Just set up a new hAP AC2, upgraded it to ROS 7.2.3, factory reset, changed from router to bridge mode with Quick Set settings, set a password for admin and WiFi, and rebooted.
Works fine as a bridge, as it's supposed to. But now I can only connect to the hAP with WinBox via MAC address, and that only works when the device I'm connecting from is directly on the WiFi network being broadcast by the hAP. If I connect to the network via another access point, I can no longer connect via MAC.
The hAP is connected via cable from ether1 to a router that's been the main router for the rest of the network for years, running DD-WRT. The hAP seems to pick up an IP address from the router, with proper netmask, and responds to pings on that IP address. But neither WinBox nor web browsers (for WebFig) can get a response from the hAP on that IP address. Whether I'm connected directly to the hAP WiFi or to another AP.
Another strange thing is that sometimes the hAP has seemed to be handing out its own IP addresses (192.168.88.nnn) to a few devices, as if the default DHCP server is still active. But I didn't even connect it physically to the rest of the network until after switching it to bridged mode and rebooting it, which I assumed would completely disable any built-in DHCP server.
It seems to always respond to pings of its IP address, but half the time I log in with WinBox the spot in the Quick Set UI where the IP address should be shown is blank.
I just wanted it to be a simple passive access point to provide an additional WiFi network. Bridge mode, DHCP off. I tried to set "Address Source" in Quick Set to "Ethernet", but it keeps wanting to go back to "Any" for some reason. I've also set the ether1 interface from "WAN" to "LAN", because I don't want it doing anything but bridging LAN to WiFi.
In short, there is just a lot of really odd behavior that I haven't encountered in most of the network devices I've worked with over the past 20 years, which includes routers with Tomato and DD-WRT firmwares, as well as stock Linksys, TP-Link and D-Link firmwares. RouterOS is definitely... different.
Could the inability to connect by IP have something to do with the firewall? I reset the device to defaults after the upgrade to 7.2.3 and never touched very much besides the Quick Set UI for the most part, just to change it from router to bridge and set the passwords.
Other than the firewall, what else could possibly be making it impossible to connect to WinBox/WebFig via the ping-able IP address?