I want to achieve on my RB2011 v5.25
1. two wireless AP: one for employee (to access LAN), second for quest (this is easy)
2. employee, connected wireless, must enter user-name & password for authentication on RADIUS server (user-manager on same MT for start, external Windows Radius server (AD authentication) in near future) to access LAN resources
3. web page to enter user-name & password, must be accessed via https rather than http....
4. router administration (user manager also) must be not accessible via wireless...
5. What way is better to wifi users acess LAN: bridge LAN and wireless and same IP subnet, or different IP subnet & masquerading?
It's real goal?
Thanks.