ok, no answers so far.
So I have this now (the cisco switch is out of the picture now, after an erase it will not come back online so I replaced it with a netgear GS105Ev2 I had somewhere).
This is my router export hide-sensitive:
[admin@MikroTik] > /export hide-sensitive
# jan/20/2023 08:49:50 by RouterOS 6.49.7
# software id = 9J60-IJQN
#
# model = RouterBOARD 962UiGS-5HacT2HnT
/interface bridge
add name=br-vlan2
add arp=proxy-arp igmp-snooping=yes name=br-vlan4
add name=br-vlan5
add name=br-vlan6
add name=bridge-local
/interface wireless
set [ find default-name=wlan1 ] disabled=no ssid=MikroTik
/interface vlan
add interface=ether1 name=ether1.4 vlan-id=4
add interface=ether1 mtu=1508 name=ether1.6 vlan-id=6
add comment=mgmt interface=ether2 name=ether2.2 vlan-id=2
add interface=ether2 name=ether2.5 vlan-id=5
add comment=lan interface=ether2 name=ether2.6 vlan-id=6
add interface=ether5 name=ether5.2 vlan-id=2
add interface=ether5 name=ether5.4 vlan-id=4
add interface=ether5 name=ether5.5 vlan-id=5
add interface=ether5 name=ether5.6 vlan-id=6
/caps-man datapath
add bridge=br-vlan6 name=br-vlan6 vlan-id=6 vlan-mode=use-tag
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1.6 max-mru=1500 max-mtu=1500 name=pppoe-client use-peer-dns=yes user=\
user@internet
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=lan
/caps-man configuration
add channel.band=5ghz-a/n/ac country=netherlands datapath=br-vlan6 distance=indoors installation=indoor mode=ap name=dd-wrt-5g \
security=lan ssid=dd-wrt-5g-test
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk mode=dynamic-keys name=lan supplicant-identity=""
/interface wireless
add disabled=no keepalive-frames=disabled mac-address=6E:3B:6B:1D:2C:57 master-interface=wlan1 multicast-buffering=disabled \
name=kk-6-2g security-profile=lan ssid=kk-6-2g vlan-id=6 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=\
disabled
set [ find default-name=wlan2 ] band=5ghz-n/ac channel-width=20/40/80mhz-eeeC country=netherlands disabled=no frequency=auto \
mode=ap-bridge name=kk-dd-wrtg-5 security-profile=lan ssid=dd-wrt-5g vlan-id=6 vlan-mode=use-tag
/interface vlan
add interface=kk-dd-wrtg-5 name=kk-dd-wrtg-5.6 vlan-id=6
/interface wireless
add keepalive-frames=disabled mac-address=6E:3B:6B:1D:2C:56 master-interface=kk-dd-wrtg-5 multicast-buffering=disabled name=\
kk-6 security-profile=lan ssid=kk-6 vlan-id=6 vlan-mode=use-tag wds-cost-range=0 wds-default-cost=0 wps-mode=disabled
/interface vlan
add disabled=yes interface=kk-6 name=kk-6.6 vlan-id=6
/ip dhcp-client option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
/ip dhcp-server option
add code=60 name=option60-vendorclass value="'IPTV_RG'"
add code=28 name=option28-broadcast value="'10.0.4.255'"
/ip dhcp-server option sets
add name=IPTV options=option60-vendorclass,option28-broadcast
/ip pool
add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254
add name=dhcp_pool1 ranges=10.0.2.20-10.0.2.254
add name=dhcp_pool2 ranges=10.0.4.2-10.0.4.254
add name=dhcp_pool3 ranges=10.0.6.2-10.0.6.254
add name=dhcp_pool4 ranges=10.0.5.2-10.0.5.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge-local name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=br-vlan2 name=dhcp2
add address-pool=dhcp_pool2 dhcp-option-set=IPTV disabled=no interface=br-vlan4 name=dhcp3
add address-pool=dhcp_pool3 disabled=no interface=br-vlan6 name=dhcp4
add address-pool=dhcp_pool4 disabled=no interface=br-vlan5 name=dhcp5
