Capalli,
i just comented that I did a teste with radius replying directly the Vlan number. In this case, the Controller can change Vlan for user/device and the device changes IP by DHCP normally. So, the problem is not DHCP refresh when change VLAn.
Its not my Option. It was a Test.
My choose for workflow:
when device not authorized connects, controller send a DHCP from reserved Vlan for registration. This vlan is contained between Aruba Controller and Packetfence and the Gateway for this Vlan is packetfence. Any access for this device is redirected for Packetfence portal.
After registration process (whatever it is: Password, email, Sponsor...), packetfence chooses, following some conditions, a role for register and authorize the user/device and this ROLE is sent by packetfence for controller in Radius message Reply as follow:
(Jun 26 08:40:51 PacketFence-ZEN pfqueue: pfqueue(4045) INFO: [xxxxx] Returning ACCEPT with role: PF_Guest_Permit_auth (pf::Switch::Aruba::try {...} ))
This Role PF_Guest_Permit_auth is configured on Controller aruba as follow:
user-role PF_Guest_Permit_auth
vlan 194
access-list session PERMITE_TUDO_POLICY
When process Finishes, i can see by cli comand "Show user Mac xxx"
that this user/device is connected with correctly options and the Role was applyed for RFC3576 (COA) but VLAN is the same for registration, even role setting for 194.
All my chooses on packetfence are by ROLE, according that roles, a specific Vlan should by Applyed.
Id like to publish only 1 SSID, and according with packefence policies, the device is registered on differents Vlans ans Roles in Aruba Controller.
It is possible??!