It does. Think I am getting closer. So this is what I understand. Please correct me if something is wrong.
1. WLAN client sends DHCP query.
2. IAP offers a private IP from its magic VLAN DHCP pool (172.31.x.x)
3. WLAN client sends packets to IAP
4. IAP then source-NATs user traffic using Virtual Controller IP & forwards Frame down to the connected switch.
This is my confusion, maybe my understanding of source-nat is not correct;
From what I understand Source NAT is used to translates private IP address to a public routable address. So with this concept how does IAP translates(source-nat) Private IP addresses to public? Since VC IP is also private IP.