Not really sure how this has happened, but I have a user that every once in a while gets tossed into a "Cached" vlan that is for our guest accounts, they get an ip from that vlan but oviously have no access to anything because their roles dissalow all access to that vlan....
I was able to fix it by blacklisting the client and then removing them from the blacklist...
Here is a log snip:
pr 17 13:28:50 authmgr[1652]: <522078> <DBUG> |authmgr| MAC=74:f0:6d:1f:0e:a0, wired: 0, vlan:300 ingress:0x0x1011b (tunnel 283), ingress:0x0x1011b new_aaa_prof: Student-802_1x, stored profile: Student-802_1x stored wired: 0 stored essid: UAstudent, stored-ingress: 0x0x1011b
Apr 17 13:28:50 authmgr[1652]: <522246> <DBUG> |authmgr| Idle timeout should be driven by STM for MAC 74:f0:6d:1f:0e:a0.
Apr 17 13:28:50 authmgr[1652]: <522037> <INFO> |authmgr| MAC=74:f0:6d:1f:0e:a0 IP=0 Assign VLAN 550, Default=300 Current=300 BSSID=00:24:6c:b7:7e:a1
Apr 17 13:28:50 authmgr[1652]: <522044> <INFO> |authmgr| MAC=74:f0:6d:1f:0e:a0 Station authenticate(start): method=802.1x, role=StudentAccess/StudentAccess//guest, VLAN=300/300/550/0/550/550, Derivation=2/2, Value Pair=0
Apr 17 13:28:50 authmgr[1652]: <522127> <DBUG> |authmgr| {L2} Update role from StudentAccess to StudentAccess for IP=0.0.0.0.
Apr 17 13:28:50 authmgr[1652]: <522049> <INFO> |authmgr| MAC=74:f0:6d:1f:0e:a0,IP=N/A User role updated, existing Role=StudentAccess/StudentAccess, new Role=StudentAccess/StudentAccess, reason=Station Authenticated with auth type: 4
Apr 17 13:28:50 authmgr[1652]: <522128> <DBUG> |authmgr| download-L2: acl=70/0 role=StudentAccess, tunl=0x0x1011b, PA=0, HA=1, RO=0, VPN=0.
Apr 17 13:28:50 authmgr[1652]: <522050> <INFO> |authmgr| MAC=74:f0:6d:1f:0e:a0,IP=N/A User data downloaded to datapath, new Role=StudentAccess/70, bw Contract=0/0,reason=Download driven by user role setting
Apr 17 13:28:50 authmgr[1652]: <522158> <DBUG> |authmgr| station Authenticate is using cached vlan 550.
Apr 17 13:28:50 authmgr[1652]: <522161> <DBUG> |authmgr| Valid Dot1xct, remote:0, assigned:550, default:300, current:300,termstate:0, wired:0, dot1x enabled:1, psk:0 static:0 bssid=00:24:6c:b7:7e:a1.
Apr 17 13:28:50 authmgr[1652]: <522095> <DBUG> |authmgr| 74:f0:6d:1f:0e:a0: Sending STM new vlan info: vlan 550, AP 00:24:6c:b7:7e:a1 caller station_authenticate
Apr 17 13:28:50 authmgr[1652]: <522029> <INFO> |authmgr| MAC=74:f0:6d:1f:0e:a0 Station authenticate: method=802.1x, role=StudentAccess/StudentAccess//guest, VLAN=300/550/550/0/550/550, Derivation=2/2, Value Pair=0
Apr 17 13:28:50 authmgr[1652]: <522008> <NOTI> |authmgr| User Authentication Successful: username=URSULINESTL\13_EKozeny MAC=74:f0:6d:1f:0e:a0 IP=10.200.0.14 role=StudentAccess VLAN=550 AP=00:24:6c:c3:77:ea SSID=UAstudent AAA profile=Student-802_1x auth method=802.1x auth server=cloud-ad2
Apr 17 13:28:50 authmgr[1652]: <522243> <DBUG> |authmgr| MAC=74:f0:6d:1f:0e:a0 Station Updated Update MMS: BSSID=00:24:6c:b7:7e:a1 ESSID=UAstudent VLAN=300 AP-name=00:24:6c:c3:77:ea
Apr 17 13:28:50 authmgr[1652]: <522038> <INFO> |authmgr| username=XXXXXXXXXX\USERNAME MAC=74:f0:6d:1f:0e:a0 IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=cloud-ad2
Apr 17 13:28:50 authmgr[1652]: <522044> <INFO> |authmgr| MAC=74:f0:6d:1f:0e:a0 Station authenticate(start): method=802.1x, role=StudentAccess/StudentAccess//guest, VLAN=300/550/550/0/550/550, Derivation=2/2, Value Pair=1
Apr 17 13:28:50 authmgr[1652]: <522017> <INFO> |authmgr| MAC=74:f0:6d:1f:0e:a0 IP=?? Derived role 'StudentAccess' from server rules: server-group=StudentGroup, authentication=802.1x
Apr 17 13:28:50 authmgr[1652]: <522127> <DBUG> |authmgr| {L2} Update role from StudentAccess to StudentAccess for IP=0.0.0.0.
Apr 17 13:28:50 authmgr[1652]: <522049> <INFO> |authmgr| MAC=74:f0:6d:1f:0e:a0,IP=N/A User role updated, existing Role=StudentAccess/StudentAccess, new Role=StudentAccess/StudentAccess, reason=Station Authenticated with auth type: 4
Apr 17 13:28:50 authmgr[1652]: <522128> <DBUG> |authmgr| download-L2: acl=70/0 role=StudentAccess, tunl=0x0x1011b, PA=0, HA=1, RO=0, VPN=0.
Apr 17 13:28:50 authmgr[1652]: <522050> <INFO> |authmgr| MAC=74:f0:6d:1f:0e:a0,IP=N/A User data downloaded to datapath, new Role=StudentAccess/70, bw Contract=0/0,reason=Download driven by user role setting
Apr 17 13:28:50 authmgr[1652]: <522158> <DBUG> |authmgr| station Authenticate is using cached vlan 550.