I have same situation with the Androids...but JUST with the Androids. Here is an user-debug:
Sep 5 11:02:05 :501065: <DBUG> |stm| send_ageout_sta_ack 8157: Send ageout sta 28:98:7b:5d:dd:b4 ack back to AP (10.136.1.9)
Sep 5 11:02:05 :501105: <NOTI> |stm| Deauth from sta: 28:98:7b:5d:dd:b4: AP 10.136.1.9-6c:f3:7f:db:8b:d1-infobex-ap1 Reason STA has left and is deauthenticated
Sep 5 11:02:05 :501065: <DBUG> |stm| Sending STA 28:98:7b:5d:dd:b4 message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x1, wmm:1, rsn_cap:0
Sep 5 11:02:05 :500511: <DBUG> |mobileip| Station 28:98:7b:5d:dd:b4, 0.0.0.0: Received disassociation on ESSID: infobex-corp Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name infobex-ap1 Group infobex-ap BSSID 6c:f3:7f:db:8b:d1, phy g, VLAN 1
Sep 5 11:02:05 :522036: <INFO> |authmgr| MAC=28:98:7b:5d:dd:b4 Station DN: BSSID=6c:f3:7f:db:8b:d1 ESSID=infobex-corp VLAN=1 AP-name=infobex-ap1
Sep 5 11:02:05 :500010: <NOTI> |mobileip| Station 28:98:7b:5d:dd:b4, 255.255.255.255: Mobility trail, on switch 10.136.3.241, VLAN 1, AP infobex-ap1, infobex-corp/6c:f3:7f:db:8b:d1/g
Sep 5 11:02:05 :522004: <DBUG> |authmgr| MAC=28:98:7b:5d:dd:b4 ingress 0x1090 (tunnel 16), u_encr 64, m_encr 64, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
Sep 5 11:02:05 :522004: <DBUG> |authmgr| station free: bssid=6c:f3:7f:db:8b:d1, @=0x108c4644
Sep 5 11:02:05 :522004: <DBUG> |authmgr| MAC=28:98:7b:5d:dd:b4 Send Station delete message to mobility
Sep 5 11:02:05 :522004: <DBUG> |authmgr| 28:98:7b:5d:dd:b4: station datapath entry deleted
Sep 5 11:02:05 :501000: <DBUG> |stm| Station 28:98:7b:5d:dd:b4: Clearing state
Sep 5 11:02:16 :501095: <NOTI> |stm| Assoc request @ 11:02:16.815173: 28:98:7b:5d:dd:b4 (SN 4): AP 10.136.1.9-6c:f3:7f:db:8b:d1-infobex-ap1
Sep 5 11:02:16 :501100: <NOTI> |stm| Assoc success @ 11:02:16.818383: 28:98:7b:5d:dd:b4: AP 10.136.1.9-6c:f3:7f:db:8b:d1-infobex-ap1
Sep 5 11:02:16 :501065: <DBUG> |stm| Sending STA 28:98:7b:5d:dd:b4 message to Auth and Mobility Unicast Encr WPA2 8021X AES Multicast Encr WPA2 8021X AES VLAN 0x1, wmm:1, rsn_cap:0
Sep 5 11:02:16 :500511: <DBUG> |mobileip| Station 28:98:7b:5d:dd:b4, 0.0.0.0: Received association on ESSID: infobex-corp Mobility service ON, HA Discovery on Association Off, Fastroaming Disabled, AP: Name infobex-ap1 Group infobex-ap BSSID 6c:f3:7f:db:8b:d1, phy g, VLAN 1
Sep 5 11:02:16 :500010: <NOTI> |mobileip| Station 28:98:7b:5d:dd:b4, 0.0.0.0: Mobility trail, on switch 10.136.3.241, VLAN 1, AP infobex-ap1, infobex-corp/6c:f3:7f:db:8b:d1/g
Sep 5 11:02:16 :522035: <INFO> |authmgr| MAC=28:98:7b:5d:dd:b4 Station UP: BSSID=6c:f3:7f:db:8b:d1 ESSID=infobex-corp VLAN=1 AP-name=infobex-ap1
Sep 5 11:02:16 :522004: <DBUG> |authmgr| MAC=28:98:7b:5d:dd:b4 ingress 0x1090 (tunnel 16), u_encr 64, m_encr 64, slotport 0x1040 , type: local, FW mode: 0, AP IP: 0.0.0.0
