followed this config but still I don't have internet connection on my vlans is there any issue with my NAT settings?
/interface bridge
add admin-mac=DC:2C:6E:66:2F:C2 auto-mac=no comment=defconf name=bridge
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether2 name=pppoe-PLDT02 user=CAAP501-042022-19433
add add-default-route=yes disabled=no interface=ether1 name=pppoe-PLDT03 user=CAAP501-042022-19205
add add-default-route=yes disabled=no interface=ether3 name=pppoe-PLDT04 user=CAAP501-042022-19028
/interface vlan
add interface=bridge name=BIO_VLAN100 vlan-id=100
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=172.16.1.100-172.16.3.200
add name=VLAN100_POOL ranges=192.168.1.200-192.168.1.220
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=1d name=defconf
add address-pool=VLAN100_POOL interface=BIO_VLAN100 lease-time=1d name=VLAN100_POOL
/queue simple
add limit-at=200M/200M max-limit=200M/200M name=ADMIN_NETWORK target=172.16.0.0/22
add limit-at=10M/10M max-limit=10M/10M name=queue1 target=ether7
add comment="dotr router" limit-at=15M/15M max-limit=15M/15M name=Day_DOTR_ROUTER parent=ADMIN_NETWORK target=172.16.1.215/32
add comment="dotr router" disabled=yes limit-at=100M/100M max-limit=100M/100M name=Night_DOTR_ROUTER parent=ADMIN_NETWORK target=172.16.1.215/32
add limit-at=30M/30M max-limit=30M/30M name=ADMIN_SERVER parent=ADMIN_NETWORK target=172.16.1.110/32
add limit-at=150M/150M max-limit=150M/150M name=ADMIN_IT parent=ADMIN_NETWORK target=172.16.0.169/32
add name=queue3 parent=ADMIN_NETWORK target=172.16.0.94/32
add comment=REDFORD limit-at=5M/5M max-limit=5M/5M name=REDFORD parent=ADMIN_NETWORK target=172.16.1.135/32
add comment="UNREGISTERED ROUTER ANS" limit-at=15M/15M max-limit=15M/15M name=queue2 parent=ADMIN_NETWORK target=172.16.1.244/32
add comment="UNREGISTERED EXTENDER FIRE" limit-at=5M/5M max-limit=5M/5M name=FIRE_WIFI_OFFICE_DAY parent=ADMIN_NETWORK target=172.16.2.157/32
add comment="UNREGISTERED EXTENDER FIRE" disabled=yes limit-at=512k/512k max-limit=512k/512k name=FIRE_WIFI_OFFICE_NIGHT parent=ADMIN_NETWORK target=172.16.2.157/32
add comment=Quarters limit-at=25M/25M max-limit=25M/25M name=Quarters parent=ADMIN_NETWORK target=172.16.1.229/32
add comment=Quarters disabled=yes name=Quarters_night parent=ADMIN_NETWORK target=172.16.1.229/32
add limit-at=35M/35M max-limit=35M/35M name="ATC CPE" parent=ADMIN_NETWORK target=172.16.0.230/32
/routing table
add disabled=no fib name=TO_WAN2
add disabled=no fib name=TO_WAN3
add disabled=no fib name=TO_WAN4
add disabled=no fib name=TO_WAN_VLAN100
/interface bridge port
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=sfp-sfpplus1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes forward=no
/interface bridge vlan
add bridge=bridge tagged=ether8,bridge vlan-ids=100
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=pppoe-PLDT03 list=WAN
add interface=pppoe-PLDT02 list=WAN
add interface=pppoe-PLDT04 list=WAN
/ip address
add address=172.16.0.1/22 comment=defconf interface=bridge network=172.16.0.0
add address=192.168.1.1/24 interface=BIO_VLAN100 network=192.168.1.0
/ip dhcp-client
add comment=defconf disabled=yes interface=ether1
/ip dhcp-server lease
add address=172.16.0.169 client-id=1:d8:5e:d3:32:35:21 mac-address=D8:5E:D3:32:35:21 server=defconf
add address=172.16.0.150 client-id=1:b0:95:75:ee:10:45 comment=CAAM_EXTENDER mac-address=B0:95:75:EE:10:45 server=defconf
