Configuring MapLite ap

Hello, I'm a beginner in the world of networking. I apologize if this question seems silly, but I've been struggling with this basic problem for several days without finding a solution. For several years, I've had a setup created by someone else that works perfectly (Switch + STX2 antenna) on a private network without internet access. I'd like to replace my STX2 with a MapLite, but I can't seem to configure it properly.

Could you help me configure the MapLite or point me to a tutorial that would allow me to get through this basic setup? Thanks in advance.

Here's the STX2 configuration I'd like to replicate on the MapLite:

# jun/17/2019 10:51:46 by RouterOS 6.43.16

# software id = 2RG8-AFK4

#

# model = SXT G-2HnD r2

# serial number = XXXXXXXXX

/interface bridge

add admin-mac=XXXXXXXXXX auto-mac=no name=bridge-all

/interface ethernet

set [ find default-name=ether1 ] speed=100Mbps

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

add authentication-types=wpa-psk,wpa2-psk eap-methods="" \

management-protection=allowed mode=dynamic-keys name=adrian \\

supplicant-identity="" wpa-pre-shared-key="XXXXXXXXXX'" \\

wpa2-pre-shared-key="XXXXXXXXXX'"

/interface wireless

set [ find default-name=wlan1 ] antenna-gain=8 band=2ghz-b/g/n country=france \

disabled=no frequency=2472 frequency-mode=regulatory-domain hide-ssid=yes \\

mode=ap-bridge name=wlan-2.4-adrian security-profile=adrian ssid=Adrian \\

wireless-protocol=802.11

/ip hotspot profile

set [ find default=yes ] html-directory=flash/hotspot

/interface bridge port

add bridge=bridge-all interface=all

/ip address

add address=192.168.1.253/24 interface=bridge-all network=192.168.1.0

/ip dhcp-client

add dhcp-options=hostname,clientid interface=bridge-all

/system clock

set time-zone-name=Europe/Paris

/system identity

set name=sxt-2-ap-wifi

/system leds

set 0 type=wireless-status

/system package update

set channel=long-term

/system routerboard settings

set auto-upgrade=yes

Will you use your mAP Lite as a router ? If yes be aware that mAP Lite is low power device capable of routing about 90-100 Mbps…

This part make no sense to me, you have DHCP client on your bridge but you also assigned IP address to the bridge. If you connect your device to some other network then an IP address will be assigned to your bridge interface by DCHP server on that network.

/ip address

add address=192.168.1.253/24 interface=bridge-all network=192.168.1.0

/ip dhcp-client

add dhcp-options=hostname,clientid interface=bridge-all

Are you connecting to another Mikrotik device on the other end ?

Besides the IP address/DHCP client gigabyte091 noticed, I cannot see anything that you cannot just replicate on the map Lite.

You should update the map Lite to latest stable version of v6, right now 6.49.19, then post the (default) configuration you currently have on it.

To post it in a more readable format, once you have pasted the export in the post, select it and press the button "</>", this will make it into "CODE" formatting, I am reposting below your configuration this way, so that you can see how it should look:

# jun/17/2019 10:51:46 by RouterOS 6.43.16
# software id = 2RG8-AFK4
#
# model = SXT G-2HnD r2
# serial number = XXXXXXXXX
/interface bridge
add admin-mac=XXXXXXXXXX auto-mac=no name=bridge-all
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=adrian \\
supplicant-identity="" wpa-pre-shared-key="XXXXXXXXXX'" \\
wpa2-pre-shared-key="XXXXXXXXXX'"
/interface wireless
set [ find default-name=wlan1 ] antenna-gain=8 band=2ghz-b/g/n country=france \
disabled=no frequency=2472 frequency-mode=regulatory-domain hide-ssid=yes \\
mode=ap-bridge name=wlan-2.4-adrian security-profile=adrian ssid=Adrian \\
wireless-protocol=802.11
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=bridge-all interface=all
/ip address
add address=192.168.1.253/24 interface=bridge-all network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=bridge-all
/system clock
set time-zone-name=Europe/Paris
/system identity
set name=sxt-2-ap-wifi
/system leds
set 0 type=wireless-status
/system package update
set channel=long-term
/system routerboard settings
set auto-upgrade=yes

Then it will be just a matter of making a "diff" file that you can copy/paste, a few lines at the time into a Winbox terminal.

So what ? It only has fast ethernet
(100 Mbps)

Being able to route 90-100mbs using a matchbox-sized device is wonderful !

