@purba this is very interesting solution. Did you mean that the client machines/VMs are in wider mask, while the VLAN interface IP is /32 and the same for all these vlans. Plus you set up ARP to be proxy-arp?
In such case, instead of a single IP per client, if you were to do /29 per client, will you then set network to be something like 192.168.160.0, 192.168.160.8, 192.168.160.16 etc..? And then use these /29 subnet arrived IPs, but with /24 mask on the client machines to allow them talk to each other, and then to internet, but no client can talk to another client, unless you allowed them thru firewall?
Can you share bit more of the configuration, if there is anything extra to it? I am trying to achieve something similar for a totally different use case. I need to have Wi-Fi where each apartment unit in a small building, can have their own vlan for isolation, allowing connection among their own devices, but not to any other apartment unit, but everyone shares the same big pool of IPaddresses via dhcp.
Yes, that's it.
In my case I have public /24 subnet. I need to share it between customers VMs with maximum isolation.
On VM side IPs are set with /24. Like 192.168.160.7/24 in my example.
On router side I have to set manualy IP address and network for every vlan.
In case i have multiple client IPs in vlan, I do
/ip address add address=192.168.160.254 interface=vlan303 network=192.168.160.7
/ip address add address=192.168.160.254 interface=vlan303 network=192.168.160.16
/ip address add address=192.168.160.254 interface=vlan303 network=192.168.160.116
/ip address add address=192.168.160.254 interface=vlan304 network=192.168.160.8
If proxy-arp is off for vlan303 and vlan304,
192.168.160.7, 192.168.160.16 and 192.168.160.116 communcate to each other (they are in one L2 segment, router is not involved)
but not to 192.168.160.8, which is on another vlan.
In case I need to allow them communicate, I set proxy-arp=on on both vlans.
Now all communication between hosts on same subnet but different vlans goes through router.
And I control it with firewall.
This is configuration I'm testing now. It doesn't look to be "standard" one.
But it works for for me and I guess is going to production soon.
I'm not sure how to solve this with DHCP, as in my case I'm setting every client IP manually with /ip address add address=192.168.160.254 interface=vlan* network=192.168.160.*
The DHCP server has to be set-up on some interface, maybe bridging with `Use IP Firewall` is the solution in your case?