Customer comments below:
From what I can tell with the wifi, is that - with or without a Radius policy (if its not a domain joined laptop) you can’t seem to logon with staff or student credentials which is fine. However with Andrio\IOS tested on ipad and phone, you can log onto "staff_SSID" with staff or student credentials and also, even before you get to smoothwall to sign in, Apps will update such as Facebook.
Ideally Id like to lock down the Staff to work effectively without mobile and apple devices being able to connect.
Ipad asks to trust the school DC Cert and then lets you in. Android lets
you straight in.
They currently have a v9 wireless controller without NAC.