Hi All!
I need some help. Now I'm testing a new WiFi Package in RouterOS ver.7.13. I do not have ax device, but I manage a few instalations with cAP ac's and planing to replace them with cAPax. Everything work with CAPsMAN with VLAN's.

I'm testimng with one CCR1009 and one cAPac with new wifi-qcom-ac package.
Here's my configurations:
------------------------------------------------
CCR1009
---------------------------------------------------
# 2023-12-19 08:59:02 by RouterOS 7.13
# software id = KKBZ-8RBC
#
# model = CCR1009-7G-1C
# serial number = 84A1078D835A
/interface bridge
add name=LAN
/interface vlan
add interface=LAN name=1.V10_VLAN vlan-id=10
add interface=LAN name=2.V16_VLAN vlan-id=16
add interface=LAN name=4.Management_VLAN vlan-id=222
/interface wifi channel
add band=2ghz-n disabled=no frequency=2412,2437,2462 name=channel2GHz \
skip-dfs-channels=all width=20mhz
add band=5ghz-ac disabled=no frequency=5180,5220,5745,5785 name=channel5GHz \
skip-dfs-channels=all width=20/40mhz
/interface wifi datapath
add bridge=LAN client-isolation=no disabled=no interface-list=dynamic name=\
V10Datapath vlan-id=10
add bridge=LAN disabled=no name=V16Datapath vlan-id=16
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no group-encryption=ccmp \
group-key-update=1h name=V10Sec
add authentication-types=wpa2-psk,wpa3-psk disabled=no group-encryption=ccmp \
group-key-update=1h name=V16Sec
/interface wifi configuration
add channel=channel2GHz country=Latvia datapath=V10Datapath disabled=no mode=\
ap name=V10_2GHz security=V10Sec ssid=WiFi6_10
add channel=channel5GHz country=Latvia datapath=V10Datapath disabled=no mode=\
ap name=V10_5GHz security=V10Sec ssid=WiFi6_10
add channel=channel2GHz country=Latvia datapath=V16Datapath disabled=no mode=\
ap name=V16_2GHz security=V10Sec ssid=WiFi6_16
add channel=channel5GHz country=Latvia datapath=V16Datapath disabled=no mode=\
ap name=V16_5GHz security=V10Sec ssid=WiFi6_16
/ip pool
add name=dhcp_pool0 ranges=10.10.10.101-10.10.10.200
add name=dhcp_pool1 ranges=10.10.16.2-10.10.23.254
add name=dhcp_pool3 ranges=10.10.223.201-10.10.223.250
add name=dhcp_pool4 ranges=192.168.23.2-192.168.23.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=1.V10_VLAN name=dhcp1
add address-pool=dhcp_pool1 interface=2.V16_VLAN name=dhcp2
add address-pool=dhcp_pool3 interface=4.Management_VLAN name=dhcp4
add address-pool=dhcp_pool4 interface=LAN name=dhcp5
/port
set 0 name=serial0
set 1 name=serial1
/interface bridge port
add bridge=LAN interface=ether1
add bridge=LAN interface=ether2
add bridge=LAN interface=ether3
/ip neighbor discovery-settings
set discover-interface-list=all
/interface wifi capsman
set enabled=yes interfaces=LAN package-path="" require-peer-certificate=no \
upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled disabled=no master-configuration=V10_2GHz \
name-format=%I slave-configurations=V16_2GHz supported-bands=2ghz-g
add action=create-dynamic-enabled disabled=no master-configuration=V10_5GHz \
name-format=%I slave-configurations=V16_5GHz supported-bands=5ghz-ac
/ip address
add address=10.20.31.61/23 interface=combo1 network=10.20.30.0
add address=10.10.10.1/24 interface=1.V10_VLAN network=10.10.10.0
add address=10.10.16.1/21 interface=2.V16_VLAN network=10.10.16.0
add address=10.10.222.1/23 interface=4.Management_VLAN network=10.10.222.0
add address=192.168.23.1/24 interface=LAN network=192.168.23.0
/ip dhcp-server
add address-pool=*3 interface=*C name=dhcp3
/ip dhcp-server network
add address=10.10.10.0/24 gateway=10.10.10.1
add address=10.10.16.0/21 gateway=10.10.16.1
add address=10.10.30.0/24 gateway=10.10.30.1
add address=10.10.222.0/23 gateway=10.10.222.1
add address=192.168.23.0/24 gateway=192.168.23.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8
/ip firewall nat
add action=masquerade chain=srcnat out-interface=combo1
/ip route
add dst-address=0.0.0.0/0 gateway=10.20.30.1
/system clock
set time-zone-name=Europe/Sofia
/system identity
set name=CAPsMAN2
/system note
set show-at-login=no
/tool romon
set enabled=yes

