Is there a way to limit access to routerOS to a particular VLAN and block all other access to it? If so how would you do it?
First edit “/ip services” and disable everything you don’t use. Then filter in the input chain (packets destined for the router directly, not packets being routed through the router) for the ports left open and drop everything not from the management VLAN interface. The below assumes only SSH and Winbox on default ports are left open:
/ip firewall filter
add chain=input protocol=tcp dst-port=22,8291 in-interface=!ManagementVLANInterface action=drop
There’s lots of different firewall rulesets for what you want to do. The wiki lists more exhaustive ways.
I am sorry for the delay in response but thank you for the information.