add address=172.16.0.200 client-id=1:b0:95:75:d2:eb:78 comment=LEGAL_EXTENDER mac-address=B0:95:75:D2:EB:78 server=defconf
add address=172.16.0.201 client-id=1:b0:95:75:d2:d5:8d comment=HR_EXTENDER mac-address=B0:95:75:D2:D5:8D server=defconf
add address=172.16.1.215 client-id=1:e8:48:b8:f8:43:20 comment="DOTR ARCHER" mac-address=E8:48:B8:F8:43:20 server=defconf
add address=172.16.1.110 client-id=1:6c:b:84:c:aa:7 comment="ADMIN SERVER" mac-address=6C:0B:84:0C:AA:07 server=defconf
add address=172.16.1.195 client-id=1:b8:3b:cc:32:ac:c0 comment=yao mac-address=B8:3B:CC:32:AC:C0 server=defconf
add address=172.16.0.203 client-id=1:b0:95:75:ee:22:42 comment="TERMINAL EXTENDER" mac-address=B0:95:75:EE:22:42 server=defconf
add address=172.16.1.135 client-id=1:26:8f:40:f9:5d:f2 comment="cctv ops" mac-address=26:8F:40:F9:5D:F2 server=defconf
add address=172.16.1.229 client-id=1:c0:c9:e3:b5:1e:25 comment="MANAGER WIFI" mac-address=C0:C9:E3:B5:1E:25 server=defconf
add address=172.16.0.230 client-id=1:58:d9:d5:c:c7:22 comment="ATS CPE" mac-address=58:D9:D5:0C:C7:22 server=defconf
add address=172.16.0.10 client-id=1:54:af:97:eb:d3:a5 comment="TPLINK CONTOLLER" mac-address=54:AF:97:EB:D3:A5 server=defconf
add address=172.16.2.3 client-id=1:34:60:f9:2c:7e:68 comment="VIP LOUNGE " mac-address=34:60:F9:2C:7E:68 server=defconf
add address=172.16.1.244 client-id=1:d8:5d:4c:d9:5c:ab comment="ANS ROUTER" mac-address=D8:5D:4C:D9:5C:AB server=defconf
add address=172.16.2.157 client-id=1:b0:95:75:d2:d0:7e comment="UNREGISTERED EXTENDER fire" mac-address=B0:95:75:D2:D0:7E server=defconf
add address=172.16.2.176 client-id=1:28:ee:52:64:fd:7b comment="ATC CAB ROUTER" mac-address=28:EE:52:64:FD:7B server=defconf
add address=172.16.2.184 client-id=1:a4:d7:3c:81:d8:a3 comment="HR WIFI PRINTER" mac-address=A4:D7:3C:81:D8:A3 server=defconf
add address=172.16.2.188 client-id=1:e8:48:b8:f8:3f:77 comment="PTB ARCHER" mac-address=E8:48:B8:F8:3F:77 server=defconf
/ip dhcp-server network
add address=172.16.0.0/22 comment=defconf dns-server=172.16.0.1,1.1.1.1,8.8.8.8 gateway=172.16.0.1 netmask=22
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8
/ip dns static
add address=172.16.0.1 comment=defconf name=router.lan
add address=192.168.1.1 comment=defconf disabled=yes name=router.vlan100
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=forward comment="VLAN 100" disabled=yes in-interface=BIO_VLAN100 out-interface-list=WAN
/ip firewall mangle
add action=accept chain=prerouting in-interface=pppoe-PLDT02
add action=accept chain=prerouting in-interface=pppoe-PLDT04
add action=accept chain=prerouting in-interface=pppoe-PLDT03
add action=mark-connection chain=prerouting dst-address-type=local new-connection-mark=WAN02_CONN passthrough=yes per-connection-classifier=both-addresses-and-ports:3/0 src-address=172.16.0.0/22
add action=mark-connection chain=prerouting dst-address-type=local new-connection-mark=WAN04_CONN passthrough=yes per-connection-classifier=both-addresses-and-ports:3/2 src-address=172.16.0.0/22
add action=mark-connection chain=prerouting disabled=yes dst-address-type=local new-connection-mark=VLAN100_WAN passthrough=yes per-connection-classifier=both-addresses-and-ports:1/1 src-address=192.168.1.0/24
add action=mark-connection chain=prerouting dst-address-type=local new-connection-mark=WAN03_CONN passthrough=yes per-connection-classifier=both-addresses-and-ports:3/1 src-address=172.16.0.0/22
