To summarize & conclude:
I now have managed to configure each of the 5 Gigabit ports of the hAP ac^2 with an independent LAN, ie. 5 independent wired LANs in total (1x WAN + 4x LAN).
For this to work the ports had to be removed from the bridge, and then the bridge itself removed as well.
Each port plays the role of the gateway for its LAN, ie. each port has to be assigned a LAN gateway IP and the netmask set appropriately.
ether1 is used as the WAN link --> goes to an uplink router (gateway).
On the uplink router (ISP router) one has to set static routes to these LANs as otherwise pings to WAN/Internet from these LANs can't work as the return path would be unknown.
Again, thanks to everybody for the useful tips & help I got.
Case successfully closed
Hi Mutluit, let me confuse you a bit. Your previous experience with a CRS3xx device and the swicth chip did already complicate matters, to see what you have in your hands.
Think of a usual home gateway ( router or gateway, router is without NAT, gateway is with NAT to the WAN direction). The LAN's may be combined and switched, but that can be disabled here.
This is disabled by taking all interfaces off the bridge.
So now you have a classical router with a firewall and with 7 interfaces : 5 ethernet and 2 WLAN (well there is still even the USB, as 8th interface with an adaptor). There could be extra interfaces (virtual WLAN, VPN, VLAN ...)
As in any router if it has a central role you have to set IP address and netmask (or as you know secondary and terrtiary addresses), and a DHCP server per interface (could be in another device)
Actually in this setup with the
default config all interfaces belong to the "LAN interface list". Because the LAN/WAN list is used in the default config in the firewall and some other settings for MAC access. (The interface lists are used to filter incoming traffic from the WAN interface list, doing NAT/masquerading towards the WAN interface list, allow full LAN interface list access)
As this is all your internal network all interfaces are handled as LAN interface list members (allow initiated access to pass through, allow input to the router), or you have to drop the default firewall rules and NAT rules. (And then the WAN interface list is used nowhere in the config, and has lost its meaning).
The only difference for your ether1 is the default route towards internet. Not the handling and filtering of the traffic.
As a manual configured routed network care must be taken to have all the paths defined in all routers. Or one must use routing protocols to do that dynamically (RIP, OSPF).
Only if you do remove everything that is not used then indeed there is no bridge, no WAN interface list, no NAT rule.
I said I would confuse you a bit. (And no the switch plays no role in a router setup, its just bringing the L2 connectivity.) You could combine 2 or more interfaces on a bridge, and handle this as one (bridge) interface just as the other interfaces, but this goes beyond what simple home gateways can do.
EDIT: FYI: a cable modem is a router with a special interface, that converts the broadband cable signal and extracts one of the baseband ethernet signals. Other ISPs use xDSL signal over phone lines. That also is a special interface.