May I ask if you hook up your cAP ac to the managed switch and have CAPsMAN on the router (RB4011) ?
That's how they are configured, yes.
Do you mind post your configuration on the RB4011 regarding Vlan and CAPsMAN, as well as your configuration on the AP ?
I can do that for sure. I just connected cAP ac and CAPsMAN with the vlan100-mgmt.
Here is the cAP ac config
/interface bridge
add name=br protocol-mode=none pvid=100 vlan-filtering=yes
/interface wireless
# managed by CAPsMAN
# channel: 2412/20-Ce/gn(12dBm), SSID: w1, CAPsMAN forwarding
set [ find default-name=wlan1 ] antenna-gain=8 country=germany ssid=MikroTik
# managed by CAPsMAN
# channel: 5180/20-Ceee/ac/P(20dBm), SSID: w1, CAPsMAN forwarding
set [ find default-name=wlan2 ] country=germany ssid=MikroTik
/interface vlan
add interface=br name=vlan100-mgmt vlan-id=100
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/interface bridge port
add bridge=br frame-types=admit-only-vlan-tagged ingress-filtering=yes \
interface=ether1 pvid=100
/ip neighbor discovery-settings
set discover-interface-list=none
/interface bridge vlan
add bridge=br tagged=br,ether1 vlan-ids=100
/interface wireless cap
#
set bridge=br caps-man-addresses=192.168.100.254 discovery-interfaces=\
vlan100-mgmt enabled=yes interfaces=wlan1,wlan2
/ip address
add address=192.168.100.251/24 interface=vlan100-mgmt network=192.168.100.0
/ip cloud
set update-time=no
/ip dns
set servers=192.168.100.254
/ip route
add distance=1 gateway=192.168.100.254
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=10022
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=cap01
/system leds settings
set all-leds-off=immediate
/system ntp client
set enabled=yes primary-ntp=192.168.100.254
/tool bandwidth-server
set enabled=no
...and most of the router config:
/caps-man channel
add band=2ghz-g/n control-channel-width=20mhz frequency=2412 name=ch1
add band=2ghz-g/n control-channel-width=20mhz frequency=2437 name=ch6
add band=2ghz-g/n control-channel-width=20mhz frequency=2462 name=ch11
add band=5ghz-a/n/ac control-channel-width=20mhz frequency=5180 name=ch36
add band=5ghz-a/n/ac control-channel-width=20mhz frequency=5200 name=ch40
add band=5ghz-a/n/ac control-channel-width=20mhz frequency=5220 name=ch44
add band=5ghz-a/n/ac control-channel-width=20mhz frequency=5240 name=ch48
/interface bridge
add dhcp-snooping=yes name=br-lan-wlan protocol-mode=none pvid=50 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=ether9 ] disabled=yes
/interface vlan
add interface=br-lan-wlan name=vlan10-intern-srv vlan-id=10
add interface=br-lan-wlan name=vlan20-intern-clt vlan-id=20
add interface=br-lan-wlan name=vlan30-kino vlan-id=30
add interface=br-lan-wlan name=vlan40-iot vlan-id=40
add interface=br-lan-wlan name=vlan50-gast vlan-id=50
add interface=ether10 name=vlan77-wan vlan-id=77
add interface=br-lan-wlan name=vlan100-mgmt vlan-id=100
/caps-man datapath
add bridge=br-lan-wlan name=dp-w1 vlan-id=30 vlan-mode=use-tag
add bridge=br-lan-wlan name=dp-w2 vlan-id=40 vlan-mode=use-tag
add bridge=br-lan-wlan name=dp-w3 vlan-id=50 vlan-mode=use-tag
/caps-man rates
add basic=12Mbps name="GN only - no B rates" supported=12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec-w1
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec-w2
add authentication-types=wpa2-psk encryption=aes-ccm group-encryption=aes-ccm name=sec-w3
/caps-man configuration
