I have hundreds of CapMans managing they own wireless interfaces.
On layer2 or layer3? I do have it working, but could not make it work on layer 2.
1st. and very important - never use any default configuration on router - start with absolute empty configuration.
2. Make CapsMan config
3. Exclude wlan interfaces from any bridge
4. Activate Caps on wireless - just set "discovery interface' local bridge on witch CapMan running.
Exactly the recipe I follow but:
1) I can´t remove "all" rule on capsman interfaces and if set it to forbid, local cap can´t connect. That is a bug, one should be able to specify only one interface if necessary.
I cannot agree that allow capsman on all interfaces is wise thing, and as far as I can tell this has to do with layer 2 connection because I can drop layer 3 with firewall rules.
2) Local cap only do layer 3 and not layer 2 (not a big deal but with no explanation to why this happens I still think there is something wrong)
Anyway, with all set to allow, local cap is able to connect (layer 3) and work perfectly.