Does the role change from post authenticated to logon role after HA failover incase of captive portal authentication?
Yes. After the HA failover process, captive portal users who are in post authenticated role on HA primary will be changed to pre-authentication role(initial role in the AAA profile) on HA secondary and this is expected.
Below output shows that HA is formed between a Master and local running 18.104.22.168. It also shows that CAP-1 and CAP-2 are terminated on the master with its standby tunnel formed to the local controller:
Below output shows the AAA profile for the captive portal profile that is in use and a captive portal user in the Initial role:
After captive portal authentication, the role is changed from logon role to authenticated:
Below is the ap database output from the local controller, where we can see AP have formed standby tunnel on the local controller:
During the HA failover process, the APs is now terminating on the local(10.17.168.168). 'Show user' output shows that role of the client is changed from 'authenticated' to 'logon':