I am building a guest network with ClearPass captive portal for authentication. We are using the login page of the captive portal to allow AD users to connect their personal devices to the guest network. We are sending them into different VLANs based on their AD group membership.
In the enforcement profile, I am sending a CoA along with the new VLAN that the client should be placed into. We see ClearPass sending the correct information to the Aruba controller along with the CoA. The logs on the controller show the VLAN derivation it received from CPPM but the client does not reflect the correct IP address of the new VLAN.
Its not until we disconnect and reconnect the client that it will get the IP address of the new VLAN. Should we be sending a different Enforcement profile other than the Aruba Termination session and the Aruba User VLAN to get the user into the new VLAN?