We have a setup similar to this.
Corporate & Guest using Cisco Routers/switches etc & Ubiquiti UAP Pro's. Our corporate devices using machine authentication. Our guests use user authentication. Both from AD. This allows our users to use the same password as they use to logon to the network so they only need to remember one password.
Their devices are isolated via vlans and ACL's. Only corporate devices can get onto the corporate network due to machine authenticaton. So even though the user knows the password to authenticate on the corporate network, they can't get on unless we have specifically allowed the pc, laptop on.
You need two profiles on the radius server CORP (machine authentication) & GUEST (user authenication) with machines/users placed in the various profiles/groups.
CORP profile is 1st in list as users will drop straight through this to GUEST profile
This article helped:
community.sophos.com/.../131580
On the Ruckus ZoneDirector WLC you need to enable accounting on a per-WLAN basis which is not enabled by default.
This article helped:
community.sophos.com/.../131580
On the Ruckus ZoneDirector WLC you need to enable accounting on a per-WLAN basis which is not enabled by default.
Guys, this is the UTM Community. That this is possible with Cyberoam/XG is interesting though.
Cheers - Bob