This is a great question. I assume you are using the Location Groups feature and assigning that group to all your APs. In this context, when a client connects, vWLAN will look at the role and see the Location group. At this point, it will then check the AP to see which locations on it are active. At this point, it will select one based on the active locations on that particular AP. So if the Tokyo location is the only one active on the Tokyo APs, it will select that one.
The problems that this can specifically cause are the tunneling issues you mentioned. If the locations are inactive at Tokyo, or some other locations are incorrectly active in Tokyo, then unwanted tunneling can occur.
Because of this, ADTRAN recommends not using groups of locations for different physical sites and networks. I would suggest having separate locations or location groups for each separate geographical location. This will keep any tunneling that may result within those specific regions and networks.
Please respond to this post if you have further questions.
Thank you for taking the time to reply to my question.
My issue appears to be resolved already by somehow setting the switch port on the remote site to trunk although it is a small "flat" network there.
As you said "The problems that this can specifically cause are the tunneling issues you mentioned. If the locations are inactive at Tokyo, or some other locations are incorrectly active in Tokyo, then unwanted tunneling can occur." when the issue occurred i checked the AP at the remote site, but could only see the "local" location as active on the AP. As we are using the same SSID and same radius it looked like the only way to separate things would have been to go for different domains. But would it be scalable to create different domain for every location (sites) in that case?
Luckily making the port as trunk using the same formal access vlan as native vlan in the trunk solved it although i can't understand it