@Ilkay wrote:
I am using MPLS lines between my branch offices. I want to use their local vlans for clients.
In additional that , when the controller shutdown , AP should be work without controller. Operation should not stop.
then probably the best choice for your use case would be RAP with persistent bridge mode (presuming that you don't want to use instant).
Bridge mode has some caveats and limitations though, so do read up in the user guide about the things which you lose if you use bridge mode, in the section "Understanding Mode Support". RAPs of course use ipsec so all this worry about CPSEC is not relevant.
Finally, bridge mode does not receive much love these days due to instant and the rather expensive notion of putting branch controllers at every branch site, but if you want to do local offload of traffic and you don't need source nat on the AP, then bridge can do the trick (souce nat works but roaming gets ugly, avoid it)