Using CAPsMAN in MikroTik does not necessarily require a public IP address for remote administration. CAPsMAN (Controlled Access Point system Manager) is a centralized administration system that allows you to manage and control multiple access points (CAPs) from a single central device, known as CAPsMAN.

However, to manage CAPsMAN remotely from outside the local network where the device is located, typically requires a public IP address or some type of remote access such as VPN or secure tunnels. This is because remote management involves accessing the device from an external location over the Internet.

To avoid exposing a public IP address directly, additional security measures can be used such as:

1. VPN (Virtual Private Network): Configure a VPN to securely access the internal network where the CAPsMAN device is located. This provides a secure tunnel over the Internet and allows remote management without directly exposing the device's public IP address.
2. Access via SSH (Secure Shell): Configure SSH access with secure authentication to manage the device remotely.
3. Web Access (HTTPS): Configure HTTPS access with SSL certificates for secure administration through the web browser.
4. Firewall: Implement firewall rules to restrict remote access to only authorized IP addresses and limit potential security risks.

In summary, although it is not strictly necessary to have a public IP address to use CAPsMAN, it is required for remote administration. However, there are secure ways to manage MikroTik devices remotely without directly exposing the device's public IP address.