In the KT slides I've found this information...
"Both local and centralized authentications are supported."
... and my assumption was that if the CTP tunnel is up that 802.1X authetication is done on the controller (=centralized) and local authentication is only done if the tunnel is down.
But as soon as I enable sites with RADIUS the only authentication request are tx from the AP directly to the RADIUS even the tunnel AP/controller is up.
Is that the correct behavior ?