We are trying to configure an outdoors Hot Spot as follows:
One RB532A with 2 PCI radio boards and 2 Internet accesses via LAN Ports. Each radio has some WDS APs for better area coverage. We have tried it in two configurations:
1 - Two bridges. One via the radio 1 and it’s WDS APs, the other via the radio 2 and it’s WDS APs. We do the mangle mark connection, and then the mangle mark routing, in order to have the radio 1 (and it’s WDS tree) via the Internet 1 and the radio 2 (and it’s WDS tree ) via the Internet 2 in the ip-routes. We use a NAT rule to mask all outgoing traffic.
It works well this way, untill we set up the hotspot on each bridge (it does not work either if we set the hotspot on the interface). It seems to not follow the pack marking after the hotspot is set.
2 –One bridge only, with the 2 radios and it’s WDS trees . Then we mark NTH to have the the packet filter. This also works well, untill we set up the hotspot on the bridge. After the hotspot is set, it does not follow the marking.
How can we have the hotspot and the NTH balance? 
The config #2 is below:
/ interface ethernet
set ether1 name=“ether1” mtu=1500 mac-address=00:0C:42:0B:45:B5 arp=enabled
disable-running-check=yes auto-negotiation=yes full-duplex=yes
cable-settings=default speed=100Mbps comment=“” disabled=no
/ interface wireless
set lagos1 name=“lagos1” mtu=1500 mac-address=00:02:6F:49:B5:9A arp=enabled
disable-running-check=no radio-name=“000C420C79F3” mode=ap-bridge
ssid=“AP1_LAGOSP” area=“” frequency-mode=manual-txpower
country=no_country_set antenna-gain=0 frequency=2412 band=2.4ghz-b
burst-time=disabled dfs-mode=none antenna-mode=ant-a wds-mode=static
wds-default-bridge=bridge1 wds-default-cost=100 wds-cost-range=50-150
wds-ignore-ssid=yes update-stats-interval=disabled
default-authentication=yes default-forwarding=no default-ap-tx-limit=0
default-client-tx-limit=0 proprietary-extensions=post-2.9.25 hide-ssid=no
security-profile=default disconnect-timeout=3s on-fail-retry-time=100ms
hw-retries=15 preamble-mode=both compression=no allow-sharedkey=no
comment=“” disabled=no
set lagos2 name=“lagos2” mtu=1500 mac-address=00:02:6F:49:B5:71 arp=enabled
disable-running-check=no radio-name=“000C420C79F2” mode=ap-bridge
ssid=“AP2_LAGOSP” area=“” frequency-mode=manual-txpower
country=no_country_set antenna-gain=0 frequency=2437 band=2.4ghz-b
burst-time=disabled dfs-mode=none antenna-mode=ant-a wds-mode=static
wds-default-bridge=bridge2 wds-default-cost=100 wds-cost-range=50-150
wds-ignore-ssid=no update-stats-interval=disabled
default-authentication=yes default-forwarding=no default-ap-tx-limit=0
default-client-tx-limit=0 proprietary-extensions=post-2.9.25 hide-ssid=no
security-profile=default disconnect-timeout=3s on-fail-retry-time=100ms
hw-retries=15 preamble-mode=both compression=no allow-sharedkey=no
comment=“” disabled=no
/ interface wireless wds
add name=“housevillage” mtu=1500 arp=enabled disable-running-check=no
master-interface=lagos1 wds-address=00:0E:2E:BB:6D:30 comment=“”
disabled=no
add name=“queroquero” mtu=1500 arp=enabled disable-running-check=no
master-interface=lagos2 wds-address=00:0E:2E:BB:77:3B comment=“”
disabled=no
add name=“cantodolago” mtu=1500 arp=enabled disable-running-check=no
master-interface=lagos1 wds-address=00:0A:52:00:55:57 comment=“”
disabled=no
