I enabled my Cisco 1200's just recently to support two vlan's and two SSID's. One is my primary network where users authenticate against ACS 3.3 (RADIUS) to my network via TKIP and PEAP authentication. Works great.
I created a second VLAN, with a second SSID and no authentication. This is for guests. They route through a separate firewall to the Internet and it never touches our corporate network vlan.
My problem is.... how can I still control access to that VLAN without setting up wireless security and having to tell my visitors the key? I don't want to be the business of changing that key constantly on the AP's.
Is there a captive portal equivalent that is supported in Cisco Aironet's? Is there a way I can control how many "guests" are on my AP 1200's at any given time? I thought about getting a better head-end firewall that supports that feature, but that still wouldn't stop them from associating with the AP's in the first place. I'd love to do it at the AP level. I do have Cisco's ACS 3.3 software which I use for Corporate user authentication, so if I could leverage that, it would be great.