I am currently exploring the possibility of configuring a single SSID linked to the Active Directory to segregate connected users into two groups. One group would have access solely to the internet, while the other group would have access to both the internet and the local network.
In OmniVista:
- Navigate to UPAM > Settings > LDAP/AD configuration and configure it for your domain controller.
- Navigate to UPAM > Authentication > Attribute for LDAP/AD and import the attributes you want to use to sort your users/groups. I use distinguishedName and/or memberOf.
- Navigate to UPAM > Authentication > Role Mapping for LDAP/AD and configure the AD attributes to match access role profiles.
This will segregate users based on their AD groups. From there it’s a matter of VLANs and ACLs and such to determine what they can touch.