I have two controllers ControllerA and ControllerB.
ControllerA is setup with the following SSIDs
-----------------------------------------------------------
Internal - with VLAN pooling, PEAP authentication with Radius Server, using external DHCP server for the VLANs.
Restricted - with VLAN pooling, Certificate based authentication using ClearPass and profile provisioned from ClearPass, Using external DHCP server.
Visitor - with VLAN pooling, Captive portal based authentication using CleaPass, using Controller and DHCP server.
ControllerB is setup with the following SSIDs
-----------------------------------------------------------
Internal - with VLAN pooling, PEAP authentication with Radius Server, using external DHCP server for the VLANs.
Requirement
------------------
I would like to extend the Restricted and Visitor SSID functionalities to the ControllerB with minimal configuration changes on ControllerB. I was thinking to tunnel Restricted and Visitor SSID VLANs from ControllerB to ControllerA for this. I am expecting ControllerB to tunnel all traffic back to ControllerA and ControllerA handles user authentication, role assigments and DHCP function (for Visitor).
Question
------------
I am wondering if my understanding is correct and are there any potential issues with this setup? Thanks in advance for the help.