One way to solve this problem is to change the AP connection to a layer 2 trunk with both VLANs on the trunk. You can have two different SSIDs (one for users, one for guests) and each SSID is associated with a VLAN. When a client connects to the Guest SSID, her data goes on VL 200; a regular user's data goes on VL 100.
You will need separate DHCP scopes for each VLAN, either on the AP or a central DHCP server.
WPA and WPA2 in very simple terms are two different methods for and end device and AP to exchange encryption keys. Depending on your platform, you can support WPA and/or WPA2 with either TKIP or AES.
TKIP and AES are the two methods by which the data is encrypted.
What are the biggest differences between WPA and WPA2 and why is AES so much safer than TKIP?
If it helps, think of the difference as pressing a paper towel to a three inch gash on your arm versus getting stitches at the emergency room. One is an immediate solution that mitigates the problem at hand, the other is a better, longer term solution.
WEP was broken (badly) and needed to be fixed. However standards bodies sometimes move much slower than solutions are needed. So WPA/TKIP was provided as a better solution than WEP that could be implemented purely in code/software/drivers.
Basically, TKIP is WEP with a few extra features, provided to the community largely by a major network vendor they had previously developed as proprietary enhancements. While it provided fixes to many of the problems with WEP, it is still based on WEP.
WPA was derived from a draft of the 802.11i amendment from the IEEE. There were some changes from the draft to the finalized version of 802.11i, which is why the 802.11i standard version is called WPA2. Ultimately the differences are relatively trivial in the grand scheme of things.
For encryption, the IEEE selected AES for 802.11i. This was a much stronger encryption than WEP however many existing wireless devices were not capable of handling the demands of AES, often requiring new wireless adapters to be installed/used.
Because of this limitation to AES, it was allowed to run either WPA/WPA2 with TKIP instead of AES until the IEEE finalized 802.11n. 802.11n no longer allowed support for TKIP, so an access point was supposed to disable the HT (high throughput) data rates if it were used and operate like an 802.11a/g device.
Since that time, only WPA/AES or WPA2/AES are supported officially by the 802.11 standards.
Best Answer
That's a lot of questions, so let's take them one by one.
What exactly is 802.1X Port-Based Authentication?
From Wikipedia :
In other words, it is a mechanism used in (mostly) switches and wireless access-points to allow or block devices to access the network (or granularly allow access to parts of it).
For example if you have a network port in a meeting room, you can enable 802.1x on the switchport and configure it in such a way that when an employee connects she has access to the entire network but if a guest connects (with a temporary password) he can only reach the Internet and if a passer-by is tempted to try his luck, he cannot access anything at all.
Doesn't it also use RADIUS as it's underlying authentication mechanism?
Yes and no. 802.1x uses Extensible Authentication Protocol (EAP), and the wikipedia article about 802.1x has this nice drawing that shows that for wired 802.1x:
For wireless it is similar in the sense that there is also no Radius between the supplicant and the authenticator, only between the authenticator and the auth server (to tunnel the EAP).
Now the Extensible in EAP's name is very true, there are dozens of EAP protocols that you can choose from, some will use passwords, others certificates or both, etc. etc.
What are their differences?
Well, it's a bit like comparing apples and oranges. Dot1x is not really a protocol but more a framework in which protocols like EAPoL and Radius are used.
Simplified (maybe over-simplified?) you could say:
And if we can somehow compare them, which one is more secure?
I don't believe (but anyone please correct me) that there are scenarios where you can choose between one or the other. It may make miore sense to compare Radius and EAP, to some extent.
Some things to consider: