I've been troubleshooting this for a while now, and was able to pinpoint the issue, but can't find what configuration could be wrong, or what knowledge I'm lacking to explain this phenomenon.
I have a main router RB4011, then two switches RB260 (plugged directly into the router), and multiple VLANs. All works ok, as expected.
Now as I'm expanding the network, I've added another RB260, but this one is plugged into one of the switches, not directly to the router. Some of the VLANs aren't working.
I have a hEX-S handy, so i tried to use it as a switch (but with the RouterOS/winbox, it's easier to configure and much more powerful). I seem to have run into the same issue.
For comparison, I looked into the cAP which has already been running for months, is already in the "2nd tier" (not directly connected to the router) and it seems to work ok.
I've put this picture together, to describe what works and what doesn't work.
(btw, vlan99 = management)
Oh, and worth noting: when I was troubleshooting with the RB260, the computer was plugged into an accessport for vlan 73. For a long time, running "ipconfig" command gave me the auto-assigned 169.x.x.x IP, ipconfig/release/renew unsuccessful... then eventually it picked up the IP from the network (10.10.73.x). Opening websites basically didn't work, but sometimes a website did partially load.
Running a ping command to either the router or an external IP, produced an interesting pattern:
Reply from 8.8.8.8: bytes=32 time=23ms TTL=116
Request timed out.
Request timed out.
Reply from 8.8.8.8: bytes=32 time=24ms TTL=116
Request timed out.
Request timed out.
Reply from 8.8.8.8: bytes=32 time=23ms TTL=116
Request timed out.
Request timed out.