The best way to test if VLAN isolation on L2 (ethernet layer) works is to send some packets from one VLAN towards the other and sniff on the other VLAN to see if there are any signs of packet leaking into the other VLAN. But it’s not easy to see the leaking if devices are properly configured for their own subnet (i.e. IP setup corresponds to VLAN) because properly behaving devices will try to use their gateways to reach devices in different IP subnet. So one has to know what to look for (and how to craft device IP setup to test more properly) when verifying VLAN isolation.
When doing it, you have to be aware that there are two layers where packets might cross the boundary:
- ethernet layer (switchest, bridges) where VLANs do the isolation. All of switches (and LAN aware devices) in your physical network have to be appropriately configured.
- IP layer. As soon as mikrotik device has IP address in certain IP network, it can interact with it. If MT device has IP address in multiple IP networks, it will pass packets between these networks. And your device does qualify. If you want to prevent certain traffic to pass in certain direction, you can use firewall to control it. Your device doesn’t have any (if config you posted is complete).
And then many devices (windows devices, possibly android to certain extent, some linux distros as well) run their own firewall which block certain connectivity. Based on config you posted I fear that devices’ firewalls blocked the inter-VLAN traffic, not your switch/router.