While it is a valid advise, I have ROS7 on all my mAP Lite devices running just fine.
Same with mAP and cAP (identical setup processor/memory/storage-wise)

It is wonderful but still better safe than sorry. I want to warn OP about device limitation. (I overlooked the fact that NIC is only 100 Mbps)

But I have several mAP lite devices and they are great little devices for sure :))

Yep, but the (optional) update to v7.x it is IMHO better done after the configuration works as expected in v6, even if this seems like a very simple configuration, it is entirely possible that you cannot paste directly the exported lines from v6 on v7, while you surely can from v6 to v6, the update process from v6 to v7 should take care of possible small differences needed (if any).

Thank you a lot for your help!! I don’t know if it helps but here is the config of the switch :

 # jun/17/2019 17:22:03 by RouterOS 6.43.16

# software id = B3P1-7BM7

#

# model = RB760iGS

# serial number = XXXXXXXXXXX

/interface bridge

add admin-mac=XXXXXXXXXX auto-mac=no name=bridge-all

/interface ethernet

set [ find default-name=ether1 ] speed=100Mbps

set [ find default-name=ether2 ] speed=100Mbps

set [ find default-name=ether3 ] speed=100Mbps

set [ find default-name=ether4 ] speed=100Mbps

set [ find default-name=ether5 ] poe-out=forced-on speed=100Mbps

/interface wireless security-profiles

set [ find default=yes ] supplicant-identity=MikroTik

/ip hotspot profile

set [ find default=yes ] html-directory=flash/hotspot

/ip pool

add name=pool_bridge ranges=192.168.1.200-192.168.1.250

/ip dhcp-server

add address-pool=pool_bridge disabled=no interface=bridge-all lease-time=12h \

    name=dhcp-bridge

/interface bridge port

add bridge=bridge-all interface=all

/ip address

add address=192.168.1.1/24 interface=bridge-all network=192.168.1.0

/ip dhcp-client

add dhcp-options=hostname,clientid interface=bridge-all

/ip dhcp-server network

add address=192.168.1.0/24 dns-server=1.1.1.1,8.8.8.8,8.8.4.4 gateway=\

    192.168.1.1

/ip dns

set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8,8.8.4.4

/system clock

set time-zone-name=Europe/Paris

/system identity

set name=hex-s-switch-dhcp-poe

/system package update

set channel=long-term

/system routerboard settings

set auto-upgrade=yes 

this setup allow me to control an audio mixing desk (static IP) with multiple ipads (about 10 ipads) , no sound, only control commands (like OSC, midi, etc..) .

Here is my MapLite factory reset informations :

