Current behaviour
When bridge filtering on a CAPsMAN managed client is enabled, dynamic VLAN entries with the VLAN-IDs from the datapaths are created for the WiFi interfaces on the bridge.
However, when assigning a VLAN-ID to a particular WiFi client via an access list rule, no dynamic VLAN entry is created on the bridge for the WiFi interfaces matching this rule.
Why this is a problem
Since the VLAN entry is not created automatically on the bridge, the bridge filters out the traffic from the clients which got their VLAN-ID by an access rule. The entries may be created manually on each AP, but this is cumbersome and annoying, especially if the WiFi configuration (and therefore the interface names) changes regularly.
Proposed solution
If an access list rule contains a VLAN-ID, add a dynamic VLAN rule to the bridge for each WiFi interface which is matched by the rule.