V21 - WIFI Hotspot Portal"
add address-pool=HS-V22 addresses-per-mac=1 disabled=no interface=\
bridge-VLAN-22 name="V22 - Gaming Portal" profile=\
"V22 - Gaming Portal"
add address-pool=HS-V23 addresses-per-mac=1 disabled=no interface=\
bridge-VLAN-23 name="V23 - Adventure Park WiFi" profile=\
"V23 - Adventure Park WiFi"
add address-pool=HS-NoVLAN-Pool addresses-per-mac=1 disabled=no interface=\
"bridge-PPPoE - Ether" name="WIFI Hotspot Server" profile=\
"WIFI Hotspot"
/ip hotspot user profile
add address-pool=HS-NoVLAN-Pool name=EagleStore-30Mins-1M-burst-5M on-login=":\
put (\",ntfc,0,30m,5,,Enable,\"); {:local date [ /system clock get date ];\
:local year [ :pick \$date 7 11 ];:local month [ :pick \$date 0 3 ];:local\
\_comment [ /ip hotspot user get [/ip hotspot user find where name=\"\$use\
r\"] comment]; :local ucode [:pic \$comment 0 2]; :if (\$ucode = \"vc\" or\
\_\$ucode = \"up\" or \$comment = \"\") do={ /sys sch add name=\"\$user\" \
disable=no start-date=\$date interval=\"30m\"; :delay 2s; :local exp [ /sy\
s sch get [ /sys sch find where name=\"\$user\" ] next-run]; :local getxp \
[len \$exp]; :if (\$getxp = 15) do={ :local d [:pic \$exp 0 6]; :local t [\
:pic \$exp 7 16]; :local s (\"/\"); :local exp (\"\$d\$s\$year \$t\"); /ip\
\_hotspot user set comment=\$exp [find where name=\"\$user\"];}; :if (\$ge\
txp = 8) do={ /ip hotspot user set comment=\"\$date \$exp\" [find where na\
me=\"\$user\"];}; :if (\$getxp > 15) do={ /ip hotspot user set comment=\$e\
xp [find where name=\"\$user\"];}; /sys sch remove [find where name=\"\$us\
er\"]; :local mac \$\"mac-address\"; :local time [/system clock get time ]\
; /system script add name=\"\$date-|-\$time-|-\$user-|-0-|-\$address-|-\$m\
ac-|-30m-|-EagleStore-30Mins-1M-burst-5M-|-\$comment\" owner=\"\$month\$ye\
ar\" source=\$date comment=mikhmon; [:local mac \$\"mac-address\"; /ip hot\
spot user set mac-address=\$mac [find where name=\$user]]}}" \
parent-queue=none rate-limit="1M/1M 5M/5M 512k/512k 60/60"
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge="bridge-PPPoE - Ether" comment="olt Area1" frame-types=\
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
"ether4 OLT 1 - Area1 "
add bridge="bridge-PPPoE - Ether" comment="olt Area2" frame-types=\
admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=\
"ether5-OLT 2 - Area2"
add bridge="bridge-PPPoE - Ether" interface=ether6
add interface="ether7 "
add bridge="bridge-PPPoE - Ether" interface=combo1
add bridge=bridge-VLAN-21 frame-types=admit-only-vlan-tagged \
ingress-filtering=yes interface=VLAN-21_eth4 pvid=21
add bridge=bridge-VLAN-22 frame-types=admit-only-vlan-tagged \
ingress-filtering=yes interface=VLAN-22_eth4 pvid=22
add bridge=bridge-VLAN-23 frame-types=admit-only-vlan-tagged \
ingress-filtering=yes interface=VLAN-23_eth4 pvid=23
add bridge=bridge-VLAN-21 frame-types=admit-only-vlan-tagged \
ingress-filtering=yes interface=VLAN-21_eth5 pvid=21
add bridge=bridge-VLAN-22 frame-types=admit-only-vlan-tagged \
ingress-filtering=yes interface=VLAN-22_eth5 pvid=22
add bridge=bridge-VLAN-23 frame-types=admit-only-vlan-tagged \
ingress-filtering=yes interface=VLAN-23_eth5 pvid=23
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface detect-internet
set detect-interface-list=all
/interface pppoe-server server
add disabled=no interface="bridge-PPPoE - Ether" service-name=WIFI
/ip accounting
set account-local-traffic=yes
/ip address
add address=111.111.122.122/30 interface=ether1-VTT-DIA network=\