/ppp profile
set *0 only-one=yes use-compression=yes use-ipv6=no use-upnp=no
add name=default-ipv6 only-one=yes use-compression=yes use-upnp=no
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=ac,an master-configuration=dd-wrt-5g
add action=create-dynamic-enabled hw-supported-modes=b,gn
/interface bridge port
add bridge=bridge-local interface=ether3
add bridge=br-vlan2 interface=ether5.2
add bridge=br-vlan4 interface=ether5.4
add bridge=br-vlan2 interface=ether5
add bridge=br-vlan6 interface=ether5.6
add bridge=br-vlan5 interface=ether5.5
add bridge=br-vlan6 interface=kk-6
add bridge=br-vlan6 interface=kk-6-2g
add bridge=br-vlan6 interface=kk-6.6
add bridge=br-vlan6 interface=kk-dd-wrtg-5
add bridge=br-vlan6 interface=kk-dd-wrtg-5.6
add bridge=br-vlan2 interface=ether2.2
add bridge=br-vlan2 interface=ether2
add bridge=br-vlan6 interface=ether2.6
/ip address
add address=192.168.88.1/24 interface=bridge-local network=192.168.88.0
add address=10.0.2.1/24 interface=br-vlan2 network=10.0.2.0
add address=10.0.4.1/24 interface=br-vlan4 network=10.0.4.0
add address=10.0.6.1/24 interface=br-vlan6 network=10.0.6.0
add address=10.0.5.1/24 interface=br-vlan5 network=10.0.5.0
/ip dhcp-client
add default-route-distance=210 dhcp-options=option60-vendorclass disabled=no interface=ether1.4 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server lease
add address=10.0.2.254 lease-time=1d mac-address=34:98:B5:9F:94:EF server=dhcp2
/ip dhcp-server network
add address=10.0.2.0/24 gateway=10.0.2.1
add address=10.0.4.0/24 gateway=10.0.4.1
add address=10.0.5.0/24 dns-server=10.0.5.1 gateway=10.0.5.1
add address=10.0.6.0/24 gateway=10.0.6.1
add address=192.168.88.0/24 dns-server=8.8.8.8 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=0.0.0.0/8 comment=rfc8690 list=not_inet_routable
add address=192.168.88.2-192.168.88.254 list=allowed_to_router
/ip firewall filter
add action=accept chain=input connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input comment="iptv multicast vlan 1.4" in-interface=ether1.4 protocol=udp src-address=217.166.226.138 \
src-port=49152
add action=drop chain=input in-interface=pppoe-client log=yes
add action=fasttrack-connection chain=forward connection-state=established,related
add action=drop chain=forward disabled=yes log=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="Needed for IPTV" dst-address=213.75.112.0/21 out-interface=ether1.4
add action=masquerade chain=srcnat comment="Needed for IPTV" dst-address=217.166.0.0/16 out-interface=ether1.4
add action=masquerade chain=srcnat out-interface=pppoe-client
/routing igmp-proxy
set quick-leave=yes
/routing igmp-proxy interface
add alternative-subnets=0.0.0.0/0 interface=ether1.4 upstream=yes
add interface=br-vlan4
/system clock
set time-zone-name=Europe/Amsterdam
/system logging
add disabled=yes topics=dhcp
add topics=wireless
On the netgear, I have a trunk port on interface one and the rest of the interfaces are untagged vlan6. I have connected the caps mikrotik on port 3 of the netgear, started on caps mode and I see it acquires an ip adress from the dhcp server listening on the br-vlan6 interface.
I can connect from the router to the access point using mac telnet.
On my mobile I see the new ssid dd-wrt-5g-test appear, and I can login with the password, but It does not get an ip address, giving up and using one of the apipa ones.
I am obviously missing something, but I cannot figure it out. Any help appreciated