Ok. We're not talking about iOS devices here, it's anything that isn't iOS based that I have a device fingerprint for,
I want to put corporate users into the guest VLAN and role when they authenticate against the 802.1x auth SSID when they connect with their own device.
Here's show ap association
(cust3200) #show ap association | include 04:46:65:5c:de:d1
A4 d8:c7:c8:ad:a0:b0 04:46:65:5c:de:d1 y y 1 10 CORP-ENT 2 0x113c g-HT-20-1ss 0s 1 WAB
(cust3200) #show ap association | include 04:46:65:5c:de:d1
A4 d8:c7:c8:ad:a0:b0 04:46:65:5c:de:d1 y y 1 10 CORP-ENT 99 0x113c g-HT-20-1ss 1s 1 WAB
(cust3200) #show ap association | include 04:46:65:5c:de:d1
A4 d8:c7:c8:ad:a0:b0 04:46:65:5c:de:d1 y y 1 10 CORP-ENT 99 0x113c g-HT-20-1ss 2s 1 WAB
(cust3200) #show ap association | include 04:46:65:5c:de:d1
A4 d8:c7:c8:ad:a0:b0 04:46:65:5c:de:d1 y y 1 10 CORP-ENT 99 0x113c g-HT-20-1ss 1s 1 WAB
(cust3200) #show ap association | include 04:46:65:5c:de:d1
A4 d8:c7:c8:ad:a0:b0 04:46:65:5c:de:d1 y y 1 10 CORP-ENT 99 0x113c g-HT-20-1ss 2s 1 WAB
(cust3200) #show ap association | include 04:46:65:5c:de:d1
(cust3200) #show ap association | include 04:46:65:5c:de:d1
A4 d8:c7:c8:ad:a0:b0 04:46:65:5c:de:d1 y y 1 10 CORP-ENT 2 0x113c g-HT-20-1ss 0s 1 WAB
(cust3200) #show ap association | include 04:46:65:5c:de:d1
A4 d8:c7:c8:ad:a0:b0 04:46:65:5c:de:d1 y y 1 10 CORP-ENT 99 0x113c g-HT-20-1ss 2s 1 WAB
The user is not showing in user-table.
You can see from the above that when the user connects they are in VLAN 2 which is the default VLAN for that SSID then device fingerprinting puts them in the guest role which should move them to VLAN 99 where they should get an IP address.