Multiple SSIDs in Capsman whit manual added interfaces

Hi.

I’m planning to add multiple SSIDs to my home network. I have setup Capsman whit manually added interfaces, for more fine tuning purposes. As I understand then adding multiple SSIDs is super easy in Provisioning whit slave configs, but this will not work in my configuration. How can I add multiple SSIDs in different way? Or is it not possible?

My config exported.

# jul/22/2020 23:21:32 by RouterOS 6.47.1
# software id = BVLC-I6J1
#
# model = RB450Gx4
# serial number =
/caps-man channel
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2412 name=CH1
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2417 name=CH2
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2422 name=CH3
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2427 name=CH4
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2432 name=CH5
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2437 name=CH6
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2442 name=CH7
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2447 name=CH8
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2452 name=CH9
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2457 name=CH10
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2462 name=CH11
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2467 name=CH12
add band=2ghz-onlyn control-channel-width=20mhz extension-channel=disabled \
    frequency=2472 name=CH13
add band=5ghz-onlyac frequency=5180 name=CH36
add band=5ghz-onlyac frequency=5200 name=CH40
add band=5ghz-onlyac frequency=5220 name=CH44
add band=5ghz-onlyac frequency=5240 name=CH48
add band=5ghz-onlyac frequency=5260 name=CH52
add band=5ghz-onlyac frequency=5280 name=CH56
add band=5ghz-onlyac frequency=5300 name=CH60
add band=5ghz-onlyac frequency=5320 name=CH64
add band=5ghz-onlyac frequency=5500 name=CH100
add band=5ghz-onlyac frequency=5520 name=CH104
add band=5ghz-onlyac frequency=5540 name=CH108
add band=5ghz-onlyac frequency=5560 name=CH112
add band=5ghz-onlyac frequency=5580 name=CH116
add band=5ghz-onlyac frequency=5600 name=CH120
add band=5ghz-onlyac frequency=5620 name=CH124
add band=5ghz-onlyac frequency=5640 name=CH128
add band=5ghz-onlyac frequency=5660 name=CH132
add band=5ghz-onlyac frequency=5680 name=CH136
add band=5ghz-onlyac frequency=5700 name=CH140
add band=5ghz-onlyac frequency=5745 name=CH149
add band=5ghz-onlyac frequency=5765 name=CH153
add band=5ghz-onlyac frequency=5785 name=CH157
add band=5ghz-onlyac frequency=5805 name=CH161
add band=5ghz-onlyac frequency=5825 name=CH165
/interface bridge
add admin-mac=C4:AD:34:75:CA:B0 auto-mac=no comment=defconf name=bridge
/interface ethernet
set [ find default-name=ether1 ] comment=WAN mac-address=74:4D:28:78:2A:17
set [ find default-name=ether2 ] comment="Maigo\F2a ala"
set [ find default-name=ether3 ] comment="Mened\FEments"
set [ find default-name=ether5 ] comment="Mammas istaba/POE"
/caps-man rates
add basic=24Mbps ht-basic-mcs=mcs-3 ht-supported-mcs="mcs-3,mcs-4,mcs-5,mcs-6,\
    mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,\
    mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" name=ieteicamie supported=\
    24Mbps,36Mbps,48Mbps,54Mbps vht-basic-mcs="" vht-supported-mcs=""
add basic="1Mbps,2Mbps,5.5Mbps,11Mbps,6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,\
    48Mbps,54Mbps" name=visi supported="1Mbps,2Mbps,5.5Mbps,11Mbps,6Mbps,9Mbps\
    ,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps"
add basic=12Mbps ht-basic-mcs=mcs-1 ht-supported-mcs="mcs-1,mcs-2,mcs-3,mcs-4,\
    mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mc\
    s-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23" name=\
    "ieteicamie 12" supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
    vht-basic-mcs="" vht-supported-mcs=""
/caps-man configuration
add channel.tx-power=15 country=latvia datapath.bridge=bridge \
    datapath.local-forwarding=no installation=indoor keepalive-frames=\
    disabled name=cfg1 rates=ieteicamie security.authentication-types=\
