Hi Rasika!
i followed your blog, step by step, what makes me confused is AP<==>switch-port configuration.
tried to google it but didn't find any help..(only in case of split-tunneling, not local switching).
from the mentioned link
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/ch7_HREA.pdf"The Split Tunneling solution assumes that the subnet/VLAN associated with a client in the central site
is not present in the local site (that is, traffic for clients that receive an IP address from the subnet present
on the central site will not be able to switch locally)."
the point and then its explanation in " ( ) " contradicts, i mean first they said that subnet shouldn't be present on local site and then they said that that subnet if existed centrally would be unable to locally switch(split-tunneling).
"The Split Tunneling functionality is designed to switch traffic locally for subnets that belong to the local
site in order to avoid WAN bandwidth consumption. Traffic that matches the FlexConnect ACL rules are
switched locally, and NAT operation is performed changing the client’s source IP address to the
FlexConnect AP’s interface IP address that is route-able at the local site/network."
regarding this point it looks like we have to keep the Ap/Switch port as access. as, it stated that traffic will be sourced from AP's ip when split-tunnel ACL entry for local switch subnet will be matched and AP is connected with the access port on it's management vlan. so, is that mean we don't want to change it to trunk(port of switch on which AP is connected).
these points are confusing .
if you can help me with this.
i even tried to work with TAC but they are confusing it with local switching where we have to enable " flex connect local switching" option under specific WLAN. i don't know why but may be this feature is rarely used by the customers..
any help would be appreciated.
Thanks and Regards.