add name=“quadra4” mtu=1500 arp=enabled disable-running-check=no
master-interface=lagos1 wds-address=00:06:4F:56:2A:3D comment=“”
disabled=no
add name=“quadra2” mtu=1500 arp=enabled disable-running-check=no
master-interface=lagos2 wds-address=00:11:5B:DE:D8:79 comment=“”
disabled=no
add name=“cliente” mtu=1500 arp=enabled disable-running-check=no
master-interface=lagos1 wds-address=00:C0:CA:18:B8:96 comment=“”
disabled=no
/ interface bridge
add name=“bridge1” mtu=1500 arp=enabled protocol-mode=none priority=0x8000
auto-mac=yes admin-mac=00:00:00:00:00:00 max-message-age=20s
forward-delay=15s transmit-hold-count=6 ageing-time=5m comment=“”
disabled=no
/ interface bridge port
add interface=cliente bridge=bridge1 priority=0x80 path-cost=10 edge=auto
point-to-point=auto external-fdb=auto comment=“” disabled=no
add interface=lagos2 bridge=bridge1 priority=0x80 path-cost=10 edge=auto
point-to-point=auto external-fdb=auto comment=“” disabled=no
add interface=lagos1 bridge=bridge1 priority=0x80 path-cost=10 edge=auto
point-to-point=auto external-fdb=auto comment=“” disabled=no
/ ip firewall mangle
add chain=prerouting action=mark-connection new-connection-mark=adsl1_1
passthrough=yes connection-state=new in-interface=bridge1 nth=1,1,0
comment=“” disabled=no
add chain=prerouting action=mark-routing new-routing-mark=adsl1 passthrough=no
in-interface=bridge1 connection-mark=adsl1_1 comment=“” disabled=no
add chain=prerouting action=mark-connection new-connection-mark=adsl2_1
passthrough=yes connection-state=new in-interface=bridge1 nth=1,1,1
comment=“” disabled=no
add chain=prerouting action=mark-routing new-routing-mark=adsl2 passthrough=no
in-interface=bridge1 connection-mark=adsl2_1 comment=“” disabled=no
/ ip firewall nat
add chain=srcnat action=masquerade out-interface=ether2 comment=“” disabled=no
/ ip route
add dst-address=0.0.0.0/0 gateway=192.168.2.1 distance=1 scope=255
target-scope=10 routing-mark=adsl2 comment=“” disabled=no
add dst-address=0.0.0.0/0 gateway=192.168.2.254 distance=1 scope=255
target-scope=10 routing-mark=adsl1 comment=“” disabled=no
Aqui a configuração do hotspot desabilitada:
/ ip hotspot
add name=“hs-bridge1” interface=bridge1 address-pool=dhcp_pool1
profile=hsprof2 idle-timeout=5m keepalive-timeout=none addresses-per-mac=2
disabled=yes
/ ip hotspot service-port
set ftp ports=21 disabled=no
/ ip hotspot profile
set default name=“default” hotspot-address=0.0.0.0 dns-name=“”
html-directory=hotspot rate-limit=“” http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d
split-user-domain=no use-radius=no
add name=“hsprof2” hotspot-address=192.168.10.1 dns-name=“”
html-directory=hotspot rate-limit=“” http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d
split-user-domain=no use-radius=no
add name=“hsprof5” hotspot-address=192.168.20.1 dns-name=“”
html-directory=hotspot rate-limit=“” http-proxy=0.0.0.0:0
smtp-server=0.0.0.0 login-by=cookie,http-chap http-cookie-lifetime=3d
split-user-domain=no use-radius=no
/ ip hotspot user
add name=“admin” password=“” profile=default comment=“” disabled=no
/ ip hotspot user profile
set default name=“default” idle-timeout=none keepalive-timeout=2m
status-autorefresh=1m shared-users=200 transparent-proxy=yes
open-status-page=always advertise=no
add name=“dois” idle-timeout=none keepalive-timeout=2m status-autorefresh=1m
shared-users=2 transparent-proxy=no