OK. I give up. 
Every attempt I have made to segregate the Hotspot VLAN from the rest of the router, doesn’t work.
I have tried the firewall rules suggested earlier in this thread. I have tried the suggestions posted in these threads as well:
http://forum.mikrotik.com/t/help-with-nat-config-router-to-router/45003/1
http://forum.mikrotik.com/t/hotspot-configuration-questions-and-functions/38000/1
I have found that when I add:
add chain=forward in-interface=vlan2 out-interface=vlan1 action=drop
I bust the ability to get the hotspot login page.