There are two other factors to consider here for the CCG right now: We do not support going through NAT from AP to CCG. You would either need some sort of site-to-site tunnels (ex. AutoVPN) or give the CCG a public IP. Please also consider that the data plane is not encrypted at FCS. We are bringing support for VXLAN encryption starting with MR/MCG 32.2 release train. So even if you were to tunnel the remote APs to the Campus Gateway, you would need a way to securely transport the traffic.
... View more
