Hopefully a quick question,
Would there be security implications if I were to have a Public Guest SSID that is assigned, say VLAN 10, then have our corporate SSID (AD machine auth with WPA2/EAP-TLS/PEAP) with that same VLAN (10) as the default but then assign the corporate VLANs to the coporate machines through ClearPass based on the Active Directory OU of the machine? My thought is that if I setup my Enforcement profile in CPPM to look at the OU and assign a VLAN, but have the Public VLAN be the last entry incase the computer is in AD, but not in an OU that has a VLAN assigned, then it would assign the Public VLAN and public role on the AP to prevent access to the corporate network. I'm thinking it'd be the same as having our public VLAN traffic flow through the same physical network as our corporate network, which we already do. Any thoughts or best practice suggestions?
Thank you!!