I have no expierience with a 4402 controller so I cannot comment on that. However, do you happen to have a boradband connection as well coming in to your site besides your T1 circuits that your production net work uses?
You can create vlans to segregate the networks. I know in the 1200 series you can create up to 16 vlans i believe. Anyhow .. not sure If I pointed you in the direct direction. But to me it sounds like anyway you go will require some sort of vlanning.
The easiest way is to have one port seupt for trunking that your management and ap-managers will use (port 1). Then create another dynamic interface for your guest traffic and that will be on a different port on the 4402 (port 2). Connect that to your DMZ and you should be good to go. You can setup the dynamic interface for any vlan... doesn't matter since you will connect that directly into your DMZ.
i am very much interested in doin the same thing ans i think your suggestion could help solve my problem,but i don really understand part of what u are saying.
say i create native vlan for management and ap-managers and use port one for that particular vlan.
the create a guset vlan anf have it passing through port 2 all the way to the DMZ.is that what you are saying ??
my current situation is that i have two vlans,vlan 1 which has the corporate wlan and vlan 4 which was created for guests all the vlans are allowed to pass through port 1.my problem is that guests clients cannot get dhcp addresses from the scope that i create either in the controller or in the switch.It only gets addresses from the vlan 1,which is on the corporate network.and on the other side if i create another native vlan for the corporate wlan the aps are not able to register with the controller.how do i get around this ?
What you should also do is create a custom webauth that uses a login. this page will also contain your terms and conditios for using the guest wireless. username and passwords are managed on the controller and you can change the username and password every week or so to prevent vendors from letting some of your internal staff know the username and password... which they want to know since they see it as open access. if you prefer not to use a username password scenerio, then use a passthough, in which the guest user has to accept the terms and conditions.