Hello, I am new to the AX territory and I would like to ask about CAPsMAN V2 vs. Local Forwarding vs. being able to separate traffic using firewall rules.
I have successfully setup the old CAPsMAN configurations ROS V6 before, using Datapath local forwarding set to NO, so I was able to manage traffic on different CAPs using their interfaces in firewall on CAPsMAN router.

But from what I gathered so far, the datapath.local.forwarding set to YES is now the ONLY option when using CAPsMAN V2 (although even the new updated documentation still mentions also NO).
The CAP WLAN interfaces are still dynamically created on CAPsMAN router side but when I try to use them in FW rules it simply says "not ready".

So how do I easily separate the traffic now on the CAPsMAN router? Is really the only possibility to go the VLANs way, how it is described in this case study? (also note that even this case study still mentions the possibility to forward the traffic to CAPsMAN, I reckon this limitation is fairly new? And why was it even introduced?)

https://help.mikrotik.com/docs/display/ ... with+VLANs

So it seems as with the CAPsMANV2 the CAPsMAN traffic forwarding is gone, so is really the option to easily reference subnets/interfaces in firewall without VLANs.

So I finally bit the bullet and dove into the VLAN waters. I found 2 excellent VLAN YT tutorials where the trainers used one of the latest V7 ROS versions, so it was up to date, and then I crosschecked what I understood from it with the another excellend well known VLANs tutorial here from pcunite, and finally put the pieces together and understood the concept.

After a practical setup on the router, it worked flawlessly the first time I activated the VLAN filtering, and I even managed to get it working without any issues on cAP ax using CAPsMAN, something that I saw is not quite possible yet in some thread, mentioning some issues with VLANs and ax devices using CAPsMAN, but maybe it was fixed in the meantime, I cannot find the thread now.