Hi all, I've been trying to nut out this problem for the past few hours and I can't seem to think my way around it, so I was wondering if anyone else has any ideas. A customer of mine is wanting to set up failover capabilities for their RAPs as well as get RAPs to connect to their geographically closest controller. They've got two controllers on two separate networks in a master - local configuration. Each controller has it's own external IP, each one is addressable and we've tested termination of RAPs onto each controller by setting ap-group LMS IPs, so that's all well and good. The RAPs don't move about all that much, so we know geographically where they are and what is likely to be the best controller for them to terminate on (eg: east coast RAPs on the eastern based controller, west coast RAPs on the western based controller...). However, my problem is that we can't use named VLANs on split-tunnelled connections and each location where the controllers are has a differing VLAN topology (eg: master site uses VLAN 30 for clients, but they want to use VLAN 110 where the local controller is). Only numbers are allowed. The customer doesn't particularly want to disable split tunnelling, so as I see it, I'm left with these options... 1) creating a separate VAP profile that is bound to each separate RAP group - don't get the redundancy, but get the RAPs terminating where we want 2) changing the controller roles over to separate master or stand-alone, configure all the same groups, but change the VAP specifics to what is required at each site - I think this will be a major headache to manage ... or 3, which is whatever someone else can come up with :) RRDNS won't work as the RAPs need to connect to one location or the other due to cross-country latency (and all the joys of large RTTs that it brings) and geolocational load balancing would have been nice but it isn't available. For bonus points, does anyone have any idea why "Named VLAN only allowed for forward-mode tunnel" is the case? I wouldn't have thought that there should be much of a difference between a label and a numbered VLAN. Cheers Ian