The implications of enabling NAT mode are as follows:
Please note that each AP will NAT to its own management IP address. As a result, LAN flows will be interrupted when the client roams between APs.
The DHCP service for NAT mode will only hand out addresses in the 10.0.0.0/8 subnet. SSIDs in NAT mode can still be used on wired networks already using a 10.x.x.x address space, however clients on the NAT SSID may be unable to communicate with these networks.
NAT mode works well for providing a wireless guest network, since it puts clients on a private wireless network with automatic addressing. Layer 3 firewall rules can also be used to quickly limit or block access to network resources.
I saw that article, but it doesn't answer the question.
Thanks for all the replies.
I think I am going to go back to a bridge mode guest network , if for nothing else than a more seamless roaming, but I do want my management traffic completely separate.
Perhaps if the alternate management IP feature comes out of beta, there will be a way to keep them separate.