I think there are two different designs concerns being addressed here.
Amigopod is never inline and integrates with either a Cisco or an Aruba controller using RADIUS and th external Captive Portal (Web Authentication) configurations on the controllers.
The Aruba controllers provide the ability to peform inline device fingerprinting by inspecting the DHCP traffic sent from connecting clients to perform role derivation. This allows the network administrator to place each class of device into a different stateful firewall ruleset and provide differentiated access to network resources based on the type of device a user is connecting with.
If the later is the case then the Aruba controller will need to be inline either by terminating Aruba AP's or as a bump in the wire to an existing access network.