As we are planning for dynamic vlan assignment for wireless client based on their group with the help of AD & NPS Server.
We have similar done this similar with aruba controller and working well
Sharing the setup of aruba VSA for reference purpose :
You can achieve this by using the Aruba VSAs above. For example, on NPS create a newtork policy for the "IT" group and assign VLAN XYZ.
Policy Name - Wireless-IT-VLAN-Assignment
Type of Network Access Server - Unspecified
Conditions - add whatever you typically add; but make sure you have Windows Group matches IT
EAP Type - add whatever authentication types you use
Constraints - NONE
- Click Vendor Specific; click Add
- Choose Vendor Specific from the Vendor choice; click Add
- Click to add attribute information
- Select Vendor Code = 14823 and Yes it conforms, click Configure Attributes
- Choose 2 as your assigned attribute number (for Aruba-User-VLAN in the above table)
- Attribute format = integer (decimal for IAS/NPS)
- Attribute value = XYZ (VLAN number)
- Click OK to close out
On your Server Group that has the NPS servers defined, add a server derived rule that will look for this attribute from NPS and then apply the VLAN. This will set the VLAN to whatever value is sent by NPS for Aruba-User-VLAN (or to NPS, Vendor 14823, attribvute 2).