add country=germany datapath=dp-w1 installation=indoor mode=ap name=cfg-w1 rates="GN only - no B rates" security=sec-w1 ssid=w1
add country=germany datapath=dp-w2 installation=indoor mode=ap name=cfg-w2 rates="GN only - no B rates" security=sec-w2 ssid=w2
add country=germany datapath=dp-w3 installation=indoor mode=ap name=cfg-w3 rates="GN only - no B rates" security=sec-w3 ssid=w3
/caps-man interface
add channel=ch1 configuration=cfg-w1 disabled=no l2mtu=1600 mac-address=C4:AD:34:98:62:1F master-interface=none name=cap01-2,4-w1 radio-mac=\
C4:AD:34:98:62:1F radio-name=C4AD3498621F
add channel=ch1 configuration=cfg-w2 disabled=no l2mtu=1600 mac-address=C6:AD:34:98:62:1F master-interface=cap01-2,4-w1 name=cap01-2,4-w2 \
radio-mac=00:00:00:00:00:00 radio-name=""
add channel=ch1 configuration=cfg-w3 disabled=no l2mtu=1600 mac-address=C6:AD:34:98:62:20 master-interface=cap01-2,4-w1 name=cap01-2,4-w3 \
radio-mac=00:00:00:00:00:00 radio-name=""
add channel=ch36 configuration=cfg-w1 disabled=no l2mtu=1600 mac-address=C4:AD:34:98:62:20 master-interface=none name=cap01-5-w1 radio-mac=\
C4:AD:34:98:62:20 radio-name=C4AD34986220
add channel=ch36 configuration=cfg-w2 disabled=no l2mtu=1600 mac-address=C6:AD:34:98:62:21 master-interface=cap01-5-w1 name=cap01-5-w2 \
radio-mac=00:00:00:00:00:00 radio-name=""
add channel=ch36 configuration=cfg-w3 disabled=no l2mtu=1600 mac-address=C6:AD:34:98:62:22 master-interface=cap01-5-w1 name=cap01-5-w3 \
radio-mac=00:00:00:00:00:00 radio-name=""
add channel=ch6 configuration=cfg-w1 disabled=no l2mtu=1600 mac-address=C4:AD:34:98:65:7B master-interface=none name=cap02-2,4-w1 radio-mac=\
C4:AD:34:98:65:7B radio-name=C4AD3498657B
add channel=ch6 configuration=cfg-w2 disabled=no l2mtu=1600 mac-address=C6:AD:34:98:65:7B master-interface=cap02-2,4-w1 name=cap02-2,4-w2 \
radio-mac=00:00:00:00:00:00 radio-name=""
add channel=ch6 configuration=cfg-w3 disabled=no l2mtu=1600 mac-address=C6:AD:34:98:65:7C master-interface=cap02-2,4-w1 name=cap02-2,4-w3 \
radio-mac=00:00:00:00:00:00 radio-name=""
add channel=ch40 configuration=cfg-w1 disabled=no l2mtu=1600 mac-address=C4:AD:34:98:65:7C master-interface=none name=cap02-5-w1 radio-mac=\
C4:AD:34:98:65:7C radio-name=C4AD3498657C
add channel=ch40 configuration=cfg-w2 disabled=no l2mtu=1600 mac-address=C6:AD:34:98:65:7D master-interface=cap02-5-w1 name=cap02-5-w2 \
radio-mac=00:00:00:00:00:00 radio-name=""
add channel=ch40 configuration=cfg-w3 disabled=no l2mtu=1600 mac-address=C6:AD:34:98:65:7E master-interface=cap02-5-w1 name=cap02-5-w3 \
radio-mac=00:00:00:00:00:00 radio-name=""
add channel=ch11 configuration=cfg-w1 disabled=no l2mtu=1600 mac-address=C4:AD:34:98:66:42 master-interface=none name=cap03-2,4-w1 radio-mac=\
C4:AD:34:98:66:42 radio-name=C4AD34986642
add channel=ch11 configuration=cfg-w2 disabled=no l2mtu=1600 mac-address=C6:AD:34:98:66:42 master-interface=cap03-2,4-w1 name=cap03-2,4-w2 \
radio-mac=00:00:00:00:00:00 radio-name=""
add channel=ch11 configuration=cfg-w3 disabled=no l2mtu=1600 mac-address=C6:AD:34:98:66:43 master-interface=cap03-2,4-w1 name=cap03-2,4-w3 \
radio-mac=00:00:00:00:00:00 radio-name=""
add channel=ch44 configuration=cfg-w1 disabled=no l2mtu=1600 mac-address=C4:AD:34:98:66:43 master-interface=none name=cap03-5-w1 radio-mac=\
C4:AD:34:98:66:43 radio-name=C4AD34986643
add channel=ch44 configuration=cfg-w2 disabled=no l2mtu=1600 mac-address=C6:AD:34:98:66:44 master-interface=cap03-5-w1 name=cap03-5-w2 \
