Customer needs: Virtualize Management and AC (formerly netsight and nac) and WLAN.
A must have: guest traffic must not break out in the virtual "management" environment where Netsight, NAC and WLAN resides (should reside in future).
The "bridge building" competitor (cisco) solves this with a so called "guest anchor" in the dmz which is an additional wlan-controller.
-> The guest SSID is more or less bridged at "guest anchor" controller in DMZ.
L2 security -> A separate VLAN from "virtual management environment" to DMZ is (as far as I know) no option for the customer.
From the technical point of view I do have a different opinion - however
Does anybody have an idea how to resolve this requirement?
Maybe within a special mobility setting?
Many Thanks in advance