Hello and thanks for your reply. I know the difference between L2 and L3 and everything should be isolated on L2, so this is intended.
I have made a image, hopefully it clarifies what I want to do. The top right machine (name RouterOS on my drawing) was my Debian based router which should get replaced with RouterOS now. The setup in Debian was very easy - two interfaces (named eth0 and eth1) and some VLAN interfaces (eth1.102, eth1.103, …, eth1.202, …). eth0 had its public IP (10.0.0.123) and eth1 had a IP for every routed subnet (10.1.0.1 and 10.2.0.1 in this case). The last thing to do was to add some routes “route add 10.1.0.2 via eth1.102” and so on.
I want to achieve the exact same using RouterOS now. The problem is that when i try to set it up the same way as the Debian based machine (create VLAN interfaces as subinterface of ether2, assign IPs to ether2, add routes) ARP requests for 10.1.0.1 from the VMs (to RouterOS) wont get answered by RouterOS. I then have tried wild combinations of IP assignment, bridge interfaces, etc… (they were not intended to really work, just some trial and error debugging) but none of them worked.
So ultimatively my question is - what would be the correct way to set this scenario up in RouterOS?
