I'm working in my lab to set up centralized guest egress where I build the vlan on the site controller and gre tunnel that to the data center where the guest vlan (and guest firewall lives).
I have that pretty much working. My client gets a guest vlan IP address, but he's not forced to the captive portal. Open to suggestions there.
However...I'm thinking of traffic like Airplay...since my L3 address is at the data center, that's gonna suck.
Is there a way I have the L3 address on my site controller and still tunnel MOST of the traffic back to the data center controller. And then leak Airplay type traffic out to the site LAN?