first one (main):
# apr/23/2020 19:54:19 by RouterOS 6.46.5
# software id = 283F-MQLT
#
# model = RBD52G-5HacD2HnD
# serial number = xxxx
/interface mesh
add hwmp-rann-propagation-delay=5 name=Mesh
/interface bridge
add admin-mac=C4:AD:34:08:61:10 auto-mac=no comment=defconf name=Lnet
/interface ethernet
set [ find default-name=ether1 ] name=Internet
/caps-man datapath
add bridge=Lnet name=datapath1
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk,wpa2-eap eap-methods="" name=Most \
radius-mac-authentication=yes supplicant-identity="" wpa2-pre-shared-key=\
1234567890
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=Test \
supplicant-identity="" wpa-pre-shared-key=12345678 wpa2-pre-shared-key=\
12345678
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country="united states" disabled=no distance=indoors installation=indoor \
mac-address=C4:AD:34:08:61:12 mode=ap-bridge name=Wifi12 \
security-profile=Test ssid=Lnet wds-ignore-ssid=yes wireless-protocol=\
802.11 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country="united states" disabled=no distance=indoors \
installation=indoor mode=ap-bridge name=Wifi15 security-profile=Test \
ssid=Lnet wds-ignore-ssid=yes wireless-protocol=802.11 wps-mode=disabled
add hide-ssid=yes mac-address=C6:AD:34:08:61:12 master-interface=Wifi12 name=\
Most12 security-profile=Test ssid=Dsawes452!%af332asw wds-default-bridge=\
Lnet wds-ignore-ssid=yes wds-mode=dynamic-mesh wps-mode=disabled
add disabled=no hide-ssid=yes keepalive-frames=disabled mac-address=\
C6:AD:34:08:61:15 master-interface=Wifi15 multicast-buffering=disabled \
name=Most15 security-profile=Most ssid=Agh243!&gsas!!s2 \
wds-default-bridge=Lnet wds-ignore-ssid=yes wds-mode=dynamic-mesh \
wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
add hotspot-address=192.168.10.1 html-directory=flash/hotspot name=\
HotSpotServer
/ip pool
add name=LocalPool ranges=192.168.88.100-192.168.88.250
add name=MeshPool ranges=192.168.100.100-192.168.100.250
/ip dhcp-server
add address-pool=LocalPool disabled=no interface=Lnet name=LocalDHCPServer
add address-pool=MeshPool disabled=no interface=Mesh lease-time=1h name=\
MeshDHCPServer
/ip hotspot
add address-pool=MeshPool disabled=no interface=Wifi12 name=LnetHotSpot \
profile=HotSpotServer
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=Lnet comment=defconf interface=ether2
add bridge=Lnet comment=defconf interface=ether3
add bridge=Lnet comment=defconf interface=ether4
add bridge=Lnet comment=defconf interface=ether5
add bridge=Lnet comment=defconf interface=Wifi12
add bridge=Lnet comment=defconf interface=Wifi15
add bridge=Lnet interface=Most12
add bridge=Lnet interface=Most15
add bridge=Lnet disabled=yes interface=*127
/ip neighbor discovery-settings
set discover-interface-list=all
/interface list member
add comment=defconf interface=Lnet list=LAN
add comment=defconf interface=Internet list=WAN
/interface wireless access-list
add mac-address=C6:AD:34:BF:29:22 vlan-mode=no-tag
add mac-address=C6:AD:34:BF:29:25 vlan-mode=no-tag
add mac-address=C6:AD:34:08:61:12 vlan-mode=no-tag
add mac-address=C6:AD:34:08:61:15 vlan-mode=no-tag
/ip address
add address=192.168.88.1/24 comment=defconf interface=Lnet network=\
192.168.88.0
add address=192.168.10.1/24 comment="hotspot network" interface=Mesh network=\
192.168.10.0
/ip dhcp-client
add comment=defconf disabled=no interface=Internet
/ip dhcp-server network
add address=192.168.10.0/24 comment="hotspot network" gateway=192.168.10.1
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
src-address=192.168.10.0/24
/ip hotspot user
add name=Lnet password=AlaMaKota123 server=LnetHotSpot
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=Glowny
/tool graphing interface
add allow-address=192.168.0.0/16 interface=Internet
add allow-address=192.168.0.0/16 interface=Lnet
add allow-address=192.168.0.0/16 interface=Mesh
/tool graphing resource
add allow-address=192.168.0.0/16
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
And second one:
# apr/23/2020 19:52:49 by RouterOS 6.46.5
# software id = 3FBU-1TN7
#
# model = RBD52G-5HacD2HnD
# serial number = zzzz
/interface bridge
add admin-mac=C4:AD:34:BF:29:F5 auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk,wpa2-eap eap-methods="" name=Most \
radius-mac-authentication=yes supplicant-identity="" wpa2-pre-shared-key=\
1234567890
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=Test \
supplicant-identity="" wpa-pre-shared-key=12345678 wpa2-pre-shared-key=\
12345678
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX \
country="united states" disabled=no distance=indoors installation=indoor \
mac-address=C4:AD:34:BF:29:22 mode=ap-bridge name=Wifi22 \
security-profile=Test ssid=Lnet wds-ignore-ssid=yes wireless-protocol=\
802.11 wps-mode=disabled
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-XXXX country="united states" disabled=no distance=indoors \
installation=indoor mac-address=C4:AD:34:BF:29:25 mode=ap-bridge name=\
Wifi25 security-profile=Test ssid=Lnet wds-ignore-ssid=yes \
wireless-protocol=802.11 wps-mode=disabled
add disabled=no hide-ssid=yes mac-address=C6:AD:34:BF:29:22 master-interface=\
Wifi22 name=Most22 security-profile=Test ssid=Dsawes452!%af332asw \
wds-default-bridge=bridge wds-ignore-ssid=yes wds-mode=dynamic-mesh \
wps-mode=disabled
add disabled=no hide-ssid=yes keepalive-frames=disabled mac-address=\
C6:AD:34:BF:29:25 master-interface=Wifi25 multicast-buffering=disabled \
name=Most25 security-profile=Most ssid=Agh243!&gsas!!s2 wds-cost-range=50 \
wds-default-bridge=bridge wds-ignore-ssid=yes wds-mode=dynamic-mesh \
wps-mode=disabled
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=Wifi22
add bridge=bridge comment=defconf interface=Wifi25
add bridge=bridge interface=Most22
add bridge=bridge interface=Most25
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wireless access-list
add mac-address=C6:AD:34:08:61:12 vlan-mode=no-tag
add mac-address=C6:AD:34:08:61:15 vlan-mode=no-tag
add mac-address=C6:AD:34:BF:29:22 vlan-mode=no-tag
add mac-address=C6:AD:34:BF:29:25 vlan-mode=no-tag
/interface wireless cap
set bridge=bridge caps-man-addresses=192.168.88.1 interfaces=Wifi22
/ip address
add address=192.168.88.2/24 comment=defconf interface=bridge network=\
192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-relay
add dhcp-server=192.168.88.1 interface=Most22 name=relay1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip route
add disabled=yes distance=1 gateway=192.168.88.1
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=Poddasze
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Its workin when seciurity Most is activated (only MAC check), with seciurity Most not working at all.
Both wlans has added virtual cards and WDS is connected to this virtual cards (becouse I can't use password on regular SSID name so WDS networks are hidden)