10.0.0.0 base network
10.0.30.0 IOT network
10.0.0.1 (mikrotik terminal) ping to 10.0.30.21 OK
10.0.0.11 ping to 10.0.30.21 timeout
10.0.30.21 is a device on a virtual wireless interface
sniffer shows as dst address the master interface of the virtual one
this is a ping from 10.0.0.11 to 10.0.30.21
INTERFACE TIME NUM DIR SRC-MAC DST-MAC VLAN SRC-ADDRESS DST-ADDRESS PROTOCOL SIZE CPU
VLAN99_BASE 80.487 409 ← 64:00:6A:87:05:48 B8:69:F4:FA:C8:7C 10.0.0.11 10.0.30.21 ip:icmp 98 0
master wireless interface - B8:69:F4:FA:C8:7C
virtual wireless interface - BA:69:F4:FA:C8:7D
mikrotik.txt (7.4 KB)
What is your network topology ?
InterVLAN routing should and will work unless you ve manually blocked the communication or in cases of wrong VLAN configuration etc…
In my opinion, your problem is here in forward chain (I removed the disabled rules):
add action=accept chain=forward comment="Allow Estab & Related" \
connection-state=established,related
add action=accept chain=forward comment="Wireguard access to ALL" \
in-interface=wireguard
add action=accept chain=forward comment="VLAN Internet Access only" \
connection-state=new in-interface-list=VLAN out-interface-list=WAN
add action=accept chain=forward comment="Allow port forwarding - DSTNAT" \
connection-nat-state=dstnat
add action=drop chain=forward comment=Drop
You allow all VLAN access to WAN but further on nothing towards VLAN30.
And then the drop rule hits effectively doing what it is supposed to do. Drop all what gets there.