The scenario is the next one:
Ten access points and one WLSE Express. One is configured as WDS with a priority of 254, other access point as WDS with a priority of 128, and the other as Infrastructure AP's. The infrastructure AP's are authenticating to the WDS AP with the RADIUS Server of a WLSE Express. There are two SSID's configured in each AP each one in a different VLAN. All the clients are authenticating with an IAS configured in a W2K3 machine with an Active Directory. There is configured a RADIUS Server in the WDS AP's, and the WLCCP authentication server for the clients points to an AAA group, also configured in these AP's, so I think that it is not possible authenticate to more than one RADIUS Server when you are using WDS (I can do this if I do not use WDS because I use the AAA group server configured in each SSID, but in a WDS environment the infrastructure AP do not use the RADIUS server configured in the SSID but the RADIUS server of the WDS set up). So every user can authenticate in all the SSID's, the problem is that one of the SSID's is set up for guests and we want to make some access lists with a firewall to filter the access of every user. The question will be: Can we configure two or more RADIUS Servers when I am using WDS to authenticate users in two SSID's? Maybe the solution to the problem is to configure the IAS Server correctly but I think that this server does not know the SSID of the user that is authenticating.
Thanks in advance