Security

i created a few organization unit and i wish user who had connected to the network will be assign to their respective vlan according to their organization unit in active directory. 

Is it for a L2 auth or L3 auth like Captive portal ?

If it is a L2 auth like .1x, you can use the server derivation rules to manipulate the roles and vlan. 

You are probably going to have to setup RADIUS via Microsoft IAS, assuming you are just using LDAP. Also, you wont be able to do this if you are just using an open SSID with captive portal.

How is your SSID set up?

Thanks for the reply. I am using .1x authentication and using RADIUS via Microsoft IAS. Do you mean assigning the correct server rules will be archive so? 

There are two parts to this:

First you must create the policies on IAS.  It should read something like: if users belong to group_A, then return value of group_A for your attribute (attribute == class in you example below).  You would continue to define additional rules for the rest of your  groups.

On the controller side, you perform a mapping that says, if attribute / value pair is class == group_A, then assign Role_A.

** If you leverage VSA, then you can save a step and not have to define the radius server rules on the controller.  The value coming back on the VSA must match the name of the role.

** I indicate role in my example because you vlan is a component of the role and you also have the option to define an acl along with it.

-michael