Simple VLAN with Hardware switching and trunking

RouterOS Beginner Basics
1

Hello everyone,

I have a small hAP ac lite and I would like to make it as L2 switch with vlan and wifi.
However, I still have few questions after I read some article.
Would anyone please help me? Thank you.

Here is my home design:

Backup link: http://imgur.com/a/ECAvB

# jul/09/2017 15:35:52 by RouterOS 6.38.7
#
/interface bridge
add admin-mac=AA:BB:CC:DD:EE:FF auto-mac=no name=bridge-local
add name=bridge-vlan2
/interface ethernet
set [ find default-name=ether1 ] name=eth1
set [ find default-name=ether2 ] master-port=eth1 name=eth2
set [ find default-name=ether3 ] master-port=eth1 name=eth3
set [ find default-name=ether4 ] master-port=eth1 name=eth4
set [ find default-name=ether5 ] name=eth5 poe-out=off
/interface wireless
set [ find default-name=wlan2 ] ssid=MikroTik wps-mode=disabled
/interface vlan
add interface=eth1 name=vlan2 vlan-id=2
/interface ethernet switch port
set 0 vlan-header=add-if-missing vlan-mode=secure
set 1 default-vlan-id=2 vlan-header=always-strip vlan-mode=secure
set 2 default-vlan-id=2 vlan-header=always-strip vlan-mode=secure
set 3 default-vlan-id=3 vlan-header=always-strip vlan-mode=secure
set 5 default-vlan-id=2 vlan-header=always-strip vlan-mode=fallback
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk management-protection=allowed mode=dynamic-keys name=WIFISP_MYWIFI wpa2-pre-shared-key=123456789
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-onlyn disabled=no distance=indoors frequency=auto frequency-mode=\
    regulatory-domain hw-retries=4 mode=ap-bridge security-profile=WIFISP_MYWIFI ssid=MTYWIFI tx-power=8 tx-power-mode=\
    all-rates-fixed wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
/ip neighbor discovery
set wlan1 discover=no
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/system logging action
set 1 disk-file-name=log
/interface bridge port
add bridge=bridge-local interface=eth5
add bridge=bridge-vlan2 interface=wlan1
add bridge=bridge-vlan2 interface=eth1
/interface ethernet switch vlan
add ports=eth1,eth2,eth3,switch1-cpu switch=switch1 vlan-id=2
add ports=eth1,eth4 switch=switch1 vlan-id=3
/ip address
add address=192.168.2.100/24 interface=bridge-vlan2 network=192.168.2.0
/ip dns
set cache-size=512KiB servers=8.8.8.8,8.8.4.4
/ip route
add distance=1 gateway=192.168.2.1
/system identity
set name=MyRouterOS-A

My questions:

  1. May I know my configuration is well? I am not sure it is ok or not. But I can access internet by vlan2 and vlan3.
  2. Does it now enabled the hardware switching?
  3. Does the wifi now is on the vlan2? Should I use the bridge to Integrate them?
  4. Regarding the interface eth4 (assigned to vlan3), should I assign it to master port eth1? Once I assigned it, I don’t know why it will appear in bridge-vlan2.
    5 I just wanna vlan 2 device can access the RotuerOS, what is the best practice to assign the mgmt IP? Which should I assign to.. (eth1 / bridge-vlan)?
  5. Would you please comment if it is not best practice, I would like to lean more about it.

Thank you.