Hello,
Those RADIUS Request Attributes should be used if you'd like to do further filtering on the Radius access-request coming from the WLC.
Only if the Radius access-request from the WLC contains those attributes with the values you specify, the authentication ruleswill be applied.
If no RADIUS Request Attributes are specified, ACS will only check that the network device belongs to any of the Assigned Device Groups.
Regards,
Fede