I'm at a small school, where I have about 30 EAP600 spread over several buildings, all with a common SSID. To this point, the network has run as a very large open hotspot. There's not even a captive portal on the network; anyone can just get on and use the internet. We like it like this. It makes it very easy for students, alumni, and guests to get on the network. But I'd also like to offer a more secure option for those who understand the important of having their traffic encrypted over the air. To that end, I now have a RADIUS server running that is connected to our Active Directory. I am able to set the EAP600's to use WPA2 with the RADIUS server to log in with my Active Directory credentials. Yay. However, I would like to use a different vlan assignment based on group membership in Active Directory. This works now in a newer building that has a different model access point, and I can see the VLAN attribute set in the radius logs. However, the EAP600's are not honoring this setting. I end up on the vlan chosen for the SSID in the web config for the access point, and I don't see a place where I can tell it to accept the vlan from RADIUS. Is it possible for EAP600 APs to use a VLAN chosen by RADIUS per connection?