Thank you both. I did this to myself. the devices at the VLAN IPs, are reached by 10.88.0.2, any return traffic they would be spitting out would be to that address NORMALLY, and the router knows about that subnet and would route the traffic back properly. This part helped, thanks for the explanation...

Like this? Forgive me if i'm totally wrong lol Thanks for the guess.

From my remote Wireguard peer: 10.3.88.254 - Windows Server - can ping - can RDP 10.3.88.246 - Win11 hyper-V host - can RDP (Win11 firewall blocks ping) 10.3.88.130 - Win 11 Hyper-V guest - can RDP (Win11 firewall blocks ping) 10.3.88.253 - Linux Hyper-v guest - can't ping, can't SSH. I can ping or ...

Ive found one other device on that subnet that isn't responding to pings over Wireguard but can be pinged from other local clients. It's also Linux OS. So, I can RDP into windows machines on the subnet and ping the Linux machines, but I can't ping them (or SSH) directly through Wireguard. I had the ...

I have converted from a FreshTomato router to Mikrotik and I'm working out some small issues. I have my Wireguard client set up to access any VLAN and the router management remotely. It's working except for a Hyper-V Linux VM. I can't connect to it through the tunnel and I can't ping it. I can RDP t...

Understood.

Thank you so much and especially adding the comments for context of what does what.

Like this? /ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid add action=accept chain=input c...

Okay I went through the guide again and left the /interface bridge port settings alone (all trunks, right?). I changed IP ranges which I think is arbitrary. I've added Wireguard and the mdns reflector. If I've done poorly, I can take it. Know that I have tried. :) I think whats most daunting to me i...

I did follow the guide. I just modified that section to make them access ports for testing and forgot to put it back. Thanks, I will correct that. Was anything else that obvious? The firewall? Thanks for catching that. I'm going to switch it back and test some more to make sure it works as expected....

I have this working I think. Thanks for the help! I used a Chromecast for testing by trying to cast from VLAN to VLAN. For anyone who finds this thread, or anyone who would review what I've done: I followed the VLAN sticky guide on this forum (https://forum.mikrotik.com/viewtopic.php?t=143620). Allo...

I followed this guide for VLANs: https://forum.mikrotik.com/viewtopic.php?t=143620 The firewall example in it is different from the firewall filters in the default config. I guess my question is, do I need any or all the stuff I've left out from the default? All seems to be working so far. Thanks fo...

Thanks so much. I'll make sure printing from a PC with a manually entered IP works across the VLANs in question first to confirm the routing is working, then I will dig into mDNS.

I realize I've missed a section from the guide. I'm starting over... again.

I tried to follow the guide but wanted to add another VLAN. I wanted each VLAN untagged as an access port on ether2-ether6 for testing. I wanted to leave ether7, ether8, and the sfp port as trunks for testing to my switches. Another change from the guide is that I wanted "work_VLAN" to be ...

Thank you for all the input. I was wondering how I was going to test it without using an actual printer and I wasn't aware of a 'multicast helper' so far.

Okay since posting I found this: https://forum.mikrotik.com/viewtopic.php?t=143620#p707000 I should make a vlan just for printers and devices that need to be used across vlans. And then this: https://forum.mikrotik.com/viewtopic.php?p=1087141&hilit=airprint#p1098128 Now there IS an mDNS repeater...

I'm setting up an RB5009 to replace a router with 'Freshtomato.' I have VLANS to isolate networks as follows. vlan1 = 10.1.0.0: default VLAN, home devices like TVs and phones. vlan2 = 10.2.0.0: business VLAN. Only business PCs, with printers. vlan3 = 10.3.0.0: Guest network - isolated from each othe...

I see. I can live without it working on T Mobile. My remote location will have Dynamic DNS with a public IP, so I was thinking a keepalive packet to that could allow me to establish a route?
That's the absolute least important part so I'll save that for last. Thank you for the input. I will be back!

Hello! Probable Mikrotik convert here. I have this home/office setup working with another brand but it just isn't as reliable as I would like. I expect to need help because I keep coming across examples that are outdated where the first comment is something like, "forget discover and mactel, th...