Hi,
I have several sonoff diveices which worked well on the 2.5 netowrk. Now I reorganized the network putting 4 Mikrotik devices ( 2xRBwAPG-5HacD2HnD+RB95Ui-5ac2nD+RBcAPGi-5acD2nD ) in a mesh with CAPsMAN. All are sending in both 2.5 and 5 frequencies.
I put a MAC filtering using the access list on the CAPsMAN server, with ACCEPT from any and MAC for all allowed devices, with a final 00:00:00:00:00:00 reject rule.
Everything well, phones, tablets and so on go well, so do most SONOFF devices on 2.5 WIFI.

But two or three sonoff devices di not connect with the reject rule. If I put the 00:00:00:00:00:00 rule to accept, they connect. I checked the MAC several times.
Even more weird is that first a new device did this, than trying more than ten times it stayed connect, but now other two devices go off line when i put the reject rule.
So: If I turn off MAC control il connects, if I turn on MAC control it goes of, MAC numbers controlled and corresponding.
total rules: 54
some suggestion?

A general remark, just in case you're not aware of it: ACL rules are checked in order from top to bottom, first matching rule executes (pretty much the same as, e.g., firewall filter rules). So you have to push general rules below any of specific rules which are supposed to override the general ones.

yes shure, the 00:00:00:00:00:00 reject rule is the last row of access list

About WiFi and Sonoff devices.
I have 15 relays that control the heaters. For Sonoff I had to organize a separate WiFi network with a separate controller. In order to separate the “slow” Sonoff from other devices - laptops and phones. For Sonoff I use a controller on the "wireless" package with the parameters "band=2ghz-b/g/n control-channel-width=20mhz extension-channel=disabled".
And for other devices - a controller based on a built-in "wifi" module.
Dividing into two WiFi networks avoided many problems.