Does Aruba Controller support switching vlan using COA?

Aruba Employee
Aruba Employee

Question: Does Aruba Controller support switching vlan using COA?


Product & Software : This article applies to all Aruba OS.

When the client's vlan is switched using the COA - Aruba Terminate session, Aruba Controller does change the vlan but the client doesn't get the ip address in the new vlan. If dhcp release / renew or aaa user delete is initiated then the client does get the ip address from the new vlan.

Aruba Controller does not honor the COA to change VLANs, if we try to  switch vlan using COA then client device does not renew the ip address which is the expected behaviour.

Version history
Revision #:
1 of 1
Last update:
‎08-14-2014 11:28 AM
Labels (1)

OK, so what method should be used to change a client vlan so that they will get an IP address in the new VLAN without any intervention from an administrator (aaa user delete) or end user (dhcp release/renew)?


The decision to check/reset/rerun DHCP lies entirely on the client end.  Different clients have different ideas of when this should be done.  Many of them will need to be entirely deauthed to get DHCP to run again.  Android in particular has been a lost cause and won't do it sometimes even in this case; the users of Androids will have to cycle their wifi.


Since they must reassociate they will do a full authentication, at which point they can be provided with the new VLAN in the normal RADIUS Access-Accept.


So the answer is, don't send COAs to change VLANs.  Send Disconnect-Requests instead and the next time they associate, offer them the new VLAN.  You can still use COAs to change ACLs and such.


(Unless you have control of the devices to the point where you can install agents to control this behavior.)