I'd like to differenciate users sharing the same ldap directory and radius authentication.
For example, if I have a student and a teacher, i'd like to be sure that the student will stay on its vlans and so on.
I can do this by using vlan attributes and aaa override but if I do that, I will have for example a student connected to the teacher SSID but on the student vlan. It's not a pretty situation...
I read that we can use an cisco avpair attribute to force users to connect only on their SSID but it doesn't seem to work with controller.
Is anybody have a solution for my case?