Sep 5 11:02:16 :522038: <INFO> |authmgr| username=arubademo MAC=28:98:7b:5d:dd:b4 IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=infobex-radius
Sep 5 11:02:16 :522004: <DBUG> |authmgr| Auth done called from Authenticated state
Sep 5 11:02:16 :522044: <INFO> |authmgr| MAC=28:98:7b:5d:dd:b4 Station authenticate(start): method=802.1x, role=logon//, VLAN=1/1/0/0/0, Derivation=0/0, Value Pair=1
Sep 5 11:02:16 :522004: <DBUG> |authmgr| {L2} infobex-default from profile "infobex-corp-aaa_prof"
Sep 5 11:02:16 :522004: <DBUG> |authmgr| {L2} Update role from logon to infobex-default for IP=0.0.0.0
Sep 5 11:02:16 :522049: <INFO> |authmgr| MAC=28:98:7b:5d:dd:b4,IP=N/A User role updated, existing Role=logon/none, new Role=infobex-default/none, reason=Station Authenticated with auth type: 4
Sep 5 11:02:16 :522004: <DBUG> |authmgr| download-L2: acl=57/0 role=infobex-default, tunl=0x1090, PA=0, HA=1, RO=0, VPN=0
Sep 5 11:02:16 :522050: <INFO> |authmgr| MAC=28:98:7b:5d:dd:b4,IP=N/A User data downloaded to datapath, new Role=infobex-default/57, bw Contract=0/0,reason=Download driven by user role setting
Sep 5 11:02:16 :522004: <DBUG> |authmgr| Station authenticate has l2 role :infobex-default default role logon logon role logon
Sep 5 11:02:16 :522004: <DBUG> |authmgr| Valid Dot1xct, remote:0, assigned:1, default:1,current:1,termstate:0, wired:0,dot1x enabled:1, psk:0 static:0 bssid=6c:f3:7f:db:8b:d1
Sep 5 11:02:16 :522004: <DBUG> |authmgr| Vlan assignment is not needed during station authentication
Sep 5 11:02:16 :522004: <DBUG> |authmgr| MAC=28:98:7b:5d:dd:b4 def_vlan 1 derive vlan: 0 auth_type 4 auth_subtype 4
Sep 5 11:02:16 :522029: <INFO> |authmgr| MAC=28:98:7b:5d:dd:b4 Station authenticate: method=802.1x, role=infobex-default//, VLAN=1/1/0/0/0, Derivation=1/0, Value Pair=1
Sep 5 11:02:17 :522026: <INFO> |authmgr| MAC=28:98:7b:5d:dd:b4 IP=0.0.0.0 User miss: ingress=0x1090, VLAN=1
Sep 5 11:02:17 :522004: <DBUG> |authmgr| MAC 28:98:7b:5d:dd:b4, dhcp option 61, signature 3D0128987B5DDDB4
Sep 5 11:02:17 :522004: <DBUG> |authmgr| Deriving role from user attributes
Sep 5 11:02:17 :522004: <DBUG> |authmgr| MAC 28:98:7b:5d:dd:b4, dhcp option 50, signature 320A880121
Sep 5 11:02:17 :522004: <DBUG> |authmgr| Deriving role from user attributes
Sep 5 11:02:17 :522004: <DBUG> |authmgr| MAC 28:98:7b:5d:dd:b4, dhcp option 57, signature 3905DC
Sep 5 11:02:17 :522004: <DBUG> |authmgr| Deriving role from user attributes
Sep 5 11:02:17 :522004: <DBUG> |authmgr| MAC 28:98:7b:5d:dd:b4, dhcp option 60, signature 3C64686370636420342E302E3135
Sep 5 11:02:17 :522004: <DBUG> |authmgr| Deriving role from user attributes
Sep 5 11:02:17 :522004: <DBUG> |authmgr| MAC 28:98:7b:5d:dd:b4, dhcp option 55, signature 3701792103060F1C333A3B77
Sep 5 11:02:17 :522004: <DBUG> |authmgr| Deriving role from user attributes
Sep 5 11:02:17 :522004: <DBUG> |authmgr| DHCP ACK mac 28:98:7b:5d:dd:b4, client ip 10.136.1.33, server ip 0.0.0.0