Our APs are in flexconnect but are local to the facility. The wireless clients are on the VLANxxxx from cores and our APs are on VLANxx for management. The outside internet is also provided here. What would be a configuration to try? There is no route to outside internet.

 The important thing is the WLAN.. Is the option "FlexConnect Local Switching " checked  on the WLC? If not, then the traffic is sent to the WLC and then the scenario is different.

Removed

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/215928-flexconnect-oeap-with-split-tunneling-co.html

I know this feature but I am not sure it can apply in WLC9800

Office-extend is a different feature - designed for homeworkers and probably not appropriate for this scenario.  Also that guide is for AireOS.

Some things still not clear from your descriptions:

- Is your WLC on the same site as the APs or is the WLC at a different site? (I'm getting the impression the WLC is at a separate central site)

- You want to break out the internet traffic at the local site?

- Your "simple diagram" doesn't show what's between the AP and the WLC - so what is there?  Or are you saying your AP is physically connected directly to the WLC?

Might be easier to put your diagram on a drawing showing all the relevant connectivity.  It's very difficult to answer your question without knowing all those details.

For general Flexconnect overview: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213945-understand-flexconnect-on-9800-wireless.html

There is a feature called Split Tunneling for FlexConnect that you might be able to use although it's really intended for accessing specific local services eg. printer.  But you might be able to use it to break out everything except the traffic going to specific core services.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/config-guide/b_wl_17_3_cg/m_vewlc_flex_connect.html#ID138

Actually looking at their example I think they're doing exactly what you want to - sending a specific IP for central switching and everything else local.

This is basically Layer 3 routing, I recommend you connect your Internet router to L3 switch directly. I would manipulate routing in order to achieve this, if using static routes I would add more specific routes towards MPLS where the subnets are defined and default route towards Internet in your L3 switch.

For MPLS

ip route 10.0.0.0 255.0.0.0 <MPLS Router IP>

ip route X.X.X.X X.X.X.X <MPLS Router IP>

For Internet 

ip route 0.0.0.0 0.0.0.0 <Internet Router IP>

It's called policy based routing.  Standard routing is based on the packet's destination address.  Policy based routing allows you to base the routing decision on source and/or destination address and other characteristics independent of the routing table.  In this case you would send everything originating from the mobile client subnet source range to the next hop IP of your internet router.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/configuration/xe-17/iri-xe-17-book/m_iri-pbr.html