Hi,
We are planning to implement 801.x with dynamic VLAN assignment such that different group will have different access policies to our internal network, however I have a basic question regarding this approach. Say users in sales group is not allowed to access HR servers, I can simply apply an ACL on sale's VLAN to block this connection, but how do I stop the connection if a sales person login to a sales server and from there to make connections to HR servers?