@henleyjj, it works exactly as you describe and as @ww and @RomanMD state. You can actually use the Layer 3 with concentrator option too for your client IP addressing (rather Han the VPN option), it tunnels the traffic in the same way, but just doesn’t give the option of a split tunnel. The one gotcha I’ve hit with this is that whereas some of the Cisco WLC’s can provide DHCP services, the MX can’t when used like this, so you need to rely on upstream infrastructure to provide DHCP addresses for the clients on the wireless network. Like the others said, stick with the native VLAN for the management interface on the MX if you can; does make things easier.
... View more