Just going to throw my experience in the ring. Most importantly, your mileage may very.
A partner and I labbed this up and tested it, where it worked with Windows, OSX, Android, and iOS. Below I have modified the instructions for 6.5 MAC Caching Service. Please re-create your guest services from scratch in 6.5 using the Start Here option and selecting Guest Authentication with MAC Caching. Then make the following modifications:
- The result of ALL Successful logins on the RADIUS service is Aruba-Terminate-Session, instead of a RADIUS Accept or an Aruba-User-Role. Leave all other enforcement profiles, as we will need the Endpoint:MAC-Auth Expiry in order for MAC Caching to work.
- Aruba-User-Role is passed back as part of the MAC Caching service. Make sure the Aruba-User-Role that is being passed back matches exactly the User Roles on your Aruba Controller, and you have configured the appropriate VLAN on the controller for that role. You will need to modify the enforcement in order to pass back the Aruba-User-Role instead of the Allow Access Profile and break out different Aruba-User-Role enforcement profiles for each guest type.
There may be some operating systems that get stuck to their IP address and wont re-DHCP, I know Windows 7 wired VLAN changes don't work without a bounce port. Give this a try and let us know your results. Most users will disable and re-enable their wireless if they cannot get to the internet, at which point they will be on the correct VLAN if the Aruba-Terminate-Session didn't get their device to release its DHCP address.