# 1970-01-02 00:04:10 by RouterOS 7.16.2

# software id = H81W-EY4C

#

# model = RBmAPL-2nD

# serial number = XXXXXXXXX

/interface bridge

add admin-mac=XXXXXXXX auto-mac=no comment=defconf name=bridge

/interface wireless

set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \

    disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=\

    MikroTik-D53F8F wireless-protocol=802.11

/interface list

add comment=defconf name=WAN

add comment=defconf name=LAN

/interface wireless security-profiles

set [ find default=yes ] authentication-types=wpa2-psk comment=defconf \

    disable-pmkid=yes mode=dynamic-keys supplicant-identity=MikroTik

/ip pool

add name=default-dhcp ranges=192.168.88.10-192.168.88.254

/disk settings

set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes

/interface bridge port

add bridge=bridge comment=defconf interface=pwr-line1

add bridge=bridge comment=defconf interface=wlan1

/ip neighbor discovery-settings

set discover-interface-list=LAN

/interface list member

add comment=defconf interface=bridge list=LAN

add comment=defconf interface=ether1 list=WAN

/ip address

add address=192.168.88.1/24 comment=defconf interface=bridge network=\

    192.168.88.0

/ip dhcp-client

# Interface not active

add comment=defconf interface=ether1

/ip dhcp-server

add address-pool=default-dhcp interface=bridge name=defconf

/ip dhcp-server network

add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\

    192.168.88.1

/ip dns

set allow-remote-requests=yes

/ip dns static

add address=192.168.88.1 comment=defconf name=router.lan type=A

/ip firewall filter

add action=accept chain=input comment=\

    "defconf: accept established,related,untracked" connection-state=\

    established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=\

    invalid

add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp

add action=accept chain=input comment=\

    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1

add action=drop chain=input comment="defconf: drop all not coming from LAN" \

    in-interface-list=!LAN

add action=accept chain=forward comment="defconf: accept in ipsec policy" \

    ipsec-policy=in,ipsec

add action=accept chain=forward comment="defconf: accept out ipsec policy" \

    ipsec-policy=out,ipsec

add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \

    connection-state=established,related hw-offload=yes

add action=accept chain=forward comment=\

    "defconf: accept established,related, untracked" connection-state=\

    established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" \

    connection-state=invalid

add action=drop chain=forward comment=\

    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \

    connection-state=new in-interface-list=WAN

/ip firewall nat

add action=masquerade chain=srcnat comment="defconf: masquerade" \

    ipsec-policy=out,none out-interface-list=WAN

/ipv6 firewall address-list

add address=::/128 comment="defconf: unspecified address" list=bad_ipv6

add address=::1/128 comment="defconf: lo" list=bad_ipv6

add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6

add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6

add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6

add address=100::/64 comment="defconf: discard only " list=bad_ipv6

add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6

add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6

add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6

/ipv6 firewall filter

add action=accept chain=input comment=\

    "defconf: accept established,related,untracked" connection-state=\

    established,related,untracked

add action=drop chain=input comment="defconf: drop invalid" connection-state=\

    invalid

add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\

    icmpv6

add action=accept chain=input comment="defconf: accept UDP traceroute" \

    dst-port=33434-33534 protocol=udp

add action=accept chain=input comment=\

    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\

    udp src-address=fe80::/10

add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \

    protocol=udp

add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\

    ipsec-ah

add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\

    ipsec-esp

add action=accept chain=input comment=\

    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec

add action=drop chain=input comment=\

    "defconf: drop everything else not coming from LAN" in-interface-list=\

    !LAN

add action=accept chain=forward comment=\

    "defconf: accept established,related,untracked" connection-state=\

    established,related,untracked

add action=drop chain=forward comment="defconf: drop invalid" \

    connection-state=invalid

add action=drop chain=forward comment=\

    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6

add action=drop chain=forward comment=\

    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6

add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \

    hop-limit=equal:1 protocol=icmpv6

add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\

    icmpv6

add action=accept chain=forward comment="defconf: accept HIP" protocol=139

add action=accept chain=forward comment="defconf: accept IKE" dst-port=\

    500,4500 protocol=udp

add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\

    ipsec-ah

add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\

    ipsec-esp

add action=accept chain=forward comment=\

    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec

add action=drop chain=forward comment=\

    "defconf: drop everything else not coming from LAN" in-interface-list=\

    !LAN

/system note

set show-at-login=no

/system routerboard settings

set auto-upgrade=yes

/tool mac-server

set allowed-interface-list=LAN

/tool mac-server mac-winbox

set allowed-interface-list=LAN

Was there a difficult part I missed in:

?

Anyway, the mAP lite config actually readable:

# 1970-01-02 00:04:10 by RouterOS 7.16.2
# software id = H81W-EY4C
#
# model = RBmAPL-2nD
# serial number = XXXXXXXXX
/interface bridge
add admin-mac=XXXXXXXX auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=auto mode=ap-bridge ssid=MikroTik-D53F8F wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk comment=defconf disable-pmkid=yes mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=pwr-line1
add bridge=bridge comment=defconf interface=wlan1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
/ip dhcp-client
# Interface not active
add comment=defconf interface=ether1
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system note
set show-at-login=no
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

The switch configuration should be OK "as-is" (in the sense that it should work as before, not that it is entirely correct), here it is correctly formatted:

# jun/17/2019 17:22:03 by RouterOS 6.43.16
# software id = B3P1-7BM7
#
# model = RB760iGS
# serial number = XXXXXXXXXXX
/interface bridge
add admin-mac=XXXXXXXXXX auto-mac=no name=bridge-all
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] poe-out=forced-on speed=100Mbps
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=pool_bridge ranges=192.168.1.200-192.168.1.250
/ip dhcp-server
add address-pool=pool_bridge disabled=no interface=bridge-all lease-time=12h name=dhcp-bridge
/interface bridge port
add bridge=bridge-all interface=all
/ip address
add address=192.168.1.1/24 interface=bridge-all network=192.168.1.0
/ip dhcp-client
add dhcp-options=hostname,clientid interface=bridge-all
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=1.1.1.1,8.8.8.8,8.8.4.4 gateway=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=1.1.1.1,8.8.8.8,8.8.4.4
/system clock
set time-zone-name=Europe/Paris
/system identity
set name=hex-s-switch-dhcp-poe
/system package update
set channel=long-term
/system routerboard settings
set auto-upgrade=yes

It is "unusual" that you have BOTH a DHCP Server and Client on the Bridge comprising all the interfaces, and it is also unusual for a switch to act as DHCP server, but if it works, no need to change anything now.

