This article explains how to ensure the split-tunnel and bridge users on different vlans at the remote site communicate with each other locally without passing the traffic to the controller. This way the controller would not need to process unnecessary traffic as well as the latency would be less.
The remote-AP local network access feature allows local network access between clients connected to a RAP without routing the traffic back to the controller. When two clients that are connected to a split-tunnel SSID or wired port are on the same VLAN, the traffic between them always is switched locally.
However, if these two clients are on different VLANs, the traffic is routed via the controller. When remote-AP local network access is enabled, the RAP switches the traffic locally instead of routing the traffic back and forth through the controller.
Similarly, for bridge mode clients on different VLANs, the remote-AP local network access feature switches the traffic locally instead of forwarding it to the upstream router when the “user any any route src-nat” firewall rule is triggered.
Environment : This article applies to all controller models and OS versions.
Navigate to Configuration> AP Configuration> Edit the APGroup> AP> AP System Profile> Check remote-AP local network access.