Environment- Tested in 18.104.22.168 version.
Answer- 1. IAP supports corporate access from upstream devices using the master AP as the VPN gateway.
2. In single AP VPN deployments/GRE tunnel using a shared unmanaged switch, this can be exploited by rogue clients/IAPs to gain corporate access.
3. This feature provides a way to restrict corporate access (through VPN tunnel ) to clients/Slave APs on upstream.
4: This feature provides frestricting any unwanted Traffic eg(STP brodcast ) to flood over the tunnel causing port block issue on uplink .
Master (config) # restrict-corp-access
Master (config) # end
Master# commit apply