05-26-2010 01:45 PM
What I need is a remote AP in bridged mode that drops off users locally who are members of AD group X. When group Y visits the site, they are tunneled back to the controller to be dropped off on a specific vlan.
05-26-2010 03:30 PM
you have tried...maybe post some more details to progress this.
User group X should be "Role X" which would have rules to 'route
src-nat' for the traffic you want to be dropped off locally.
User group Y should be "Role Y" which would have a more simplistic set
of rules saying simply something like 'user any permit' to send all
traffic through the tunnel back to the controller.
VLAN wise, that can be assigned per user-role, so the 'magic' in all of
this is to ensure
a) you have two roles created, with different policies, and
b) you are feeding back the group information to the controller in order
to 'derive' the appropriate role "X" or "Y"
05-26-2010 03:58 PM
Hope that helps,
Director, Strategic Account Solutions