A CAPsMAN setup will be great on this scenario, but you'd better get a grasp on your network first; it may be interesting for a future.
Now, the simplest and optimal approach for you is programming the Omnitik and the wAP ac as "wired/wireless switches".
When I say switches, I meaning in the same way you add a switch to your network: just plug it and it will transparently allow L2, extending your network; from that point onwards, anything you plug to its ports will be transparently connected to the network. The only difference here is this will happen with wireless clients too.
Example for a single SSID Omnitik follows:
set [ find default-name=ether1 ] name=1_To_2011
set [ find default-name=ether2 ] master-port=1_To_2011
set [ find default-name=ether3 ] master-port=1_To_2011
set [ find default-name=ether4 ] master-port=1_To_2011
set [ find default-name=ether5 ] master-port=1_To_2011
/interface bridge port
add bridge=bridge1 interface=1_To_2011
add bridge=bridge1 interface=wlan1
set [ find default-name=wlan1 ]
disabled=no mode=ap-bridge ssid=YOURPRIVATESSID \
wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key=Y0urP4ssw0rd \
add comment=defconf dhcp-options=hostname,clientid disabled=no interface=bridge1
To apply it:
1.- Connect to Omnitik using mac-winbox (double click to mac address of the Omnitik on Winbox Neighbors tab):
2.- System > Reset Configuration, tick all three Keep User Configuration, No Default Configuration and Do Not Backup
3.- After reboot, Connect again using mac-winbox, open a New Terminal and copy and paste former code
This programs the Omnitik to be essentially a wired/wireless "switch", which gets it's management IP from dhcp.
Now, connect it to the 2011. The 2011 will have a LAN bridge; you need to add the ether port coming from the Omnitik ether1 to that LAN bridge, say to ether2 on the 2011.
To do so you can either
- Make sure ether2 is not enslaved to any other ether, and add ether2 directly to the LAN bridge
- Make it slave of an interface already in the LAN bridge
Once you achieve that, any wireless station or wired device connecting to the Omnitik will get IP, etc from the 2011. It will be the same as having them physically connected to the 2011.
The wAP AC config will be essentially the same, but adding both wlan interfaces to bridge1 (which can have same SSID and password so that stations roam to the optimal one).
Try to get this working, will add/explain the isolated Guest SSID afterwards.
Post an export of the 2011.