That's confusing me. AP1 has an default-VLAN IP 192.168.1.x on Port1. OK!
WLAN-traffic (VLAN-2, VLAN3) goes tagged over Port1. OK!
Switch-port should be untagged in default-VLAN, tagged in VLAN2 and VLAN3. AP2 config vice versa Port1 with default-VLAN-IP and WLAN-traffic with egress VLANs and thats it. Why you would like to connect AP1-Port2 to AP2-Port1?