I am working on WLAN design that spans single floor of a building with two data closets, an east and a west side.
On each side of the building we are going to plug in LWAPP AP's, 1100 series, into our Cat 4500's In the data center, we are going to use the 4402 WLC to control these APs.
1) One set of users will need to access the internal LAN.
2) Guest users will be granted only Internet access.
3) We cannot trunk the same VLANs to each of the APs, since we are isolating each switch from the rest of the network in case of an outage.
I was thinking that we setup a WLAN with two SSID's. (SSID 1 for internal users and SSID2 for guest users.) We then tunnel the users in SSID 2 out to our firewall via a IPSec tunnel. SSID 1 users will be dumped at the WLC and allowed access to internal resources.
How would you go about accomplishing this?