Security

This requires RFC3576 to be enabled on your controller - you can check this in your aaa profile in your ArubaOS configuration.

I checked that and still no luck :( 

Are you running in a master local environment with your controllers? It looks like from the error message that the RADIUS request is not getting to the controller in question. Not sure if there are any network topology or firewall constraints that could be preventing this traffic from the Amigopod to the controller.

I believe you need to be using the management interface IP on Amigopod to get this properly working.

I have the same thing, and I believe it's network related in our end. Controller is inside - Amigopod is in dmz.. I see that Radius Acct is sent from Controller and received on Amigopod. Something in the way of allowed initiatior for Radius-Acct being the Controller and not Amigopod. Working with network admin to verify and fix it.

.. John

It may be network related or just not having the proper IP.

In my lab when I first started to play with Aruba-Amigopod I ran into this very issue.  Could not get clients to disconnect.  My lab is a small flat network with no firewalls in between.  The resolution to my issue was that I had configured the Aruba side to point to the LAN interface on Amigopod.  Everything works when using that interface EXCEPT the client disconnect.  When I switched everything over to the Management interface everything worked.  If you are able to do some packet captures take a look at the source IP coming from Amigopod when you disconnect clients.

Please note that the disconnect is based on the RADIUS extension of RFC3576 and therefore uses UDP port 3799 if you are managing firewall policies between the Amigopod and your controller.

Whats the difference between the LAN and MGMT  ?  

Curious if my solution fixed your disconnect issue.

I do not know what the difference is between the two interfaces.  I was originally told they are identical.  As you can see from my earlier post my experience in my lab says otherwise.

I do know that if you purchase an appliance instead of using the VM image there are two physical ports.  The LAN interface defaults to using DHCP while the Management interface uses static IP.  Otherwise I am not aware of any difference.  Maybe someone else can chime in.