FreeRadius - Group NAS Clients

Question

Have spent many hours searching and no luck so far, I am looking for a clean way to group devices in freeradius for policy reference.

I tried creating a custom dictionary attribute (Device-Group) and applying it under the client definition

client cisco_device {
    ipaddr = 1.2.3.4
    Device-Group = Cisco_ISRs
}

and then in the authorization section:

if (&Device-Group == 'Cisco_ISRs') {
     &cisco-avpair := 'priv-lvl 15'
}

But looking at the debug, custom dictionary attributes dont apply with clients.

The only alternative I have so far relies on naming conventions. i.e.

client cisco_site1 {
    #blah blah
}

authorize {
    if (&Client-Shortname =~ '/^cisco_./') {
        #blah blah 
    }
}

but it would be nicer to have it in defined groups. Any insight or ideas would be greatly appreciated.