Push the MAC addresses of PPSK clients to the hotspot-to-WPA access list.

[PackElend]

Feature request: Extend hotspot-to-WPA script to support VLAN-specific WiFi passphrase sync (ROS v7.17+)

Background

Hi there, I would like to extend the existing hotspot-to-WPA script to also synchronize clients connected via the new VLAN-specific WiFi passphrase feature introduced in RouterOS v7.17 with the Hotspot-to-WPA-added MAC address list. The background is that I have a mixed environment using VLANs with both 802.11ac and 802.11ax devices. Upgrading 802.11ac devices to wifiwave2 removes the option to assign VLANs via the access list, so I will have a mixed setup.

• old CAPsMAN for ac devices with VLAN support via an access list.
• new CAPsMAN for ax devices to enable the use of the PPSK feature. (I cannot use old CAPsMAN for ax devcices, see [^1] and [^2]) [^1]: cap ax with old capsman on wi-fi ac - RouterOS / Beginner Basics - MikroTik community forum [^2]: cap ax with old capsman on wi-fi ac - RouterOS / Beginner Basics - MikroTik community forum

Proposal

Enhance the hotspot-to-WPA script to:

1. Synchronize MAC addresses of clients connected via the new VLAN-specific WiFi passphrase (introduced in ROS v7.17) with the Hotspot-to-WPA MAC address list.

2. Upon WiFi join on AX devices, add the client’s MAC to the access list as if it had joined via Hotspot.

   • Enables easier onboarding in mixed AC/AX setups.
   • Allows headless devices to connect without manual access list entries.

3. Periodically scan CAPsMAN client list for devices without a DHCP lease (i.e., static IPs) and:

   • Add them to the access list.
   • Generate a log entry for tracking.

   This is properly covered by routeros-scripts/doc/collect-wireless-mac.md at main · eworm-de/routeros-scripts

4. add the option to add hostname to the access list as that can help to troubleshoot hosts

---

Workflow

To implement this, I plan to create several PRs:

1. Documentation update – Wxtend the existing documentation to clearly describe the current functionality (to enable occasional developers to get started more quickly) and explain the new features.
2. Script preparation – Add comments and placeholders in the current script to outline where and how the new code will be integrated.
3. Feature implementation – Write the new code to synchronize VLAN-specific WiFi passphrase clients with the Hotspot-to-WPA MAC list.
4. Static IP detection module – Implement periodic CAPsMAN client list scans for devices without DHCP leases (static IPs) and add them to the access list with logging (some IoT devices could be setup with a Static IP). This is properly covered by routeros-scripts/doc/collect-wireless-mac.md at main · eworm-de/routeros-scripts
5. maybe these functions to routeros-scripts/global-functions.rsc at main · eworm-de/routeros-scripts:
   1. Find an expression in an array. This function may have to be scripted differently in a future release of ROS as there some options around[^3]. The find command has some history in this regard [^4]. So a central place for such a function would be convinient. [^3]: Searching for words in an array. - RouterOS / Scripting - MikroTik community forum [^4]: "Find" command - RouterOS / General - MikroTik community forum

---

Scripts to be touched

1. routeros-scripts/global-functions.rsc at main · eworm-de/routeros-scripts
2. routeros-scripts/hotspot-to-wpa.template.rsc at main · eworm-de/routeros-scripts
3. routeros-scripts/hotspot-to-wpa-cleanup.template.rsc at main · eworm-de/routeros-scripts
4. maybe adapt routeros-scripts/dhcp-lease-comment.template.rsc at main · eworm-de/routeros-scripts to spare hostname in the comment field in case of point 4 in the proposal above.