these are the three attributes need to be configured for vlan ID override :
•Tunnel-Type (attribute 64)—Specifies the type of tunnel that is set up for the user to connect. In the sample RACs, this value is set to type 10, VLAN, which indicates that the user is granted access to a VLAN that is configured on the switch.
•Tunnel-Medium-Type (attribute 65)—Indicates which protocol to use over the tunnel. In the sample RACs, this is set to type 6, which specifies an 802 protocol. In the NAC/NAP environment, this is the 802.1x protocol.
•Tunnel-Private-Group-ID (attribute 81)—Indicates the group ID for the VLAN tunnel. In the sample RAC, this is set to Quarantine, which denotes a quarantine VLAN to which devices are assigned. In actual practice, you should set this value to a value that is configured on the switch.
+++on the WLC enable MAC filtering and aaa override on the WLAN,
++add the MAC address on the radius server as username and password ,
Dynamic VLAN assignment is one feature that places a wireless user into a specific VLAN based on the credentials supplied by the user. This task of assigning users to a specific VLAN is handled by a RADIUS authentication server, such as Cisco Secure ACS. This can be used, for example, to allow the wireless host to remain on the same VLAN as it moves within a campus network.
Please refer the below link for the complete configuration guide .