111.111.122.120
add address=111.111.121.90/30 interface=ether2-VTT-DSL network=111.111.121.88
add address=10.50.10.1/23 interface="bridge-PPPoE - Ether" network=10.50.10.0
add address=192.168.1.81/24 interface=ether3-PNT-DSL network=192.168.1.0
add address=192.168.21.1/24 interface=bridge-VLAN-21 network=192.168.21.0
add address=192.168.22.1/24 interface=bridge-VLAN-22 network=192.168.22.0
add address=192.168.23.1/24 interface=bridge-VLAN-23 network=192.168.23.0
add address=192.168.123.1/24 interface="bridge-PPPoE - Ether" network=\
192.123.188.0
/ip dhcp-client
add add-default-route=no disabled=no interface=ether3-PNT-DSL
/ip dhcp-server network
add address=192.168.21.0/24 comment="hotspot network" gateway=192.168.21.1
add address=192.168.22.0/24 comment="hotspot network" gateway=192.168.22.1
add address=192.168.23.0/24 comment="hotspot network" gateway=192.168.23.1
add address=192.123.188.0/24 comment="hotspot network" gateway=192.123.188.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=10.50.10.0/24 list=VIP
add address=10.50.11.0/24 list=NORMAL
add address=10.50.12.0/24 list=MED
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
/ip firewall mangle
add action=mark-routing chain=prerouting comment=VTT-DIA_VIP \
new-routing-mark=to-gw1 passthrough=no src-address-list=VIP
add action=mark-routing chain=prerouting comment=VTT_DSL new-routing-mark=\
to-gw2 passthrough=no src-address-list=MED
add action=mark-routing chain=prerouting comment="PNT-DSL_NORMAL " \
new-routing-mark=to-gw3 passthrough=no src-address-list=NORMAL
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="VTT DIA" out-interface=\
ether1-VTT-DIA
add action=masquerade chain=srcnat out-interface=ether2-VTT-DSL
add action=masquerade chain=srcnat out-interface=ether3-PNT-DSL
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=10.50.10.0/23
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.22.2.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.22.2.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.4.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=10.50.10.0/23
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=10.50.10.0/23
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.21.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.22.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.23.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.21.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.21.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.21.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.22.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.23.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.21.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.22.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.23.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.123.0/24
/ip hotspot user
add name=admin
add limit-uptime=2m name=TEST profile=admin_test
/ip route
add comment="ISP1 route" distance=1 gateway=8.8.8.8 routing-mark=to-gw1 \
scope=10
add comment="ISP2 route" distance=1 gateway=10.2.2.2 routing-mark=to-gw2 \
scope=10
add comment="ISP3 route" distance=1 gateway=208.67.222.222 routing-mark=\
to-gw3 scope=10
add comment="default route ISP1" distance=1 gateway=8.8.8.8 scope=10
add comment="failover route ISP2" distance=2 gateway=10.2.2.2 scope=10
add comment="failover route ISP3" distance=3 gateway=8.8.4.4 scope=10
