Two-level WiFi AP management

Background/topology:

  • We have a number of geographically dispersed offices: in the SF Bay Area, the Sierras and in Europe.
  • For each office we have one router (Balance or Max families, depending on the WAN connection options)
  • For each router we have a bunch of APs (mostly AP One AC minis.
  • We have a system wide IC2-based SSID/VLAN management set-up, with most SSID/VLANs being used by more than one location, but not all.
  • Adding new APs to a router they adopt the local set of SSIDs, determined by the identity of their local router.

The challenge: to manage/update the SSIDs with a minimum of fuss.
I see two strategies:

  1. Have the APs of each location be managed by the local router/AP controller
    Pro: Attaching a new AP makes it adopt the local WiFi regime automatically. Easy to introduce WiFi regimes specific to a location, with local control and visibility. Hierarchical structure.
    Con: Making system-wide changes becomes a chore (and may introduce QA consistency issues), as each of the routers has to be individually updated using the Remote Web Admin tool on IC2

  2. Register all the APs with IC2, and manage them completely through IC2. Localization being handled through the use of tags and associating tags with SSID/VLAN configuration choices.
    Pro: Consistent (and easy) global management process
    Con: No local control (all local adaptation has to be done via the global set-up, presumably using location-specific tags at the global level). Flat name space (everything defined globally). Manual, global intervention required whenever a local AP is added. And a REALLY cluttered default IC2 dashboard.

Question/wish: Is there a way to combine the features of (1) and (2) - essentially being able to use IC2 to push WiFi and VLAN configurations to the router/AP controllers, which they then adopt for their clutch of APs?