Upgraded to 6.3.1.1 this weekend and saw the same issue that we saw with the 6.3.1.0 upgrade, clients not being able to do anything. Aruba TAC identified a problem with the validuser ACL:
(Aruba) (config) #ip access-list session validuser
(Aruba) (config-sess-validuser)#any any any permit position 3 ß-----corrected one
(Aruba) (config-sess-validuser)#no any any any deny ß-------wrong one
What is strange is that, that deny line has been in our config for sometime, at least 6 months, and was not affecting clients in the previous code we were running, 6.1.3.6-Airgroup.
E