Hi Michael,
While this seems not to fix the issue, it was a great call that I was not aware and will use for my registration roles :)
But in this particular case the root cause seems to be related with Apple iOS. macOS and Windows are working fine, and they can transition from roles with different vlans without an issue.
But Apple iOS "renew dhcp" seems not to work. Even when I manually click "renew lease" under the Wifi network I don't see any DHCP traffic going to my dhcp servers. Not sure where the DHCP traffic is getting lost. It's either on the iPhone or the controller. Nothing else is involved.
Regards.
------------------------------
Ricardo Duarte
------------------------------
Original Message:
Sent: May 08, 2021 03:20 AM
From: Michael Clarke (Aruba)
Subject: Can't change VLAN on macauth
The controller may be caching the initial role it picked up. Try this and do for all roles it may pick up.
user-role <name>
registration-role
------------------------------
Michael Clarke (Aruba)
Original Message:
Sent: May 07, 2021 01:16 PM
From: Ricardo Duarte
Subject: Can't change VLAN on macauth
Hi,
I have the following problem with macauth + clearpass:
- I have a role that redirects to captive with VLAN 100
- I have a role when the user registers that goes to VLAN 200
- User connects, gets into VLAN 100 and into captive
- User registers, Clearpass sends CoA and the device reconnects and gets a role with VLAN 200 (I can see this on access tracker)
- But the devices keeps connected to VLAN 100. I need to manually disconnect and reconnect. Sending Bounce CoA or Terminate Session does not fix this. Renew DHCP also doesn't.
The controller seems to stick the device to the initial VLAN it receives, and does not change it during the session.
Only after disconnect-reconnect.
Any idea how to fix?
Thanks
------------------------------
Ricardo Duarte
------------------------------