your requirement can be achieved by using a UDR or MAC auth. i would recommend UDR for this setup.
First can you provide the following output to understand your existing setup,
Show user | in <mac>
show aaa profile <profile name>
show rights <Role role in which the user is falling>
let us know what role you are using for portal and what role you expect the w/l vedio device to fall in.