Today I received my latest c’t magazine (computer technology) , and it handled the same topic, but better, better explained, exemples, and studies/solutions.
Coming overall solution will be VXLAN with BGP EVPN it seems. (Like WiMoVE ?)
But still my wifi split, with no-forwarding in the wifi driver and using the same-horizon values on the bridges for the branches, performs very well.
I’m not allowed to share the c’t article text, but their public link they use has some nice presentations
Using the split-horizon on bridge disables hardware offloading on all switch chips present, so all traffic passes through the CPU.
So using split-horizon also depends on what you use and how… but I totally agree about isolating each different wifi.
Yes I know. There is no such thing as a free lunch. But for wifi, it passes the CPU anyway, these interfaces are not connected to switch.
More hesitation to apply it in the PowerBox Pro where all is ethernet.
Switch port isolation to be configured. Easy in SwOS. More complex in RouterOS, it is either Bridge config or Switch config AFAIK.
Any reference to the CAPWAP tunnel in the presentations, is probably applicable for CAPsMAN (without local forwarding).