--------------------
cAPac
------------------

# 2023-12-19 09:03:34 by RouterOS 7.13
# software id = 412Z-1PJ5
#
# model = RBcAPGi-5acD2nD
# serial number = 9E7209C0433F
/interface bridge
add admin-mac=B8:69:F4:A7:80:55 auto-mac=no comment=defconf name=bridgeLocal \
vlan-filtering=yes
/interface vlan
add disabled=yes interface=bridgeLocal name=vlan10 vlan-id=10
add disabled=yes interface=bridgeLocal name=vlan16 vlan-id=16
/interface wifi datapath
add bridge=bridgeLocal comment=defconf disabled=no name=capdp
/interface wifi configuration
add datapath=capdp disabled=no manager=capsman name=cfg1
/interface wifi
# managed by CAPsMAN
# mode: AP, SSID: WiFi6_10, channel: 2437/n
set [ find default-name=wifi1 ] configuration=cfg1 configuration.mode=ap \
disabled=no
# managed by CAPsMAN
# mode: AP, SSID: WiFi6_10, channel: 5180/ac/Ce
set [ find default-name=wifi2 ] configuration=cfg1 configuration.mode=ap \
disabled=no
/interface wifi security
add authentication-types=wpa2-psk,wpa3-psk disabled=no group-encryption=ccmp \
name=sec1
/ip hotspot profile
set [ find default=yes ] html-directory=hotspot
/interface bridge port
add bridge=bridgeLocal comment=defconf interface=ether1
add bridge=bridgeLocal comment=defconf interface=ether2
/interface bridge vlan
add bridge=bridgeLocal tagged=ether1,bridgeLocal vlan-ids=10
/interface wifi cap
set discovery-interfaces=bridgeLocal enabled=yes
/ip dhcp-client
add comment=defconf interface=bridgeLocal
#error exporting "/ip/ssh" (timeout)
/system clock
set time-zone-name=Europe/Sofia
/system identity
set name=cAp_01_
/system note
set show-at-login=no
/tool romon
set enabled=yes

cAP's interfaces receives configuration and are dinamiclly added to localBridge of cAPac and start transmiting SSID, bur when I try to connect to WIFi there's no success (maybe information do not flow through VLAN)
I red :

vlan-id (none | integer 1..4095)
Default VLAN ID to assign to client devices connecting to this interface (only relevant to interfaces in AP mode).
When a client is assigned a VLAN ID, traffic coming from the client is automatically tagged with the ID and only packets tagged with with this ID are forwarded to the client.
Default: none

802.11ac chipsets do not support this type of VLAN tagging , but they can be configured as VLAN access ports in bridge settings.

but do not understand how to tag dinamicly created ports

I hope someone help with this complicated situation. Thank You

On the cAP AC enable Static Slave (/interface/wifi/cap> set slaves-static=yes)
This means each interface will stay permanent and you can add them to the bridge as ports and set PVID.
I have this on a wAP AC and it works like a charm.

Edit: Should also say I do not have any VLAN config in datapath for the AC interfaces in CapsMAN.

Thank You, Kindis!
----------------------------
Edit: Should also say I do not have any VLAN config in datapath for the AC interfaces in CapsMAN.
----------------------------
How can I do multiple SSID on AC caps witout VLANs on datapath?
I want to distribute two or more separated SSID(networks). Is this possible on 7.13 WiFi CAPsMAN on AC Devices?

I leave the datapath empty on CapsMAN configuration. You then add the correct VLAN on the CAP to the correct PVID in bridge settings.
As the Slave interfaces becomes static you just add them as ports in bridge and provide the PVID to the correct VLAN you need.
So more or less you push config for all but datapath to the CAP via CapsMAN but you manage the VLAN's and ports manually per cAP AC.
Is this good? No but it works

Edit: Here is my config on the wAP AC. CAP config and Bridge Config, Interfaces Wifi3 and 4 are slave interfaces here:

/interface wifi datapath
add bridge=B_LAN disabled=no name=Bridge_Config
/interface wifi cap
set caps-man-addresses=X.X.X.X,Y.Y.Y.Y enabled=yes slaves-datapath=\
Bridge_Config slaves-static=yes
/interface bridge
add ingress-filtering=no name=B_LAN port-cost-mode=short protocol-mode=none \
pvid=3000 vlan-filtering=yes
/interface bridge port
add bridge=B_LAN ingress-filtering=no interface=ether1 internal-path-cost=10 \
path-cost=10 pvid=3000
add bridge=B_LAN interface=wifi1 pvid=1000
add bridge=B_LAN interface=wifi3 pvid=1012
add bridge=B_LAN interface=wifi2 pvid=1000
add bridge=B_LAN interface=wifi4 pvid=1012
/interface bridge vlan
add bridge=B_LAN untagged=ether1 vlan-ids=3000
add bridge=B_LAN tagged=ether1 vlan-ids=1000
add bridge=B_LAN tagged=ether1 vlan-ids=1012

Everything works fine. Thank You, Kindis!

Jast like you say: Is this good? No but it works

All simplicity of CAPsMAN is loosing, but works. If I decide to change some of old cAPac's with cAP ax , would be possible to manage from same CAPsMAN, but have to write separated scripts for provisioning.

Thanks again and happy holidays

Great new!!
I also hope they will fix this VLAN and AC interface issue. I have asked multiple time and the response I get is "This currently does not work"
Does this mean they will fix it? I do not know but I think it has not been a priority as not that many has used AC interfaces with new CapsMAN but now with 7.13 that is not the case so I hope they fix this in a future release of ROS.
Happy Holidays

I made it like that and it also works

IOTBridge on Capsman device
VLAN30 on SFP port that goes to switch and then to CAPs and this VLAN30 also added as port on IOTBridge

Then on CAPs i have:

/interface bridge
add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no comment=defconf name=bridge \
port-cost-mode=short
add name=bridgeIOT
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=wifi1 internal-path-cost=10 \
path-cost=10
add bridge=bridge comment=defconf interface=wifi2 internal-path-cost=10 \
path-cost=10
add bridge=bridge interface=ether1 internal-path-cost=10 path-cost=10
add bridge=bridgeIOT interface=vlan30ether1
add bridge=bridgeIOT interface=wifi3
add bridge=bridgeIOT interface=wifi19