    wpa2-psk security.disable-pmkid=yes security.encryption=aes-ccm \
    security.group-encryption=aes-ccm security.group-key-update=1h ssid=\
    Sleepnis
add channel.tx-power=15 country=latvia datapath.bridge=bridge installation=\
    indoor keepalive-frames=disabled name=test rates=ieteicamie \
    security.authentication-types=wpa2-psk security.disable-pmkid=yes \
    security.encryption=aes-ccm security.group-encryption=aes-ccm \
    security.group-key-update=1h ssid=test
/caps-man interface
add channel=CH6 channel.frequency="" channel.tx-power=11 configuration=cfg1 \
    disabled=no l2mtu=1600 mac-address=C4:AD:34:C5:F0:9B master-interface=\
    none mtu=1500 name="Maigonja ala 2.4Ghz" radio-mac=C4:AD:34:C5:F0:9B \
    radio-name=C4AD34C5F09B
add channel=CH36 channel.tx-power=18 configuration=cfg1 \
    datapath.client-to-client-forwarding=yes disabled=no l2mtu=1600 \
    mac-address=C4:AD:34:C5:F0:9C master-interface=none name=\
    "Maigonja ala 5GHz" radio-mac=C4:AD:34:C5:F0:9C radio-name=C4AD34C5F09C
add channel=CH11 channel.frequency=2462 channel.tx-power=10 configuration=\
    cfg1 disabled=no l2mtu=1600 mac-address=C4:AD:34:D9:4B:06 \
    master-interface=none mtu=1500 name="Mammas istaba 2.4Ghz" radio-mac=\
    C4:AD:34:D9:4B:06 radio-name=C4AD34D94B06
add channel=CH52 channel.frequency=5260 channel.tx-power=18 configuration=\
    cfg1 disabled=no l2mtu=1600 mac-address=C4:AD:34:D9:4B:07 \
    master-interface=none name="Mammas istaba 5Ghz" radio-mac=\
    C4:AD:34:D9:4B:07 radio-name=C4AD34D94B07
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.88.100-192.168.88.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge lease-time=8h name=defconf
/system logging action
set 1 disk-file-count=5
/caps-man access-list
add action=accept allow-signal-out-of-range=always disabled=no interface=\
    "Maigonja ala 5GHz" mac-address=F0:86:20:89:85:24 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=any \
    mac-address=F0:86:20:89:85:24 ssid-regexp=""
add action=accept allow-signal-out-of-range=10s disabled=no interface=\
    "Mammas istaba 2.4Ghz" mac-address=40:CD:7A:D1:3B:20 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=any \
    mac-address=40:CD:7A:D1:3B:20 ssid-regexp=""
add action=accept allow-signal-out-of-range=10s disabled=no interface=\
    "Mammas istaba 2.4Ghz" mac-address=B4:E1:C4:D3:40:AC ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=any \
    mac-address=B4:E1:C4:D3:40:AC ssid-regexp=""
add action=accept allow-signal-out-of-range=10s disabled=no interface=\
    "Mammas istaba 5Ghz" mac-address=D0:37:45:85:C5:F0 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=any \
    mac-address=D0:37:45:85:C5:F0 ssid-regexp=""
add action=accept allow-signal-out-of-range=10s disabled=no interface=\
    "Maigonja ala 2.4Ghz" mac-address=10:B1:F8:05:21:E2 ssid-regexp=""
add action=reject allow-signal-out-of-range=10s disabled=no interface=any \
    mac-address=10:B1:F8:05:21:E2 ssid-regexp=""
add action=accept allow-signal-out-of-range=10s disabled=no signal-range=\
    -70..120 ssid-regexp=""
add action=reject
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=bridge
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg1
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=ether2 network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server lease
add address=192.168.88.2 comment="Me\FEonis" mac-address=E0:D5:5E:A3:EF:5B \
    server=defconf
add address=192.168.88.51 comment="cAP ac Mammas istaba" mac-address=\
    C4:AD:34:D9:4B:04 server=defconf
add address=192.168.88.3 client-id=1:f0:86:20:89:85:24 comment="LG TV WiFi" \
    mac-address=F0:86:20:89:85:24 server=defconf
add address=192.168.88.30 comment="Spuldz\EEte 1 Maigo\F2a ala" mac-address=\
    04:CF:8C:A0:BF:2A server=defconf
add address=192.168.88.31 comment="Spuldz\EEte 2 Maigo\F2a ala" mac-address=\
    04:CF:8C:A0:B6:4B server=defconf
add address=192.168.88.21 client-id=1:40:cd:7a:d1:3b:20 comment="Mammas TV" \
    mac-address=40:CD:7A:D1:3B:20 server=defconf
