MikroTik

Hi,
I'm tying to extend my coverage to a office room located too far from the main router so the wireless link is not excellent and I have some wired devices as well, two PCs.

I would want to have the devices in the same LAN, there is SMB sharing between them, a network printer, etc. The main RB951ui will control everything.

I believe I can do this by setting up the hAP Lite device to act as a switch only, all devices will be getting IPs from the main RB951ui DHCP server and I could also use the WiFi on the hAP Lite. I searched the forum and found that basically I should put all eth ports and wlan1 in a bridge with rtsp, set no IP's, no firewall rules, no DNS and connect the hAP Lite to the main router via a eth port (eth2 or eth1?). Is that correct? I'm fine managing the hAP Lite with winbox via MAC so I don't need an IP set to hAP Lite.

Is this the correct way of doing it?

You can take a look at my diagram

Sounds close, but only put wlan1 and ether1 in the same bridge.
Then set the master port to ether1 for ether2 through ether5.
Delete DHCP Server on bridge1. Delete DHCP client on ether1. Delete IP addresses from IP > Addresses.
Delete firewall rules, and nat rule (the masquerade rule on ether1).

For convenience I add a DHCP client for bridge1 as I find winbox more reliable when connecting to it via IP instead of mac.

Sounds close, but only put wlan1 and ether1 in the same bridge.
Then set the master port to ether1 for ether2 through ether5.
Delete DHCP Server on bridge1. Delete DHCP client on ether1. Delete IP addresses from IP > Addresses.
Delete firewall rules, and nat rule (the masquerade rule on ether1).

For convenience I add a DHCP client for bridge1 as I find winbox more reliable when connecting to it via IP instead of mac.

That's great!

I've set up the hAP as above and it seems to work perfectly!
I've set a DHCP client on bridge1 and let "Use peer DNS" and "Use peer NTP" and the device has an IP and can be managed via it.

I will change the winbox port, I have the main router accesible via WAN and I think it would be better if they have separate ports for winbox, correct?

don't need to change ports, could cause confusion in the future. Ports will only clash if they are on the same address

don't need to change ports, could cause confusion in the future. Ports will only clash if they are on the same address

I will probably want to manage both Mikrotik devices via WAN. Right now I have a port forward in the main modem wich points to my RB951 win box port. I will make an additional port forward wich will point to the hAp Lite win box port but I have to choose a different one, I will increment it by 1.

Is my way of setting up remote management ok, or there are other ways?

Sent from my STH100-2 using Tapatalk

VPN is an option for remote management and most will argue a VPN is much more secure for remote management.

I expose Winbox ports to the internet but then always use a firewall so only my office can connect to client Mikrotiks.