I have a ccr2216-1g-12xs-2xq link aggregated to a crs326-24S+2Q+RM where I have a bridge for a main vlan= 100 with another 25 vlans inside of that vlan. my issue is that you can ping all the other subnets. I really dont understand why this even exists the point of vlans is to create other subnets by nature these should not communicate with each other mikrotik is really its own animal
Unless you specify in firewall vlans should not communicate, all doors are open.
Could be for ccr switch is involved, don’t know for sure but others might chime in.
Allow communication which is allowed between vlans.
Drop all communication after that.
And without seeing your config, we can all look at a crystal ball.
Show us the firewall that is not working.