add address=192.168.88.50 client-id=1:c4:ad:34:c5:f0:96 comment=\
    "hAP ac2 Maigo\F2a ala" mac-address=C4:AD:34:C5:F0:96 server=defconf
add address=192.168.88.20 client-id=1:d0:37:45:85:c5:f0 comment=\
    "Mammas dators" mac-address=D0:37:45:85:C5:F0 server=defconf
add address=192.168.88.4 client-id=1:64:95:6c:2d:1d:3a comment="LG TV LAN" \
    mac-address=64:95:6C:2D:1D:3A server=defconf
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes cache-size=1024KiB use-doh-server=\
    https://1.1.1.1/dns-query verify-doh-cert=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat dst-address=192.168.88.0/24 src-address=\
    192.168.88.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat dst-port=63718 in-interface=ether1 protocol=\
    tcp to-addresses=192.168.88.2 to-ports=63718
add action=dst-nat chain=dstnat comment=Aspia dst-port=5135 in-interface=\
    ether1 protocol=tcp to-addresses=192.168.88.2 to-ports=5135
add action=dst-nat chain=dstnat comment=VNC dst-address=89.254.164.110 \
    dst-port=61595 protocol=tcp to-addresses=192.168.88.2 to-ports=61595
add action=dst-nat chain=dstnat comment=Plex dst-address=89.254.164.110 \
    dst-port=32400 protocol=tcp to-addresses=192.168.88.2 to-ports=32400
add action=dst-nat chain=dstnat disabled=yes dst-port=32400 in-interface=\
    ether1 protocol=tcp to-addresses=192.168.88.2 to-ports=32400
add action=dst-nat chain=dstnat disabled=yes dst-address=89.254.164.110 \
    dst-port=61595 protocol=tcp to-addresses=192.168.88.2
add action=masquerade chain=srcnat disabled=yes out-interface=ether1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Riga
/system identity
set name="Sleepnja Kastiite"
/system logging
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
add action=disk topics=critical
add action=disk topics=error
add action=disk topics=info
add action=disk topics=warning
add action=disk disabled=yes topics=dhcp
add action=disk prefix=debug topics=wireless,debug
add action=disk prefix=debug topics=caps,debug
add action=disk topics=ntp
add action=disk disabled=yes topics=dns
/system ntp client
set enabled=yes primary-ntp=162.159.200.1
/system ntp server
set enabled=yes
/system scheduler
add interval=1d name="Auto Upgrade" on-event=\
    "/system script run \"Auto Upgrade\"" policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-date=nov/11/2019 start-time=03:00:00
/system script
add dont-require-permissions=no name="Auto Upgrade" owner=maigonis policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\
    #\r\
    \n##   Automatically upgrade RouterOS and Firmware\r\
    \n##   https://github.com/massimo-filippi/mikrotik\r\
    \n##\r\
    \n##   script by Maxim Krusina, maxim@mfcc.cz\r\
    \n##   based on: http://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS\r\
    \n##   created: 2014-12-05\r\
    \n##   updated: 2019-01-26\r\
    \n##   tested on: RouterOS 6.43.8 / multiple HW devices\r\
    \n##\r\
    \n########## Set variables\r\
    \n## Update channel can take values before 6.43.8: bugfix    | current | d\
    evelopment | release-candidate\r\
    \n## Update channel can take values after  6.43.8: long-term | stable  | d\
    evelopment | testing\r\
    \n:local updChannel       \"stable\"\r\
    \n## Notify via Slack\r\
    \n:local notifyViaSlack   false\r\
    \n:global SlackChannel    \"#log\"\r\
    \n## Notify via E-mail\r\
    \n:local notifyViaMail    false\r\
    \n:local email            \"your@email.com\"\r\
    \n########## Upgrade firmware\r\
    \n## Let's check for updated firmware\r\
    \n:local rebootRequired false\r\
    \n/system routerboard\r\
    \n\r\
    \n:if ( [get current-firmware] != [get upgrade-firmware]) do={\r\
    \n\r\
    \n   ## New version of firmware available, let's upgrade\r\
    \n   ## Notify via Log\r\
    \n   :log info (\"Upgrading firmware on router \$[/system identity get nam\
    e] from \$[/system routerboard get current-firmware] to \$[/system routerb\
    oard get upgrade-firmware]\")\r\
    \n   ## Notify via Slack\r\
    \n   :if (\$notifyViaSlack) do={\r\
