I am working on seeing if we can transition from our existing Aruba environment to Meraki for wireless only.  This would be a gradual transition, so Meraki would have to work seamlessly the same as the existing Aruba network.  So while "You could/should do it this way instead" replies are appreciated, they're not really going to be useful for me.

We currently have a single SSID "Secure", and users authenticate via RADIUS and are dynamically assigned to various vlans based on their user role.  The authentication server is ClearPass, which polls AD for both U/P and AD Group membership.  Depending on their AD Group memberships, ClearPass assigns them a user role attribute (ie Student, Faculty, Staff, HelpDesk, etc).  So far, so good, Meraki can handle all that by sending the received Aruba User Role to matching Group Policies.  But here's where things get dicey.  Once they have their role, we have several contiguous vlans for each role which our Aruba Controller dynamically assigns - that is to say, there are 16 student vlans and the controller "load balances" among them, then there's 4 Faculty vlans, 4 Staff vlans, and others for other roles.

It seems like Meraki gets SO CLOSE to the same behavior but just doesn't quite get there.  I have configured Named VLANs in the VLAN Profiles and that does seem to work, if there's only one Named VLAN on the SSID.  But when I configure the Group Policy that matches the Aruba User Role, when I select Tag VLAN it only allows a single numbered VLAN.  If I could select the "Students" Named VLAN here that would be perfect, but I'm either missing something or it's not an option.

Any ideas on how to accomplish this?  This is pretty much our biggest hangup, if we can't figure this out then we can't use Meraki, which I would love to be able to do.