Am I right to assume that if you use LWAPP layer 2 between the APs and the WLC, that it wont work over a layer 3 boundary? LWAPP layer 2 uses ethernet frames, not ip packets, to communicate between the AP and the WLC. Is there anyway to get around this or for this to work without using LWAPP layer 3 mode?
You assume correctly. No, there is no workaround. You should be using L3 LWAPP anyway since we've deprecated L2 LWAPP. Furthermore, the only APs that support L2 LWAPP are the 1000 Series which have been EoL'd.
A VLAN can be thought of as a broadcast domain that exists within a defined set of switches. Ports on a switch can be grouped into VLANs in order to limit traffic flooding since it is limited to ports belonging to that VLAN and its trunk ports. Any switch port can belong to a VLAN. Packets are forwarded and flooded only to stations in the same VLAN. Each VLAN is a logical network, and packets destined for stations that do not belong to the same VLAN must be forwarded through a routing device.