radio-mac=00:00:00:00:00:00 radio-name=""
add channel=ch44 configuration=cfg-w3 disabled=no l2mtu=1600 mac-address=C6:AD:34:98:66:45 master-interface=cap03-5-w1 name=cap03-5-w3 \
radio-mac=00:00:00:00:00:00 radio-name=""
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add name=LAN
add name=WAN
add name=vlans-dhcp
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=pool_dhcp30-kino ranges=192.168.30.101-192.168.30.120
add name=pool_dhcp40-iot ranges=192.168.40.101-192.168.40.120
add name=pool_dhcp50-gast ranges=192.168.50.101-192.168.50.120
/ip dhcp-server
add address-pool=pool_dhcp30-kino disabled=no interface=vlan30-kino name=dhcp30-kino
add address-pool=pool_dhcp40-iot disabled=no interface=vlan40-iot name=dhcp40-iot
add address-pool=pool_dhcp50-gast disabled=no interface=vlan50-gast name=dhcp50-gast
/caps-man manager
set enabled=yes
/caps-man manager interface
set [ find default=yes ] forbid=yes
add disabled=no interface=vlan100-mgmt
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=cfg-w1 slave-configurations=cfg-w2,cfg-w3
/interface bridge port
add bridge=br-lan-wlan frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether1 pvid=10
add bridge=br-lan-wlan frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether2 pvid=20
add bridge=br-lan-wlan frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether3 pvid=30
add bridge=br-lan-wlan frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether4 pvid=50
add bridge=br-lan-wlan frame-types=admit-only-vlan-tagged ingress-filtering=yes interface=ether5 pvid=100
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set rp-filter=strict
/interface bridge vlan
add bridge=br-lan-wlan tagged=br-lan-wlan,ether1 vlan-ids=10
add bridge=br-lan-wlan tagged=br-lan-wlan,ether2 vlan-ids=20
add bridge=br-lan-wlan tagged=br-lan-wlan,ether3 vlan-ids=30
add bridge=br-lan-wlan tagged=br-lan-wlan,ether4 vlan-ids=40
add bridge=br-lan-wlan tagged=br-lan-wlan,ether4 vlan-ids=50
add bridge=br-lan-wlan tagged=br-lan-wlan,ether5 vlan-ids=100
/interface list member
add interface=br-lan-wlan list=LAN
add interface=vlan77-wan list=WAN
add interface=vlan30-kino list=vlans-dhcp
add interface=vlan40-iot list=vlans-dhcp
add interface=vlan50-gast list=vlans-dhcp
/ip address
add address=192.168.10.254/24 interface=vlan10-intern-srv network=192.168.10.0
add address=192.168.20.254/24 interface=vlan20-intern-clt network=192.168.20.0
add address=192.168.30.254/24 interface=vlan30-kino network=192.168.30.0
add address=192.168.40.254/24 interface=vlan40-iot network=192.168.40.0
add address=192.168.50.254/24 interface=vlan50-gast network=192.168.50.0
add address=192.168.77.254/24 interface=vlan77-wan network=192.168.77.0
add address=192.168.100.254/24 interface=vlan100-mgmt network=192.168.100.0
/ip cloud
set update-time=no
/ip dhcp-server network
add address=192.168.30.0/24 dns-server=192.168.30.254 gateway=192.168.30.254
add address=192.168.40.0/24 dns-server=192.168.40.254 gateway=192.168.40.254
add address=192.168.50.0/24 dns-server=192.168.50.254 gateway=192.168.50.254
/ip dns
set allow-remote-requests=yes servers=192.168.77.1
/ip route
add distance=1 gateway=192.168.77.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh port=10022
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=router02
/system ntp client
set enabled=yes primary-ntp=192.168.77.1
/system ntp server
set enabled=yes manycast=no
/tool bandwidth-server
set enabled=no