Security

IOS devices cannot automatically reconnect after onboarding. I have COA and Switch IP setting enabled but after the 10 second waiting period it comes back failed to reconnect. Does anyone know what other configurations may cause the auto reconnect to fail?

Are you trying to reconnect to the same SSID or are you provisioning on one SSID and trying to have CPPM bounce the device to a different SSID?

IOS devices have an issue where they will always reconnect to the last SSID they were connected to when they are bounced with a COA. Unfortunately it is a IOS issue and that is why you have the option if you use a separate SSID for onboarding that you have the auto or manual reconnect option disabled and post a message for the user to connect to the secure SSID. 

I am trying to have the IOS device disconnect and reconnect to the same SSID after onboarding. Right now a client has to enter airplane mode or disconnect from the SSID and then reconnect in order to gain access to the network. 

what wireless vendor are you using?

Aruba

Aruba Controller with CPPM 6.1

A couple of things to check

1. Make sure you have COA enable on the device setting on the CPPM side.
2. Make sure you have in the controller under Security > Authentication > L3 Authentication  that you check mark Add switch IP address in the redirection URL

1. You add CPPM as a RFC 3576 in your AAA profile in the controller

1. And lastly in the CPGuest side go to Home » Administration » Plugin Manager under onboarding enable debugging (make sure you turn it off when you are done) and then look that the application log in the same section under administration.

I have checked over the possible solutions that you have provided and they were all configured. However, while looking at the logs they prompt this as the reason for failure

"Script:   /guest/mdps_profile.php
Function: NwaMdpsProfileDoDisconnect
Arguments:
Details:  array (
  'result' => array (
    'error' => 1,
    'message' => 'Internal error while retrieving Insight server details. Please enable Insight on a server and continue.',
  ),
)"

After enabling insight, this is the new error

Script:   /guest/mdps_profile.php
Function: NwaMdpsProfileDoDisconnect
Arguments:
Details:  array (
  'result' => array (
    'error' => 1,
    'message' => '{"content": {"cnc_actions": [{"status_message": "Radius [Aruba Terminate Session] failed for client FF:FF:FF:FF:FF:FF", "id": 1}]}, "id": "FF:FF:FF:FF:FF:FF_sess", "name": "cnc_response"}',
  ),
)

Mac address has been replaced.

This is the current config that is present on the CPPM and controller.

I have COA, L3 Swith Ip, Insight, RFC 3576 server, and Automatic reconnet all enabled. However, this is what my IOS device is doing.

Does anyone have suggestions.

Seems like the CoA messages are not working.  Is this a master or local controller? If it is a local, you may need to change the NAS IP to match the controller's IP address.  See this post:  

http://community.arubanetworks.com/t5/ClearPass-formerly-known-as/CoA-Fails/td-p/60360

Also, have a look at the RADIUS CoA stats on the controller:

show aaa rfc-3576-server statistics