/interface bridge
add mtu=1500 name=Bridge-Lan vlan-filtering=yes
/interface wifi
set [ find default-name=wifi2 ] configuration.manager=capsman .mode=ap disabled=no name="Wlan(2.4GHz)"
set [ find default-name=wifi1 ] configuration.manager=capsman .mode=ap disabled=no name="Wlan(5GHz)"
/interface ethernet
set [ find default-name=ether1 ] name=1Ether-Lan
set [ find default-name=ether2 ] name=2Ether-Lan
/interface list
add name=Lan
/interface bridge port
add bridge=Bridge-Lan interface=1Ether-Lan
add bridge=Bridge-Lan interface=2Ether-Lan
add bridge=Bridge-Lan interface="Wlan(2.4GHz)"
add bridge=Bridge-Lan interface="Wlan(5GHz)"
/ip neighbor discovery-settings
set discover-interface-list=Lan lldp-mac-phy-config=yes lldp-max-frame-size=yes lldp-vlan-info=yes
/ipv6 settings
set disable-ipv6=yes forward=no
/interface bridge vlan
add bridge=Bridge-Lan tagged=1Ether-Lan,2Ether-Lan vlan-ids=10
/interface list member
add interface=Bridge-Lan list=Lan
/interface wifi cap
set discovery-interfaces=Bridge-Lan enabled=yes slaves-static=yes
/ip dhcp-client
add interface=Bridge-Lan
/ip firewall filter
add action=drop chain=input comment="drop invalid input" connection-state=invalid
add action=accept chain=input comment="allow established & related input" connection-state=established,related,untracked
add action=accept chain=input comment="allow Lan" in-interface-list=Lan
add action=drop chain=input comment="drop all input"
/ip service
set ftp disabled=yes
set ssh disabled=yes
set telnet disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system identity
set name=AP1
/system package update
set channel=long-term
/system routerboard settings
set auto-upgrade=yes
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=Lan