Latest News

Your guide to smarter Wi-Fi 6 management with Mikrotik’s CAPsMAN
Your guide to smarter Wi-Fi 6 management with Mikrotik’s CAPsMAN

MikroTik’s CAPsMAN (Controlled Access Point System Manager) has long been a powerful tool for centrally managing large Wi-Fi deployments. With the introduction of MikroTik’s Wi-Fi 6 products, CAPsMAN has been significantly updated, offering a streamlined configuration process, better integration with RouterOS, and improved scalability for modern wireless networks.

Whether you are deploying a handful of access points or hundreds, the new CAPsMAN makes it possible to manage them all from a single controller with unified configuration, logging, authentication, and updates. Here’s an overview of how it works and what’s new.

Centralised management with CAPsMAN

Instead of configuring each access point individually, CAPsMAN allows you to:

• Define a single Wi-Fi configuration profile (SSID, security settings, channels, VLANs, etc.)

• Apply that profile to any number of access points

• Manage authentication via RADIUS

• View and control all AP connections from one place

This approach dramatically reduces setup time and ensures consistency across large deployments.

The new Wi-Fi configuration menu

In older versions, CAPsMAN had its own separate menu. With Wi-Fi 6, the new CAPsMAN is fully integrated into the Wi-Fi configuration menu, which now manages both local and remote interfaces.

This unified menu makes configuration more intuitive and allows flexible setups where local and CAPsMAN-managed interfaces coexist seamlessly.

Profiles: The core of CAPsMAN

At the heart of CAPsMAN is the concept of profiles.

Category profiles define parameters such as:

  • Channel (frequency, width)
  • Datapath (forwarding rules, VLANs, bridges)
  • Security (WPA2/WPA3 keys, authentication methods)

Configuration profiles bring these elements together, letting you define a complete Wi-Fi setup including SSID, regulatory domain, channel, and security

Once created, these profiles can be applied to multiple interfaces. If you set a value directly on an interface, it overrides the profile, giving you fine-grained control where needed.

Adding CAPs (Access Points)

Any RouterOS device can act as a CAPsMAN controller. To enable CAPsMAN:

1. Open the Wi-Fi configuration menu → Remote CAP tab

2. Turn on CAPsMAN service

3. Add APs (CAPs) either manually or automatically:

Manually: Configure the CAP to connect to the controller

Automatically: Reset the CAP to default, enabling CAP mode, which hands over Wi-Fi management to the controller

For advanced deployments, you can specify management VLANs or connect CAPs across different networks using IP addressing.

Security: Encrypted Management

CAPsMAN uses TLS certificates to secure communication between the controller and CAPs:

• By default, the controller generates certificates automatically

• For production networks, you can require CAPs to present valid certificates or integrate with an external certificate authority

Provisioning Access Points

Provisioning allows you to automatically assign configuration profiles to CAPs as they connect:

• Dynamic provisioning: Temporary; configurations are reapplied after disconnection or upgrade

• Static provisioning: Persistent; settings remain across upgrades and can be manually modified

Provisioning rules can be customized based on CAP identity, IP address, or supported frequency band. For example, you can limit 2.4GHz radios to non-overlapping 20MHz channels.

Virtual Access Points (VAPs)

One physical interface can host multiple virtual APs, enabling:

• Guest Wi-Fi

• IoT networks

• Separate SSIDs for different use cases

Provisioning can automatically add virtual APs. The Master interface sets channel settings, while Slave interfaces inherit them but can have independent data paths such as bridges or VLANs.

Centralised updates

CAPsMAN simplifies firmware management by automatically upgrading connected CAPs to match the controller’s RouterOS version:

• If packages are available on the controller, they can be pushed to CAPs automatically

• For CAPs with different CPU architectures or drivers, the correct packages must be stored on the controller

Compatibility: New vs Old CAPsMAN

The updated CAPsMAN is designed for Wi-Fi 6 and newer access points. Older Wi-Fi 4 and early Wi-Fi 5 APs must still be managed using the legacy CAPsMAN, which remains supported.

From RouterOS 7.13 onward, both CAPsMAN versions can run simultaneously on the same controller, ensuring smooth coexistence during migrations.

Why use the new CAPsMAN?

Scalability: Manage hundreds of APs with ease

Consistency: Centralised profiles ensure uniform SSIDs, security, and channel management

Security: Encrypted management connections and certificate options

Flexibility: Supports VLANs, provisioning rules, and multiple virtual APs

Efficiency: Centralised firmware updates keep networks secure and up to date

The new CAPsMAN brings modern, scalable Wi-Fi management to MikroTik’s latest access points. By unifying configuration, improving security, and enabling automated provisioning, it is a must-have tool for anyone deploying large or complex Wi-Fi 6 networks.

If you are already using the old CAPsMAN, you can transition at your own pace as both systems can coexist. For new deployments, however, the updated CAPsMAN delivers a simpler, smarter, and more powerful way to manage MikroTik Wi-Fi. If you want to update your CAPsMAN contact our sales team on sale@miro.co.za or connect directly with Nova, our AI powered MiRO specialist for expert advice

Comments

View Comments
Product added to wishlist