In traditional WLC deployments you can offload multiple SSIDs off into the same VLAN. Our use case is having a Guest SSID that uses portals, but some Guest organizations that are onsite all of the time want to do 802.1x authentication. In traditional deployment I simply have two SSIDs, one Guest that does RADIUS to a set of portal PSNs, and another SSID doing 802.1x to a dedicated set of PSNs that will do 802.1x for groups that will supply us their devices certificate sets. Since both user groups are "Guests" in our view, we have no issue with both being put in the same VLAN, or VN in SD-Access world. Is this configuration possible in an SD-Access environment?