In another post I learned how to split wan traffic based on LAN address.
Now, after some test, I would like this configuration.
1 - LAN with cabled PC
2 - LAN with cabled servers
3 - WLAN with tablets, phones, a couple of laptop and my 2 WiFi printers.
I thought to give 192.168.10.0/24 to 1st LAN, .20.0/24 to 2nd LAN and .30.0/24 to 3rd.
The problema is that I have broadcast packets that I need to be visible from all of the networks.
I.E My WLAN printer sends broadcast packets to be found. So I cannot access it from my cabled PC.
Same for my Google Home that is not seen by my PCs.
Changing mask from 255.255.255.0 to 255.255.0.0 would solve the problem?
Any other idea?
Should I rethink my network?
NOTE: I use 3 LAN because each one access the Internet thru it’s WAN.
TIA
Luca
One of basic reasons to segment a LAN into multiple (smaller) LANs is to block broadcasts. The rest (control of unicast connectivity between different LANs) is add-on function.
So if you really want to use different WAN links for different classes of devices, you can still have all devices in same subnet, assign them with static IP addresses (static DHCP lease) and group IP addresses so that you can do policy-based routing for WAN access based on device IP address groups.
Another possibility, which is not trivial on Mikrotik (but may be easier when using devices by more consumer-oriented vendors), is to have multiple LANs and run a sort of mDNS relay on router (or another device which has access to all subnets).
Thanks for your answer.
One of the main problem is that I have like 80 devices (including all of the IOT apparels), so 80 reservation is a pain.
Bit it’s still a good idea.
Do you think that changing subnet would not be useful?
I did not understand the mDNS relay usage.
Thx
Luca
If you put all 3 gateways on the mikrotik the networks can see each other unless you have a firewall with rule to prevent it
Put 192.168.10.1/24, 192.168.20.1/24 & 192.168.30.1/24 on 3 tik interfaces and see what happens 
If you src-nat or masquerade each network to the internet interface each network will also have internet access and what you are trying to do will natively happen.
Blocking LAN to LAN access actually requires firewall rules to stop what you want happening.
You are possibly getting confused when you have the lan gateways on different routers then you need to provide static routes to have the LAN to LAN com.
Not really. Yes it will take you more than 5 minutes, but it’s not hard to do. Assuming that for the most part it’s the same devices, each one only takes a couple seconds to give it a DHCP reservation - a little longer if you add a comment of what that particular device is (I do). I have over 250 DHCP reservations in my RB4011 on a bunch of different LANs. A bunch of those are the same device on different LANs. For example, my laptop may appear on any of my LANs (depending on what I am testing), so there is a DHCP reservation for the laptop wired and WiFi MACs on every single LAN (obviously the WiFi MAC is only on the LANs that have WiFi). I have two IoT LANs and every IoT device (about 60 devices) has a reservation on both IoT LANs. Every single device that is known has at least one DHCP reservation, so my DHCP pools are quite small.
No. Subnet mask tells device which IP addresses are directly accessible (i.e. IP addresses which fall into same subnet) and for those it does not have to use gateway. If you physically separate devices into 3 networks (and put router in the center), then devices won’t be able to directly communicate with devices in another network. And router only forwards IP packets which get delivered to it (because sender determines that packet has to be sent via router) via unicast ethernet frames (with router’s MAC address set as destination MAC address).
But using routed networks for connection between devices (e.g. between a workstation PC and printer) is not a problem if connection initiator (e.g. workstation) knows peer’s (e.g. printer’s) IP address and if destination accepts connections from “foreign” network (some device classes run some sort of firewall). The problem is autoconfiguration which mostly means that self-configuring device (e.g. workstation) either sends out broadcast packets (to which then service provider, e.g. printer, replies) … or self-configuring device probes all IP addresses in own subnet (which is really annoying to all other devices in same subnet). Either means that probes won’t leave “home” subnet, broadcast packets will be dropped by router.
Which leads to “helper” services, such as mDNS relay …
Name mDNS implies it’s about DNS, but that’s only (relatively unimportant) part of protocol suite. You can read more in wikipedia article. The gist of it is that mDNS relay runs on device which has direct access to multiple networks and then it relays broadcast probes between them (and replies as well, firewall that might be on router between them would block replies if they followed the normal path on way back as they would seem unsolicited traffic to its connection tracking machinery).
As I already mentioned, MT doesn’t directly support mDNS relay in ROS. Since ROS is highly flexible, it’s possible to “hack” something like mDNS relay. In recent ROS versions with support for containers it’s possible to run proper mDNS relay software in container (beware that container support still lacks some stability and ease of configuration). And it’s possible to run separate device (e.g. a Raspberry Pi) with mDNS relay.