Working on a remote office deployment of a mobility access switches and RAP. Initially the MAS was going to tunnel-node back to the controller, however, a routing issue is preventing that. I also would prefer the internet traffic stay local and go direct out the RAP.
So, someone mentioned putting the MAS behind the RAP while still facilitating 802.1x authentication. This solution works best as I do want the traffic split tunneled. Has anyone done this?
I tried trunking the MAS off the RAP and indeed DHCP works from the "corp" network. However, port authentication isn't working and the access ports in the proper vlan are set to untrusted.
Is this even viable?