add action=mark-routing chain=prerouting connection-mark=WAN02_CONN new-routing-mark=TO_WAN2 passthrough=yes src-address=172.16.0.0/22
add action=mark-routing chain=prerouting connection-mark=WAN04_CONN new-routing-mark=TO_WAN4 passthrough=yes src-address=172.16.0.0/22
add action=mark-routing chain=prerouting connection-mark=VLAN100_WAN disabled=yes new-routing-mark=TO_WAN_VLAN100 passthrough=yes src-address=192.168.1.0/24
add action=mark-routing chain=prerouting connection-mark=WAN03_CONN new-routing-mark=TO_WAN3 passthrough=yes src-address=172.16.0.0/22
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat out-interface=pppoe-PLDT02 src-address=172.16.0.0/22
add action=masquerade chain=srcnat out-interface=pppoe-PLDT04 src-address=172.16.0.0/22
add action=masquerade chain=srcnat out-interface=pppoe-PLDT03 src-address=172.16.0.0/22
add action=masquerade chain=srcnat out-interface=pppoe-PLDT02 src-address=192.168.1.0/24
/ip route
add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=pppoe-PLDT02 pref-src=0.0.0.0 routing-table=TO_WAN2 scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=pppoe-PLDT03 pref-src=0.0.0.0 routing-table=TO_WAN3 scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=yes distance=1 dst-address=0.0.0.0/0 gateway=pppoe-PLDT04 pref-src=0.0.0.0 routing-table=TO_WAN4 scope=30 suppress-hw-offload=no target-scope=10
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/ipv6 nd
set [ find default=yes ] disabled=yes
/system clock
set time-zone-name=Asia/Manila
/system scheduler
add disabled=yes interval=1d name=Night on-event=Night policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jul/20/2022 start-time=18:00:00
add disabled=yes interval=1d name=Day on-event=Day policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jul/20/2022 start-time=06:00:00
add interval=1d name=Quarters_day on-event=Quarters_day policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jul/20/2022 start-time=06:00:00
add interval=1d name=Quarters_night on-event=Quarters_night policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jul/20/2022 start-time=18:00:00
add interval=1d name="FIRE DAY" on-event=FIRE_DAY policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jul/20/2022 start-time=06:00:00
add interval=1d name=FIRE_NIGHT on-event=FIRE_NIGHT policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=jul/20/2022 start-time=18:00:00
/system script
add dont-require-permissions=yes name=Day owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/queue simple\r\
\nenable Day_DOTR_ROUTER\r\
\ndisable Night_DOTR_ROUTER"
add dont-require-permissions=yes name=Night owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/queue simple\r\
\ndisable Day_DOTR_ROUTER\r\
\nenable Night_DOTR_ROUTER"
add dont-require-permissions=yes name=Quarters_day owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/queue simple\r\
\nenable Quarters\r\
\ndisable Quarters_night"
add dont-require-permissions=yes name=Quarters_night owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/queue simple\r\
\ndisable Quarters\r\
\nenable Quarters_night"
add dont-require-permissions=yes name=FIRE_DAY owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/queue simple\r\
\nenable FIRE_WIFI_OFFICE_DAY\r\
\ndisable FIRE_WIFI_OFFICE_NIGHT"
add dont-require-permissions=yes name=FIRE_NIGHT owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/queue simple\r\
\nenable FIRE_WIFI_OFFICE_NIGHT\r\
\ndisable FIRE_WIFI_OFFICE_DAY"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN