I have two certificate templates configured in CloudPath that have a filter ID assigned to them. One of them does what I want and one doesn't (one that works correctly was setup a while back, broken one I am working on now). What happens with the working one is my 802.1x SSID is configured for Dynamic VLAN (AAA Override) . On the controller I have a two user roles created that assign a VLAN pool to that role. Also on the controller under Proxy Authentication where the settings for cloud path are I have the two attributes map to the user role. The one I setup previously correctly assigns the VLAN pool and traffic policy. The new one does not, the client ends up getting a DHCP address from the native vlan. I have a feeling there is something I missed on the controller side but I can't find it.