In my case, we use ap-group, interface-group and aaa-overwrite together,
and in WLC 7.2, FlexConnect/HREAP AP also support aaa-overwrite.
on ACS 5.3, we have to match airespace-vsa, wlan-id sent by WLC for local mode AP, and cisco av-pair for SSID sent by FlexConnect/HREAP AP.
same SSID for campus SSID access.
ap-group: HQ, wlanID#21, SSID: CAMPUS, local. with AAA-overwrite
ap-group: OFFIE, wlanID#22, SSID: CAMPUS, flex-connect. with AAA-overwrite.
wlanID#21 is assigned interface-group, vlan70~vlan80,
but we got strange behavior?
when assign user to vlan 77 on ACS, but user is be assigned into vlan 78 on WLC.
I have no chance to check if it is issued by AP-group with interface-group and AAA overwrite..
The interface configured in the WLAN is over ridden by an ap group interface. You can set any interface in the AP group but you will have been required to set an interface for the WLAN.
If you use dynamic vlan assignment the RADIUS server returns specific attributes that allocate vlans based on the user credentials. This way you can have a single SSID but upon authentication users are allocated different VLANs.
Each really has different uses.