i am a fan of your products - but i am very unhappy with your Default config.
IF i connect a new access-Point with only ETH1 to my Network i do have an OPEN ACCESS-POINT for everybody and i have no Chance to configure it via CABLE.
Because of the Firewall Settings i even dont see it at all.
So PLEASE
Optimum would be:
If a CAPS-MAN Server is online - then use this and open the INTERNAL Firewall AT LEAST for the CAPSMAN-Server.
Usefull would be:
Show the new device on ETH-Interfaces in WINBOX - open the FIREWALL on ETH’s and SECURE OR DISABLE the WLAN
You should still be able to discover the AP via L2 with Winbox. Alternatively, connect to the open wireless and connect to the config that way, reset the configuration and then cable in.
You should connect to the open access point and set a password, just like the instruction sheet suggests.
Most home users have no idea what is LAN or ethernet cable.
If you mass-deploy them, I suggest looking at pre-configuring them with your own config. There are several options, TR-069, Flashfig etc. If you use CAPsMAN, you can boot into CAP mode by holding the little button.