What are you using to connect to the mAP Lite?

I mean your browser or Winbox?

IF NOT Winbox, then get it and use that, see:
Why you should use Winbox

While fiddling with the configuration it is easy to lose the IP address, and Winbox can connect also via MAC address.

Attached a spreadsheet for reference of the changes.
aladin_test.zip (9.3 KB)

I would like to thank you so much for your help.

I’m very sorry about the “code” function but when I press </> button on the selected text it does this kind of layout. This time I try using ““ button, maybe it will be better.

I tried to implement everything’s in your XLS using winbox.

I have a problem , I can’t see the MapLite in winbox with wifi anymore, i’m connected to the wireless but the unit needs to be wired to appear in winbox neighbor.

here is the setup now :

1970-01-02 02:24:48 by RouterOS 7.16.2

software id = H81W-EY4C

model = RBmAPL-2nD

serial number = XXXXX

/interface bridge
add admin-mac=XXXX auto-mac=no name=bridge-all
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk comment=defconf
disable-pmkid=yes mode=dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=
Adrian_Security supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX
disabled=no distance=indoors frequency=auto mode=ap-bridge
security-profile=Adrian_Security ssid=Adrian-Lite wireless-protocol=
802.11
/disk settings
set auto-media-interface=lo
/interface bridge port
add bridge=*5 comment=defconf interface=pwr-line1
add bridge=*5 comment=defconf interface=wlan1
add bridge=bridge-all interface=all
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes
/interface list member
add comment=defconf interface=bridge-all list=LAN
/ip address
add address=192.168.1.253/24 interface=bridge-all network=192.168.1.0
/ip dhcp-client
add interface=bridge-all
/system clock
set time-zone-name=Europe/Paris
/system note
set show-at-login=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

What is this ?

/interface bridge port
add bridge=*5 comment=defconf interface=pwr-line1
add bridge=*5 comment=defconf interface=wlan1

It should be:

/interface bridge port  
add bridge=bridge-all comment=defconf interface=pwr-line1 
add bridge=bridge-all comment=defconf interface=wlan1

That’s probably the reason why you can’t see mAP in Winbox when connected to wireless.

You set your discovery interface correctly to LAN:

/ip neighbor discovery-settings
set discover-interface-list=LAN

You assigned correctly your bridge to LAN interface list:

/interface list member
add comment=defconf interface=bridge-all list=LAN

But your interfaces are then added to non-existent bridge ?

Where is your ether1 interface ?

You have WAN interface list but nothing added to it ? I think that list is not needed in your configuration as you don’t have any FW rules here nor added interfaces to it.

It's strange the </> button works just fine here, maybe you are using a browser that have issues with the board software

You have now a setting (default, correct) of:

/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

And:

/interface bridge port
add bridge=bridge-all interface=all

/interface list member
add comment=defconf interface=bridge-all list=LAN

Also correct.

But you have two lines that you must delete (wrong):

/interface bridge port
add bridge=*5 comment=defconf interface=pwr-line1
add bridge=*5 comment=defconf interface=wlan1

In theory now winbox should work for both cabled and wireless.

You can try adding explicitly the wlan1 interface to LAN (even if it won't work it won't change anything of the rest of the configuration):

/interface list member
add comment=myfconf interface=wlan1 list=LAN

Alternatively (since anyway ALL your interfaces are LAN) you can try setting:

/tool mac-server
set allowed-interface-list=all
/tool mac-server mac-winbox
set allowed-interface-list=all

@ gigabyte091
The WAN is just the (default) definition of a list, it doesn't do anything (neither good nor bad) but it serves as a reminder should one in the future want to re-add the (default) firewall, nat, etc. and use the mAP as a router.

Personally I would remove WAN list just to avoid possible confusion.

Wow!!! You're my Santa Claus!! Everything seems to be working perfectly! I could try it in a real setup when I get back, but at home it seems perfect!!! A huge thank you to you!! I would never have been able to manage it on my own.