Hybrid Remote Edge Access Point is designed for APs deploying in small branch offices, the APs in the branch offices have LWAPP path back to the central controller in central office via WAN link.
Supposed there’s a WAN outage, H-REAP AP will be in standalone mode providing authentication service as well as local switching service while the LWAPP path is lost due to outage, this is known as Local authentication, local switching.
While the H-REAP APs have LWAPP path back to controller, it is in connected mode, meaning the authentication will be done by the controller, while the AP is doing local switching service, this is known as Central authentication, local switching.
While in connected mode, client data and authentication requests can also be tunneled (LWAPP) back to the controller, this is known as Central authentication, central switching.
While in standalone mode, all new client join requests will be dropped by the AP, however all existing clients connected to the AP will still be served. This is known as Authentication down, local switching.
While in standalone mode, the AP drops everything and no wireless service, this is known as Authentication down, switching down.
Trunk or not to trunk
Use trunk link on AP if you have more than one locally switched WLAN configured.
Use access link on AP if you have not more than a single locally switched WLAN, or multiple locally switched that do not require wired-side separation. (Thanks Jared, for explaining this wired-side separation portion) In other words, if you do not care which VLAN the SSID is mapped to, then you can use access port, however if you want individual SSID to be mapped to the configured VLAN then a trunk port is more desirable.
Configuring dynamic interfaces, WLAN ID and H-REAP
IP subnet will be local to the SSID that the client connects
I have posted a question to clarify this. https://learningnetwork.cisco.com/message/106318#106318
For LAP configured as Local AP mode, the client receives the IP subnet that belongs to the dynamic interface associated with the WLAN. Meaning if the SSID is associated with VLAN 100, the client receives vlan100 ip subnet. However it is not the case for H-REAP enabled LAP, the client receives the IP subnet that is local to the H-REAP LAP. In other words, if the H-REAP LAP resides in vlan 30, your client receives Vlan 30 IP assignment regardless of which interface you have associated the WLAN ID. Reason for this is my AP is connected as access port, refer to section Trunk or not to trunk