Thanks for your fast reply!
Well, that's what I tried to do but...
I have APs and clients on all four Aruba controllers which means that authentications request coming from all four controllers. And as 802.1x service is build I can't have a NAD-gruop only one MD per service, or?
See attached file.
How you guys do with authentications coming from Aruba Cluster and from different controllers?