I’d like to use an hAP ax2 as an AP like I use a hAP ac. The hAP ac has an option WISP AP in the Quick Set menu that makes it very easy. But hAP ax2 has no such options. I’ve been trying to do it “manually” (removing dhcp server, adding ETH1 port to the bridge, removing address 192.168.88.1.24,…..) with mixed strange results……
Is this possible at all?
tx
It's pretty straight forward, reset the device and completely wipe it's configuration so you can start from scratch. Login with winbox using Mac address, do not use the quickest function it won't do what you want. Create a bridge and add all your ports to it, ethernet and WiFi. You can add a DHCP client to the bridge so it gets an IP address from the network or you can set a fixed IP manually just make sure it's outside of the DHCP range or you'll cause issues. Then setup your WiFi 2.4 & 5ghz. Job done.
Basic example……… this one assumes you have a base/management or at least trusted home vlan.
We use ether1 as an emergency access or safe place to config device, even if the bridge has some hiccups. Just plug laptop into ether1, change ipv4 settings to 192.168.75.2 and with username and password you should access the device. Besides trusted vlan 05, the upstream device ( managed switch or router is sending two other vlans to the device vlan30 guest and vlan40 media.
/interface bridge
add ingress-filtering=no name=bridgeHOME port-cost-mode=short vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] name=emergaccess
/interface vlan
add interface=bridgeHOME name=trusted-VLAN vlan-id=05
/interface list
add interface=MGMT
/interface wifi channel
add band=2ghz-g disabled=no frequency=2462 name=channel1 width=20/40mhz-Ce
add band=5ghz-ac disabled=no frequency=5200 name=channel2 width=20/40/80mhz
/interface wifi configuration
add country=Canada disabled=no mode=ap name=cfg1 ssid=MEDIA
add country=Canada disabled=no mode=ap name=cfg2 ssid=HOME
/interface wifi security
add authentication-types=wpa2-psk disable-pmkid=yes disabled=no encryption=ccmp name=IoT-Security
add authentication-types=wpa2-psk disabled=no encryption=ccmp name=HOME
/interface wifi
set [ find default-name=wifi1 ] channel=channel1 channel.band=2ghz-g .frequency=2462 .width=20mhz configuration=cfg1 configuration.country=Canada .mode=ap .ssid=media-devices disabled=no name=WLAN-2GHZ security=IoT-Security security.authentication-types=wpa2-psk .encryption=ccmp
set [ find default-name=wifi2 ] channel=channel2 channel.band=5ghz-ac .frequency=5200 .width=20/40/80mhz configuration=cfg2 configuration.country=Canada .mode=ap .ssid=GymHome disabled=no name=WLAN-5GHZ security=HOME security.authentication-types=wpa2-psk .encryption=ccmp
/interface bridge port
add bridge=bridgeHOME frame-types=admit-only-vlan-tagged interface=ether2 \
comment=”connection to an upstream device (router or possibly a managed switch)”
add bridge=bridgeHOME frame-types=admit-priority-and-untagged interface=ether3 \
pvid=05 comment=”connection to admin PC”
add bridge=bridgeHOME frame-types=admit-priority-and-untagged interface=ether4 \
pvid=30 comment=”connection to public printer”
add bridge=bridgeHOME frame-types=admit-priority-and-untagged interface=ether5 \
pvid=40 comment=”connection to media devices”
add bridge=bridgeHOME frame-types=admit-priority-and-untagged interface=WLAN-2GHZ \
pvid=30 comment=”guest network”
add bridge=bridgeHOME frame-types=admit-priority-and-untagged interface=WLAN-5GHZ \
pvid=05 comment=”home wifi”
/ip neighbor discovery-settingsMGMT
/ipv6 settings
set disable-ipv6=yes
/interface bridge vlan
add bridge=bridgeHOME tagged=bridgeHOME,ether2 untagged=ether3,WLAN-5GHZ \
vlan-ids=05
add bridge=bridgeHOME tagged=ether2 untagged=ether4,WLAN-2GHZ vlan-ids=30
add bridge=bridgeHOME tagged=ether2 untagged=ether5 vlan-ids=40
/interface list member
add interface=trusted-VLAN list=MGMT
add interface=emergaccess list=MGMT
/ip address
add address=192.168.0.84/24 interface=trusted-VLAN network=192.168.0.0
add address=192.168.75.1/30 interface=emergaccess network=192.168.75.0
/ip dns
set servers=192.168.0.1
/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=192.168.0.1 routing-table=main
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=MGMT
The problem is I don’t have a windows computer. I was resigned to install wine and do it with winbox, which I never use, but I noticed mikrotik has versions for linux and macos now 
I will give it a try with winbox. Tx.
Is that an hAP ax2? Which ROS version?