    \n       :global SlackMessage \"Upgrading firmware on router *\$[/system i\
    dentity get name]* from \$[/system routerboard get current-firmware] to *\
    \$[/system routerboard get upgrade-firmware]*\";\r\
    \n       :global SlackMessageAttachements  \"\";\r\
    \n       /system script run \"Message To Slack\";\r\
    \n   }\r\
    \n   ## Notify via E-mail\r\
    \n   :if (\$notifyViaMail) do={\r\
    \n       /tool e-mail send to=\"\$email\" subject=\"Upgrading firmware on \
    router \$[/system identity get name]\" body=\"Upgrading firmware on router\
    \_\$[/system identity get name] from \$[/system routerboard get current-fi\
    rmware] to \$[/system routerboard get upgrade-firmware]\"\r\
    \n   }\r\
    \n   ## Upgrade (it will no reboot, we'll do it later)\r\
    \n   upgrade\r\
    \n   :set rebootRequired true\r\
    \n\r\
    \n}\r\
    \n\r\
    \n\r\
    \n########## Upgrade RouterOS\r\
    \n\r\
    \n## Check for update\r\
    \n/system package update\r\
    \nset channel=\$updChannel\r\
    \ncheck-for-updates\r\
    \n## Wait on slow connections\r\
    \n:delay 15s;\r\
    \n## Important note: \"installed-version\" was \"current-version\" on olde\
    r Roter OSes\r\
    \n:if ([get installed-version] != [get latest-version]) do={\r\
    \n   ## Notify via Log\r\
    \n   :log info (\"Upgrading RouterOS on router \$[/system identity get nam\
    e] from \$[/system package update get installed-version] to \$[/system pac\
    kage update get latest-version] (channel:\$[/system package update get cha\
    nnel])\")\r\
    \n   ## Notify via Slack\r\
    \n   :if (\$notifyViaSlack) do={\r\
    \n       :global SlackMessage \"Upgrading RouterOS on router *\$[/system i\
    dentity get name]* from \$[/system package update get installed-version] t\
    o *\$[/system package update get latest-version] (channel:\$[/system packa\
    ge update get channel])*\";\r\
    \n       :global SlackMessageAttachements  \"\";\r\
    \n       /system script run \"Message To Slack\";\r\
    \n   }\r\
    \n\r\
    \n   ## Notify via E-mail\r\
    \n   :if (\$notifyViaMail) do={\r\
    \n       /tool e-mail send to=\"\$email\" subject=\"Upgrading RouterOS on \
    router \$[/system identity get name]\" body=\"Upgrading RouterOS on router\
    \_\$[/system identity get name] from \$[/system package update get install\
    ed-version] to \$[/system package update get latest-version] (channel:\$[/\
    system package update get channel])\"\r\
    \n   }\r\
    \n   ## Wait for mail to be sent & upgrade\r\
    \n   :delay 15s;\r\
    \n   install\r\
    \n} else={\r\
    \n    :if (\$rebootRequired) do={\r\
    \n        # Firmware was upgraded, but not RouterOS, so we need to reboot \
    to finish firmware upgrade\r\
    \n        ## Notify via Slack\r\
    \n        :if (\$notifyViaSlack) do={\r\
    \n            :global SlackMessage \"Rebooting...\";\r\
    \n            :global SlackMessageAttachements  \"\";\r\
    \n            /system script run \"Message To Slack\";\r\
    \n        }\r\
    \n        /system reboot\r\
    \n    } else={\r\
    \n        # No firmware nor RouterOS upgrade available, nothing to do, jus\
    t log info\r\
    \n        :log info (\"No firmware nor RouterOS upgrade found.\")\r\
    \n        ## Notify via Slack\r\
    \n        :if (\$notifyViaSlack) do={\r\
    \n            :global SlackMessage \"No firmware nor RouterOS upgrade foun\
    d.\";\r\
    \n            :global SlackMessageAttachements  \"\";\r\
    \n            /system script run \"Message To Slack\";\r\
    \n        }\r\
    \n    }\r\
    \n}"
add dont-require-permissions=yes name=netdownreboot owner=maigonis policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
    if ([/ping 8.8.8.8 interval=5 count=60] =0) do={\r\
    \nlog info \"my ping watchdog is down\" ; /system reboot\r\
    \n}"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool netwatch
add down-script="/system script run netdownreboot" host=8.8.8.8
/tool romon
set enabled=yes

