I am trying to re-design my network and I would like some input as to where to run CAPsMAN. I have a CCR1009-7G-1C-1S+ (edge) router connected to a CRS326-24S+2Q+ switch (core) then to a CRS328-24P-4S+ switch (campus) and CRS318-16P-2S+ switch (remote). The APs are cAPGi-5HaxD2HaxD. Some are connected to the campus and some to the remote switch.
My question is where to run CAPsMAN to obtain the best performance. Currently, it is running on the CRS328. Should I move it to the CRS326?
CRS326 or CRS328, same CPU so doesn’t make a difference.
CRS318, slightly less.
CCR1009… that’s a beast !
Personally I prefer to run it on a router but I also have 1 installation where it runs on CRS326, another CRS328 (router is not MT, not under my control).
You can even run it on one of the cAP devices if you want 
(but it will then have some oddities for the local radios, not much)
If all runs well and there are no issues with the CRS326, leave it.
If you really want to move it, I would put it on the router. But that’s me.
As @holvoetn already explained (using different words): CAPsMAN does very little[*] so it doesn’t matter much which device runs it. I agree that some central router (or edge router in installations without central routers) would be the place of choice.
[*] old (wireless) CAPsMAN had option “capsman forwarding” which caused actual traffic of wireless clients to pass through CAPsMAN itself. In that case CAPsMAN has to have some CPU resources to handle the traffic. Another option was “local forwarding” and all traffic was handled by APs (break out to wired network on the APs directly), in this case CAPsMAN only provisions radios on APs (and handles very little signalling for client mobility), hence CPU load is small. With modern (wifi) CAPsMAN, “local forwarding” is the only option. And in this case, running CAPsMAN on a switch is not a problem.
When selecting device to run CAPsMAN it might be important to consider the fact that if CAP device looses connectivity to CAPsMAN (LAN connectivity issues, CAPsMAN device stops working, etc.), then CAP radios cease to work. So when there are multiple choices about where to run CAPsMAN, I tend to choose device which is vital for wireless clients anyway (e.g. central or edge router, without it most of clients won’t have desired service anyway). In your case and in this aspect, running it on core switch is probably as good as on router.