We're currently in the process of consolidating our SSIDs into one. This has been achieved for the vast majority of locations where CAPs are employed in bridge mode, using ClearPass to return user role and VLAN attributes.
However, the VLAN derivation via the VSA returned by ClearPass does not work where RAPs have been employed in split tunnel mode. Although the user role is updated correctly, clients stay on the initial VLAN. I've tried assigning the VLAN to the user role too, but the VLAN still doesn't change.
I have read that split tunnel RAPs do not support VLAN derivation - can anyone confirm this?