I am just studying. No particular use case. Here is what is written in the VRD..
"The backup mode is very useful for telecommuter solutions, especially when the RAP is connected to
a network that has a captive portal. When a travelling employee connects the RAP to the wired port of
a hotel network that uses captive portal, the RAP will not be able to connect to the controller. So, the
RAP broadcasts the backup SSID. The user can now connect to the backup SSID and when he opens
a web browser, the captive portal page is displayed. From perspective of the hotel’s captive portal, the
traffic originates from the MAC address and IP address of the RAP because the RAP is configured to
Scr-NAT the user traffic. After the user authenticates to the captive portal, the RAP can establish a
connection the controller. After the connectivity to the controller is established, the RAP disables the
backup SSID, broadcasts the standard SSIDs, and enables the configured wired ports"
In addition it says to use the RAP built in DHCP server...
"The user role assigned to the authenticated clients of the backup SSID should
source-NAT all user traffic, except DHCP. For example, create a backup-user
role with a policy that uses any any svc-dhcp permit followed by any any any
route src-nat rule. Also, use the internal DCP server of the RAP to provide
DHCP services for users on backup SSID."