How have you implemented guest access on your wired network? I currently have a fully segregated guest network on wireless, but nothing in place on wired. I would like to implement it on wired, but it needs to be able to switch to staff access based on domain credentials (derived from Windows if possible).
User plugs into network and doesn't have a domain account (or is in a non-staff OU) they get internet only access.
User plugs into network and has logged onto their laptop with domain accepted credentials they get staff access (internet and internal resources).
It may be better to key on machines that are on the domain first. So, if the user machine is on the domain, they will get staff access. In this case, I would like to keep the wireless authentication as is (since work supplied phones are not on the domain).