add comment="monitoring ip ISP2" distance=1 dst-address=1.1.1.1/32 gateway=\
111.111.121.89 scope=10
add check-gateway=ping comment="virtual route ISP1" distance=1 dst-address=\
8.8.8.8/32 gateway=9.9.9.9 scope=10
add comment="monitoring ip ISP3" distance=1 dst-address=8.26.56.26/32 \
gateway=192.168.1.1 scope=10
add comment="monitoring ip ISP1" distance=1 dst-address=9.9.9.9/32 gateway=\
111.111.122.121 scope=10
add check-gateway=ping comment="virtual route ISP2" distance=1 dst-address=\
10.2.2.2/32 gateway=1.1.1.1 scope=10
add check-gateway=ping comment="virtual route ISP3" distance=1 dst-address=\
208.67.222.222/32 gateway=8.26.56.26 scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
/lcd
set backlight-timeout=5m color-scheme=dark default-screen=interfaces \
read-only-mode=yes time-interval=hour
/lcd interface
set "ether5-OLT 2 - Area2" timeout=30s
/ppp profile
add local-address=10.50.10.1 name="10mbps up to 15 mbps" rate-limit=\
"8M/7M 13M/12M 8M/8M 200/200 8 9M/9M" remote-address=*1
add local-address=10.50.11.1 name="20mbps up to 30mbps" rate-limit=\
"25M/25M 28M/29M 25M/25M 200/200 8 25M/25M" remote-address=*1
/ppp secret
add comment=Dok local-address=10.50.12.1 name=Antonio profile=\
"10mbps up to 15 mbps" remote-address=10.50.12.187 service=pppoe
add comment="Coffee Shop" local-address=10.50.11.1 name=SM_231 profile=\
"10mbps up to 15 mbps" remote-address=10.50.11.231 service=pppoe
add local-address=10.50.10.1 name=SM_242 profile="10mbps up to 15 mbps" \
remote-address=10.50.10.242 service=pppoe
add local-address=10.50.11.1 name="Branch Tower" profile=\
"20mbps up to 30mbps" remote-address=10.50.11.252 service=pppoe
/system clock
set time-zone-name=XXXXXXX
/system identity
set name=XXXXXXX
/system logging
add action=disk prefix=-> topics=hotspot,info,debug
/system ntp client
set enabled=yes primary-ntp=192.168.92.1
/system scheduler
add comment="Monitor Profile TEST_time_limit" interval=2m40s name=\
TEST_time_limit on-event=":local dateint do={:local montharray ( \"jan\",\
\"feb\",\"mar\",\"apr\",\"may\",\"jun\",\"jul\",\"aug\",\"sep\",\"oct\",\"\
nov\",\"dec\" );:local days [ :pick \$d 4 6 ];:local month [ :pick \$d 0 3\
\_];:local year [ :pick \$d 7 11 ];:local monthint ([ :find \$montharray \
\$month]);:local month (\$monthint + 1);:if ( [len \$month] = 1) do={:loca\
l zero (\"0\");:return [:tonum (\"\$year\$zero\$month\$days\")];} else={:r\
eturn [:tonum (\"\$year\$month\$days\")];}}; :local timeint do={ :local ho\
urs [ :pick \$t 0 2 ]; :local minutes [ :pick \$t 3 5 ]; :return (\$hours \
* 60 + \$minutes) ; }; :local date [ /system clock get date ]; :local time\
\_[ /system clock get time ]; :local today [\$dateint d=\$date] ; :local c\
urtime [\$timeint t=\$time] ; :foreach i in [ /ip hotspot user find where \
profile=\"TEST_time_limit\" ] do={ :local comment [ /ip hotspot user get \
\$i comment]; :local name [ /ip hotspot user get \$i name]; :local gettime\
\_[:pic \$comment 12 20]; :if ([:pic \$comment 3] = \"/\" and [:pic \$comm\
ent 6] = \"/\") do={:local expd [\$dateint d=\$comment] ; :local expt [\$t\
imeint t=\$gettime] ; :if ((\$expd < \$today and \$expt < \$curtime) or (\
\$expd < \$today and \$expt > \$curtime) or (\$expd = \$today and \$expt <\
\_\$curtime)) do={ [ /ip hotspot user set limit-uptime=1s \$i ]; [ /ip hot\
spot active remove [find where user=\$name] ];}}}" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=jun/01/2022 start-time=01:30:40
/tool sniffer
set memory-limit=1000KiB