I'm getting a little confused with terminology and lingo and wanted to ask a few questions straighten things out regarding Remote APs. I need to setup a remote office and they need Wi-Fi access as well as access to local services (file share, internal sites, etc.) behind a firewall at our main building.
So far I've done the following setup: public IP on controller, firewall open for UDP port 4500, Enable IPsec, L2TP, PAP for auth and then setup a L2TP IP pool. I've setup also setup a VAP for the Remote APs, and added our main SSID and AAA profile. I then changed the VAPs forwarding mode to bridge. This was the beginning of my questions; when I did this is complained that I needed Control plane security enabled. When I googled this I saw a thread with someone saying Enable CPS and auto cert provisioning. They then said that this is not needed if this is for RAPs. When he mentions RAPs does he mean remote APs or the cheap RAP-3 type APs? From googling I did run across some stuff regarding those not capable of IPsec so maybe it's just a miscommunication issue.
Currently I do not have Control plane security enabled, which I believe is needed. However this is part of my confusion since ultimately I would prefer not to turn it on since it sounds like all my APs would need to reboot to enable it. I also read in another thread that if you use a RAP setup as a VPN or setup the VAP as split tunnel then you don't need to enable control plane security. Not really sure the best way to approach this. I have money to buy APs if needed however I also can repurpose some older 125/135s if those can work as well.
Also my last question is that I read somewhere that you can’t use guest captive portal in bridged mode. Is there any way around this?
Thanks