Users connect to wifi and and auth'd against LDAP and assigned a VLAN based on LDAP info UNLESS they are on a mobile device. In that case they're assigned to a "mobile" VLAN for all the personal phones, tablets, etc.
This is working great except that...