Add local controller to active/standby (vrrp) toplogy


Today i have two AMC7220 version configyred as active/standby (vrrp) with HA group (the role is one is active and second is backup), central license and forwording mode is tunnel.

All AP work's via master controller and open "standby" tunnel to standby controller. (the standby controller is idle and will operate only if master fail).

Now i need to add new controller on branch office thr connection to this branch office is via L3.

I wonder what is the best way to add this controller ???

I thought to add him as local controller so he will get all his configuration from master (except vlan ip's etc), on the master build new AP Group for branch office AP's, in the new AP group under ap system configure lms as new controller and backup lms vrrp ip of my active/standby controllers.

When AP from branch office will be connected to the network the local dhcp will send him with option 43 the vrrp ip of my master/standby the AP will download from my master firmeware configuration and after reboot he will register (open tunnel) with local beacuse the lms ip

My questions are:

1.what should i do with redundancy ? if local controller fail the AP's will go to vrrp ip as configured under AP group but this is legacy redundant, can i use HA group for fast fail over ?

2. What happen to client's session's after local controller fixed and branch AP's goes backup to local controller ?

Do they have to do reauthentication ?

3. During local controller fail all his AP's goes to my master (vrrp) controller the client should get there ip's from main office dhcp server,

What happen to client ip's after local controller fixed and AP's goes back to local controller, do they get ip from branch office dhcp server ?

4. One of my SSID terminates client session on the controller to so i  installed ca certificate on both controllers active & standby and when i dowload the certificate to controller i had to give them excatly same name on master and standby, do i have to the same on local controller, give the certificate download file same name i gave on master/standby ?

Please advice if this is the best way to add Branch office (over L3) to my master/standby (vrrp) toplogy.



