I´m acctually gonna post in this bad boy thread again. I "solved" this issue by implementing a split tunnel configuration where clients get IP-adresses centrally and I route-src NAT everything destined for the local subnet, rest is tunneled. The couple of problematic clients worked fine in this configuration.
Today I got a call from one of the users at the site who claims she´s been having issues with the wireless all the time. After troubleshooting a little bit, I see the same "double netmask" in the ipconfig with a windows APIPA address that I explain in my first post. She claims there´s another one with the same issue but I havn't verified it yet.
So now with the new split-tunnel configuration there´s two new clients that experience the exact same issue as the other clients did before on the bridge configuration.
I found this in the user debug log that looks kind of suspicious:
<DBUG> |authmgr| MAC=c4:85:08:b3:0d:5d (vlan:126) Detecting Wireless-user AAA-Profile mismatch or wireless<->wired roam
See the full user-debug logs for one authentication try attached. I can see some worrying entries about a logon role popping in at some stages.
Also I´ve attached the configuration of the user-role. This gets derived from successfull 802.1X authentication per the AAA profile configuration.
Anyone have any ideas? Affecting 1 or 2 clients from about 20 total. We´re up to Aruba OS 6.4.2.2 now on our M3.
Cheers,
Chris