No Radius server we are terminating on the controler, here are the results from the logs.
show auth-tracebuf mac
Mar 8 12:03:46 station-down * 84:38:35:a8:1a:af 00:24:6c:ce:c1:30 - -
Mar 8 12:03:46 station-up * 84:38:35:a8:1a:af 00:24:6c:ce:c1:31 - - wpa2 aes
Mar 8 12:03:46 station-term-start * 84:38:35:a8:1a:af 00:24:6c:ce:c1:31 1 -
Mar 8 12:03:48 station-term-end * 84:38:35:a8:1a:af 00:24:6c:ce:c1:31/KofcMobile 11405 - failure
Mar 8 12:03:48 eap-failure <- 84:38:35:a8:1a:af 00:24:6c:ce:c1:31/KofcMobile - 4
Mar 8 12:03:48 station-down * 84:38:35:a8:1a:af 00:24:6c:ce:c1:31 - -
below is me switching from SSID (aruba-ap) that does not use 802.1x to the new SSID (Test-Mobile) using 802.1x
show log user-debug
Mar 8 12:03:46 :501102: <NOTI> |stm| Disassoc from sta: 84:38:35:a8:1a:af: AP 192.168.16.19-00:24:6c:ce:c1:30-00:24:6c:c4:ec:12 Reason STA has left and is disassociated
Mar 8 12:03:46 :501065: <DBUG> |stm| Sending STA 84:38:35:a8:1a:af message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x1, wmm:1, rsn_cap:c
Mar 8 12:03:46 :500511: <DBUG> |mobileip| Station 84:38:35:a8:1a:af, 0.0.0.0: Received disassociation on ESSID: aruba-ap Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name 00:24:6c:c4:ec:12 Group default BSSID 00:24:6c:ce:c1:30, phy a, VLAN 1
Mar 8 12:03:46 :522036: <INFO> |authmgr| MAC=84:38:35:a8:1a:af Station DN: BSSID=00:24:6c:ce:c1:30 ESSID=aruba-ap VLAN=1 AP-name=00:24:6c:c4:ec:12
Mar 8 12:03:46 :500010: <NOTI> |mobileip| Station 84:38:35:a8:1a:af, 255.255.255.255: Mobility trail, on switch 192.168.16.10, VLAN 1, AP 00:24:6c:c4:ec:12, aruba-ap/00:24:6c:ce:c1:30/a
Mar 8 12:03:46 :501000: <DBUG> |stm| Station 84:38:35:a8:1a:af: Clearing state
Mar 8 12:03:46 :501095: <NOTI> |stm| Assoc request @ 12:03:46.870397: 84:38:35:a8:1a:af (SN 977): AP 192.168.16.19-00:24:6c:ce:c1:31-00:24:6c:c4:ec:12
Mar 8 12:03:46 :501100: <NOTI> |stm| Assoc success @ 12:03:46.876899: 84:38:35:a8:1a:af: AP 192.168.16.19-00:24:6c:ce:c1:31-00:24:6c:c4:ec:12
Mar 8 12:03:46 :501065: <DBUG> |stm| Sending STA 84:38:35:a8:1a:af message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x1, wmm:1, rsn_cap:c
Mar 8 12:03:46 :522035: <INFO> |authmgr| MAC=84:38:35:a8:1a:af Station UP: BSSID=00:24:6c:ce:c1:31 ESSID=Test-Mobile VLAN=1 AP-name=00:24:6c:c4:ec:12
Mar 8 12:03:46 :500511: <DBUG> |mobileip| Station 84:38:35:a8:1a:af, 0.0.0.0: Received association on ESSID: Test-Mobile Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name 00:24:6c:c4:ec:12 Group default BSSID 00:24:6c:ce:c1:31, phy a, VLAN 1
Mar 8 12:03:46 :522030: <INFO> |authmgr| MAC=84:38:35:a8:1a:af Station deauthenticated: BSSID=00:24:6c:ce:c1:30, ESSID=aruba-ap
Mar 8 12:03:46 :500010: <NOTI> |mobileip| Station 84:38:35:a8:1a:af, 0.0.0.0: Mobility trail, on switch 192.168.16.10, VLAN 1, AP 00:24:6c:c4:ec:12, Test-Mobile/00:24:6c:ce:c1:31/a
Mar 8 12:03:46 :522049: <INFO> |authmgr| MAC=84:38:35:a8:1a:af,IP=N/A User role updated, existing Role=guest/guest, new Role=logon/guest, reason=Station is L2 deauthenticated
Mar 8 12:03:46 :522050: <INFO> |authmgr| MAC=84:38:35:a8:1a:af,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Download driven by user role setting
Mar 8 12:03:46 :522005: <INFO> |authmgr| MAC=84:38:35:a8:1a:af IP=192.168.16.73 User entry deleted: reason=essid change
Mar 8 12:03:46 :522050: <INFO> |authmgr| MAC=84:38:35:a8:1a:af,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Station resetting role
Mar 8 12:03:49 :522030: <INFO> |authmgr| MAC=84:38:35:a8:1a:af Station deauthenticated: BSSID=00:24:6c:ce:c1:31, ESSID=Test-Mobile
Mar 8 12:03:49 :522049: <INFO> |authmgr| MAC=84:38:35:a8:1a:af,IP=N/A User role updated, existing Role=logon/none, new Role=logon/none, reason=Station is L2 deauthenticated
Mar 8 12:03:49 :522050: <INFO> |authmgr| MAC=84:38:35:a8:1a:af,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0,reason=Download driven by user role setting
Mar 8 12:03:49 :501106: <NOTI> |stm| Deauth to sta: 84:38:35:a8:1a:af: Ageout AP 192.168.16.19-00:24:6c:ce:c1:31-00:24:6c:c4:ec:12 wifi_deauth_sta
Mar 8 12:03:49 :501065: <DBUG> |stm| Sending STA 84:38:35:a8:1a:af message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x1, wmm:1, rsn_cap:c
Mar 8 12:03:49 :522036: <INFO> |authmgr| MAC=84:38:35:a8:1a:af Station DN: BSSID=00:24:6c:ce:c1:31 ESSID=Test-Mobile VLAN=1 AP-name=00:24:6c:c4:ec:12
Mar 8 12:03:49 :500511: <DBUG> |mobileip| Station 84:38:35:a8:1a:af, 0.0.0.0: Received disassociation on ESSID: Test-Mobile Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name 00:24:6c:c4:ec:12 Group default BSSID 00:24:6c:ce:c1:31, phy a, VLAN 1
Mar 8 12:03:49 :500010: <NOTI> |mobileip| Station 84:38:35:a8:1a:af, 255.255.255.255: Mobility trail, on switch 192.168.16.10, VLAN 1, AP 00:24:6c:c4:ec:12, Test-Mobile/00:24:6c:ce:c1:31/a
Mar 8 12:03:49 :501080: <NOTI> |stm| Deauth to sta: 84:38:35:a8:1a:af: Ageout AP 192.168.16.19-00:24:6c:ce:c1:31-00:24:6c:c4:ec:12 Denied; Ageout
Mar 8 12:03:49 :501000: <DBUG> |stm| Station 84:38:35:a8:1a:af: Clearing state