Perfect, so in theory I could do the following (all tunnelled mode from the switch - wired and wireless):
Guest internet role
Department 1 role
Department 2 role
....
Department 100 role
How would the controller differentiate between the roles? My guest internet is already in place
But these new departments I want to bring on board and keep separated; I was going to put them all in same AD and use security groups as the differentiator. Maybe up to a 100 of them ... all controlled from my controller pair. Would this work?
And by default have them not allowed to talk to each other?
Thanks