As a large teaching hospital we have been approached by our partner university to allow their staff and students the use of our wireless infrastructure to access the university network, they ideally want to use their wireless setting (wpa2 enterprise) and their ssid to allow people to move between campuses without reconfiguring.
due to data protection rules and large amounts of complexity we can not allow our controllers and network to see the universities network and radius servers. what the plan would be would be to use the guest ssid and a anchor controller on the other side of a firewall and tunnel their traffic through the network and out.
the 2 main questions are:
Is it possible to have a guest ssid with wpa security associated with it, is this done on the anchor controller?
the second but not critical question is that they map their users to 1 of 4 vlans based on their group on their radius server is this still possible?
any other information needed please ask,
Thanks in advance,