My company is currently supporting a coworking space with several locations. Each location has roughly 30 separate units that host individual companies. We use a full MikroTik network stack assisted with the Kaplansoft TekRadius software to provide a wlan with dynamically assigned vlans.
Each location has a CCR1009, CRS326, CRS328 and wap ac’s to serve one SSID over capsman. The bridge that is included in the datapath has 30 vlans. Each vlan hosts a private IPv4 /24 and a public /64 IPv6. Wireless authentication is WPA2-EAP with passthrough to Tekradius.
The user authenticate agains Tekradius, which in its turn when accepted gives back a vlan ID to the MikroTik which then provides the respective leases. This all works as it should.
My issue at hand is that many devices cant authenticate against WPA2-(P)EAP, chromecast devices and primarily printers. I would like to include MAC authentication, however this appears only to be possible with the use of IP Hotspot. Do people here have experience with mixing Capsman and Hotspot together?