It is possible to configure your controllers the way you have it, but it is bad for day-to-day troubleshooting. You should not run a VRRP between devices that are phyisically in two different sites, because if there are any connectivity issues between them, they will both think that they are the master. When the outage is restored, they will have to try to negotiate who is the master and who is not and that will create a potential issue. Instead of a solution, it introduces a problem. It is better to have a single master/backup master cluster at each site and have the access point at each site point to a VRRP local to that site. In your existing configuration, it will be difficult to support, because the connection between the local controller and the master, and then the connection between the access points and the controllers, and then the connection between the clients and the access points will need to be troubleshot if there is an issue.
To answer your beginning question, if there is problem with a local controller connecting to a master, two things could stop happening:
- ARM calculations will not be completed, because only the master makes ARM calculations
- If you have a guest database that is on the master, guests will no longer be able to authenticate.
Typically if you are authenticating using Radius, the radius authentication comes directly from the local controller that the access point is connected to, so that authentication will continue to function if the local is no longer connected to the master controller.
I hope that helps.