Should we assume you are using the hotspot functionality of RouterOS? If so, do you really need the wired devices you named to share the same subnet/L2 segment with the wireless devices that you want to only get access to the internet after login? I mean, there are some home automation devices that also only connect via WiFi, so maybe connect these to one pair of wireless interfaces, with its own SSID and passphrase, that will be in the same bridge like the wired ports and not use the hotspot, and create a pair of virtual wireless interfaces with another SSID and passphrase (or without a passphrase), with its own bridge (or VLAN on the same bridge), IP subnet, and DHCP server, and only apply hotspot to this second wireless network?
yeah, assumption is correct. the idea was to just bridge them all at once. but since my UAP APs are in the mikrotik ether2,3, where all my IoTs and cctvs are connected at. then, did not cross my mind after logging in the UAP AP, the mikrotik hotspot portal became a second login!!! my idea to make all authenticate first!
Yes, the idea to separate ethe2 was in my mind this morning before I reconfig the ac2 so my macos server and minis can be completely isolated. just the thought it would be easier to just bridge them all together.
i dont need any automation devices, just remove ether2 from the bridge will fix it. I was just thinking there has to be a way to make an address list for IoTs and make them all static will solve it!!
thanks.