Wireless Access

I've a requirement to do WLAN solution with small branches and each branch with 2 or 3 APs. They also need a centralized policy. I'm planing to use CAP(s) behind a RAP, but found this topic, https://community.arubanetworks.com/t5/Wireless-Access/RAPs-and-CAPs-Provisioning-for-Branch-Office/m-p/307714. So that I can't use that choice. Another choice if looking IAP VC with VPN, the policy is separated.  Any ideas or better way, please share us.

Thanks. 

Thanks.

At HQ with Aruba 7005, if customer is planning to use  2 or 3 broadband aDSL links that are linked to perform load sharing, can IAP VC (with VPN) at remote site establish 2 or 3 public IP addresses from HQ? if yes, please advise.

Yes, because the controller uses the mac address of the IAP device to authorize VPN connections, not ip addresses:  http://www.arubanetworks.com/techdocs/Instant_423_WebHelp/InstantWebHelp.htm#UG_files/IAP_VPN/VPN_Config.htm#VPN

Thank for your promptly updating.

I've found at the IAP VC side, the VPN menu allows to add 2 public IP addresses(one is primary, the other is backup; see picture below). It seems like the IAP VC can choose the 1st one and select the 2nd if the 1st link fails.

Note: I also attached my customer requirement diagram.