Mikrotik hAP-ac2 is a prosumer 2.4GHz/5GHz access point. I use several of them in my home and they work well, the only issue is the initial configuration which can be problematic if you cannot use their Windows-only WinBox tool.
After some trial-and-error, the procedure I came up with is to reset the full OS image while providing a provisioning script.
Download RouterOS tools and image
You should download Netinstall and the relevant RouterOS image for your hardware.
Prepare a configuration file
Here is the configuration file I use to setup the access point as a dumb wifi bridge. Do not forget to update SSID, addresses, etc. to match your setup!
cat > ap-config.scr << EOF
# make sure admin user has all privileges
/user group set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
# wireless config
# update my-ssid, my-secret and ap.example.com to match your setup
/interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country=france disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=my-ssid station-roaming=enabled wireless-protocol=802.11
/interface wireless set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=france disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=my-ssid station-roaming=enabled wireless-protocol=802.11
/interface wireless security-profiles set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=ap.example.com wpa-pre-shared-key=my-secret wpa2-pre-shared-key=my-secret
# network config
# bridge all interfaces
/interface bridge add name=bridge
/interface bridge port add bridge=bridge interface=ether1
/interface bridge port add bridge=bridge interface=ether2
/interface bridge port add bridge=bridge interface=ether3
/interface bridge port add bridge=bridge interface=ether4
/interface bridge port add bridge=bridge interface=ether5
/interface bridge port add bridge=bridge interface=wlan1
/interface bridge port add bridge=bridge interface=wlan2
/ip neighbor discovery-settings set discover-interface-list=none
# LAN address and default gateway
# update addresses to match your setup
/ip address add address=192.168.1.5/24 interface=bridge
/ip route add distance=1 gateway=192.168.1.1
# hostname
/system identity set name=ap.example.com
# dns
/ip dns set servers=192.168.1.2
# clock: timezone and ntp
/system clock set time-zone-name=Europe/Paris
/ip cloud set update-time=no
/system ntp client set enabled=yes primary-ntp=ntp.example.com
# hardening
/ip service set telnet disabled=yes
/ip service set ftp disabled=yes
/ip service set www disabled=yes
/ip service set api disabled=yes
/ip service set winbox disabled=yes
/ip service set api-ssl disabled=yes
/ip ssh set strong-crypto=yes
/tool bandwidth-server set enabled=no
/tool mac-server set allowed-interface-list=none
/tool mac-server mac-winbox set allowed-interface-list=none
/tool mac-server ping set enabled=no
EOF
Reset RouterOS and apply the configuration file
Connect the access point port ether1 to your computer with an ethernet cable and configure an address.
For example:
ip link set dev enp0s25 up
ip link addr add dev enp0s25 192.168.1.10/24
Next, start Netinstall:
netinstall -s ap-config.scr -r -a 192.168.1.5 routeros-arm-6.49.1.npk
Finally reboot the access point in recovery mode: for the hAP-ac2, it requires to hold the rst/wps button while powering on the access point, until Netinstall detects it.
This usually takes a few seconds.
The reinstall process should take a few minute, after which the access point should be ready to use.