Given the setup, looks like you've got an ER-X. Get rid of the bridge, use the hardware switch (switch0).
Scratch that, more likely an ER-5.
If it is the ER-5, assuming you need everything on the same subnet, the best route forward would be leave eth1 empty and use a power injector for one of the APs -- the bridge is killing your throughput.
If using two subnets won't cause too much headache, then use two subnets.