I'm working on a project where we will be using Meraki equipment. We want there to be a single SSID throughout the entire project. When a user with their device connects to the common SSID and WPA PSK, they will be prompted for their username and password. This authentication will place them on their assigned VLAN within the network which will allow them to communicate only with their equipment but still be able to roam where ever. This prevents the need to have 100 + SSIDs, one for each account. The only issue I am seeing is with some wireless devices that do not support 802.1x authentication. They only support standard WPA2. How can I configure a server to look at the MAC address of the device if it is incapable of the username/password entry and allow it on a specific VLAN but sill keep the functionality of having users enter in the username/password from their mobile devices?
I will have some kind of LDAP or Active Directory server in place to maintain the user accounts and to function as a radius server.