Can you first explain why you need/want multiple SSID’s?
Do you also use VLAN’s?

Mostly for educational purposes. I work in school and I'm planning to deploy Mikrotik APs in classrooms, hallways, rest areas etc. I will manage them whit Capsman. As usual, I will need one ssid for administration, one for kids, one for guests,... Multiple SSIDs will be start, there is a lot of thing I want to implement. Needs and configuration will vary per classroom.

I don't use VLANs at home, but I'm planing to implement them for the same reason as above.

[quote=JanLewisfD post_id=807444 time=1595508498 user_id=168368]
I have dynamic, it’s ok.
[/quote]

But I cant edit interfaces whit dynamic, that is the issue.

Can you explain why provisioning rules won’t work in your config to provision the virtual APs? For each radio that is managed by capsman, you really need to manage it via capsman, otherwise you are defeating the purpose of using capsman.

For example, how can I set TX power, fixed channel, security profiles, datapath configs for interfaces? TX power and channel I set on every AP manually, that is a must have.

Maybe I don’t fully understand how Capsman work.

In /caps-man provisioning you can pin specific configuration set to particular APs … for that, use “radio-mac=xx:xx:xx:xx:xx:xx” matching MAC address of wifi interface on that particular AP. And make sure that default catch-all provisioning rule is last on the list (reorder as necessary) or else the specific rules won’t trigger.

Hi!

In my opinion, you are approaching this in a bad way. Let me explain.

When you link an Access point to CAPSMAN, that said AP will provide its Radios. The Radio is the physical component of the AP which does the WIFI emitting. Most APs will provide 2 Radios, one for 2.4 Ghz and one for 5 GHz. Capsman will take those 2 radios and try to use them for wifi by applying what it finds under menu Capsman → Provisioning. If you have a provisioning rule there which has action “create enabled” or " create dynamic enabled" it will create 2 CAPS interfaces, one for each radio.
So it usually goes like this:

1. You configure rates, security, datapaths, channels ( all submenus of the capsman menu)
2. You create a configuration pointing at the things in pct 1 (also a capsman submenu)
3. you create a provisioning rule which has master config ( pct 2) and action ( like create enabled)
4. you link the AP → capsman sees 2 radios → creates 2 CAP interfaces with the CFG provided, everything starts working

Now EVERY step above can be tuned to accommodate 1000 different setups. You can:

• have multiple rates, security, datapaths, channels
• have multiple configurations as a combination of the above things
• have provisioning rules tied to a specific Radio MAC. Meaning the provisioning rule will only work if the RADIO MAC you define matches ( usually people put there 00:00…)
• have provisioning rules tied to Radio capabilities, for example a provisioning rule for radios that support AC ( so 5GHZ) and one for radios that support N and A ( so only 2 Ghz)
  basically thousands of iterations.

As I understand, you want to control the TX power and channel on each AP. This is a very advanced setup. Here is what I would do.

1. Create 1 CONFIGURATION for each and every AP you will deploy. This will allow you to fine tune every little item on that AP (tx, channel, whatever, rate, SSID)
2. Create 1 CONFIGURATION with a generic setup, a SSID like TEMP, everything on default
3. Create a provisioning rule with radio MAC 00:00… , master configuration - the generic config you did at pct 2, action “create enabled”
4. Connect APs one by one and change the config from pct 2 to pct 1. The “create enabled” action in the provisioing menu will create the CAP interface automatically but allow you to modify everything on it once created (create dynamic enabled will grey everything and will not allow you to change).
   Be carefull to choose the correct CFG based on radio, meaning the CFG for 5GHZ channels on the CAP interface that supports 5GHZ.
   So it will go like this:
5. connect the first AP; capsman sees it and creates 2 CAP interfaces (named CAP1 and CAP2) with the default config. You go in and rename the interfaces and change the config so it uses your highly customized settings.
6. connect next AP; repeat
   The other options are:

• Create all interfaces manually; I find that hard to keep track of
• Create provisioning rules specific to each RADIO MAC; a lot of work

POINT 2 - multiple SSIDs
One you have the CAP interfaces above done you can create new CAP interfaces as slaves of the ones above called “masters”. Each slave interface can have it’s own configuration file ( so a different SSID, a vlan tag) but with the following restriction - it will use the same RADIO parameter as the master interface no matter what you configure in its config. Why? A radio cannot blast on 2 frequencies at the same time. But this will help you with creating a specific SSID in a certain classroom because you already know the master interface working in that classroom.

Thank you for input. I got is working in manual way, my issue was that I didn’t changed MAC address for virtual interface. (silly me) When I copy manually created interface, change MAC and set master interface then everything works like it should. Of course virtual interface will share the same radio, so I cant change channels, but that is not needed and in that way it works for all vendors. It is by design.

Firstly, thanks for having exactly the same problem as me… on the same weekend. Rare

One question though… I had originally set up the provisioning in capsman as “create dynamic enabled” rather than “create enabled” (which is where I was running into problems not being able to create slave interfaces. Is there any benefit to using “create dynamic enabled” as opposed to having capsman generate static interfaces?

Thanks!

As I was following Mikrotik wiki to setup Capsman I used “create dynamic enabled”. I don’t have issue creating slave interfaces, but as its Mikrotik you can do one thing in different ways.