Hi,
I got my first mikrotik last week and been preparing it for the house we'll get access to next week. I also installed proxmox last night on an old miniPC I had laying around specifically to solve this problem. So newbie mikrotik, newbie proxmox. That said..I have this mostly working.
I have avahi running on an LXC container(alpine base) ontop of proxmox.
How i'd triage this myself..(Assuming you don't have things locked down with filters)
Start avahi daemon manually what is the output? You should see the respective vlans/subnets during startup. If you do not, probably something wrong in proxmox/mikrotik or both. Share this output if unsure.
If using DHCP, does avahai have a lease in each vlan? (/ip/dhcp-server/lease/print)
What is output of 'ip addr', do you see an IP for each vlan you expect? Either from DHCP or static?
Can you reach the respective IP in each respective vlan?
Add logging to any 'drop' rules on your FW filter and test. Are you getting drops from the non IOT vlan towards it? or vice versa?
Bit detail on my setup..
WAN->CCR2004 -> Ether7(wired) -> MiniPC(proxmux) -> LXC Alpine+Avahi installed
On the CCR Ether7 is in a bridge with all other non-wan ports. Including two ports for Wireless APs where the google casts devices live.
General, Guest, and IOT Vlans available on Wifi. Services Vlan only on wired.
Under bridge, vlans in the CCR. Ether7 is part tagged for the respective vLans.
On proxmox I created by vmbr.XX for the respected vLans, with only gateway being set on the services vlan. No IP or GW on vmbr.
In proxmox these interfaces are 'Vlan Aware'.
On the container network, I added the additional interfaces and populated the vlan ID for the vlans which needed to see the devices.
Avahi itself I only enabled the reflector, the rest is stock. The container itself shows the interfaces+IPs on the respective vlans I need mDns present.
What works vs not
I see all the devices (Chromecast, google audio cast, google homes, etc.)
I do not see any of the 'rooms' I have configured. (Kitchen, Living room, etc). I am currently triaging this which led me to this thread. I saw you recently posted and thought i'd try to help you atleast achieve the 1st one
Issues I had..
My proxmox is a single node on a single ethernet port. I needed this port to be tagged traffic. Default proxmox configures IP on the bridge itself without any vlans.
Adding the port which proxmox is connected as tagged for respective vlans would give me access to a container/allow the container to get a DHCP lease but i'd lose admin/node access to proxmox. Leaving the port untagged on a given vlan meant the container would not have access but I could reach proxmox node itself.
Fix is to create the respective vLans on the node itself then add the port to the respective vlans it needs access on. Both the proxmox node itself, and the container/VM you are running.
This all 'makes sense' network/mikrotik wise -- just highlighting the main 'hiccup' from plug'n'play I had.
This video does a good job on the proxmox side if you are unsure -
https://www.youtube.com/watch?v=ljq6wlzn4qo&t=1407s
On the mikrotik side, you add your respective ports to the vlans under /interface/bridge/vlans. Adding/Removing ether7 below is what would cause my chicken/egg scenario with 'default' proxmox install to configure the vmbr itself with an IP.
1 bridge=local vlan-ids=30 tagged=local,ether10,ether12,ether7 untagged="" current-tagged=local,ether10,ether7 current-untagged=ether4
2 bridge=local vlan-ids=40 tagged=local,ether10,ether12,ether7 untagged="" current-tagged=local,ether10,ether7 current-untagged=""
3 bridge=local vlan-ids=199 tagged=local,ether10,ether12,ether7 untagged="" current-tagged=local,ether10,ether7 current-untagged=ether6
vlan 40 is 'guest'. Ether10/12 are APs, Ether7 is Proxmox
vlan 199 is 'iot' (where devices live).
Ether4 is direct to my desktop (access port) and therefore wired/untagged.
Ether6 is a TV box(Chromecast built in) and also wired/untagged.