no dot1x and the captive portal is going to be external, and on top of that the subnet for the users is going to be the same with the same DHCP, so I guess I should be fine. In regards of rogue APs detection, I guess I can define which APs are not rogue so I don't get the alarms.
thanks guys for good advise.