The WLC controllers support wired authentication with internal web-portal. We would like to use this feature to authenticate all wired users connected to Juniper EX switches. So Ex switch would redirect all traffic to WLC controller web-portal to authenticate using external radius server. User would get authorized access to network based on Radius attributes (time of day, bandwidth limit, data transfer limit...). After user is authenticated the EX switches will control the user connection attributes directly without all data flowing through the WLC controller. Is it possible to do this using the WLC wired authentication and internal web-portal?
the controller must be placed in-line if you want to use the web portal, so data must always flow through the controller. You can group multiple WLC interfaces together in a LAG if bandwidth is of concern here e.g. 4 x 1Gig interface.
Otherwise you will have to use an SRX firewall with UAC.