AAA with inital Role for Captive Portal Redirect - Works fine
CPPM passes back a Guest role after proper authentication - Seems OK too
The Guest Role as defined on the controller has a VLAN configured different from the VLAN configured for the VAP.
The user has the correct ACL's as per the Guest Role assignment but is not getting placed on the VLAN as configured in that same Role.
Show user mac - Shows the correct role but incorrect VLAN
Show station-table - shows the initial role for captive portal redirect still
Not sure how to overcome this. If I remove the VLAN from the VAP, then the correct VLAN is assigned per the user role. I however would like to leave this set as the default VLAN for any role passed back. I then want to 'override' the VLAN for specific roles, such as a Contractor Role being passed back.
As a side note, MAC Authentication works properly. The same Guest role being passed back to the controller sets the correct vlan (as defined in the role) and the outputs of the commands above reflect the correct role.
What am I doing wrong? Must I leave the VAP VLAN empty and be sure to specify a VLAN in each User Role that would be passed back? That does seem right.