We are setting up a Capsman Setup in a Hotel with about 25 AP’s
Now with our Standard Capsman Setup, every Mikrotik with Cap enabled, will get all Wireless Information including Passwords.
With Ubiquiti Unifi, plugging an AP into the Network, the Administrator would have to join the AP manually, before important Informations are written to the AP.
Is there a similar way in Mikrotik, that newly plugged in Mikrotiks won’t get a Member of the Capsman without explicity joining it.
Sure thing: in /capsman provisioning add separate config items, all should include radio-mac= … and disable/remove the default config item without radio-mac specified.
You can also require a peer certificate. This way only authorized devices can be provisioned.
In your 00:00:00:00:00:00 provisioning rule, change the action to “create disabled” instead of enabled. Your devices will still be able to find the manager and create themselves, but they will be deactivated and unprovisioned until you decide to enable it. That will allow you to make any changes before they are allowed to join.
It also saves you all the work of the previous suggestion, because you don’t have to go locate and add in all the device MACs by hand into separate provisioning items.