Just had a device roam to another AP while she was sitting at her desk. This is a user that I just this afternoon cleaned her entire Wifi settings and performed the roaming command mentioned earlier. Just heard back from her that is occurring again. Here is the debug from the last few minutes, MDNS stuff excluded:
Apr 22 15:27:46 :501109: <NOTI> |AP JRCAC-203@10.10.161.70 stm| Auth request: a8:bb:cf:04:0d:98: AP 10.10.161.70-00:24:6c:80:84:d9-JRCAC-203 auth_alg 0
Apr 22 15:27:46 :501093: <NOTI> |AP JRCAC-203@10.10.161.70 stm| Auth success: a8:bb:cf:04:0d:98: AP 10.10.161.70-00:24:6c:80:84:d9-JRCAC-203
Apr 22 15:27:46 :501109: <NOTI> |AP JRCAC_202@10.10.161.87 stm| Auth request: a8:bb:cf:04:0d:98: AP 10.10.161.87-00:1a:1e:89:fa:e1-JRCAC_202 auth_alg 0
Apr 22 15:27:46 :501093: <NOTI> |AP JRCAC_202@10.10.161.87 stm| Auth success: a8:bb:cf:04:0d:98: AP 10.10.161.87-00:1a:1e:89:fa:e1-JRCAC_202
Apr 22 15:27:46 :501095: <NOTI> |stm| Assoc request @ 15:27:46.565546: a8:bb:cf:04:0d:98 (SN 79): AP 10.10.161.87-00:1a:1e:89:fa:e1-JRCAC_202
Apr 22 15:27:46 :522036: <INFO> |authmgr| MAC=a8:bb:cf:04:0d:98 Station DN: BSSID=00:24:6c:80:84:d9 ESSID=Academic8021X VLAN=75 AP-name=JRCAC-203
Apr 22 15:27:46 :522234: <DBUG> |authmgr| Setting idle timer for user a8:bb:cf:04:0d:98 to 300 seconds (idle timeout: 300 ageout: 0).
Apr 22 15:27:46 :522152: <DBUG> |authmgr| station free: bssid=00:24:6c:80:84:d9, @=0x0x1570e2c.
Apr 22 15:27:46 :501095: <NOTI> |AP JRCAC_202@10.10.161.87 stm| Assoc request @ 15:27:51.739606: a8:bb:cf:04:0d:98 (SN 79): AP 10.10.161.87-00:1a:1e:89:fa:e1-JRCAC_202
Apr 22 15:27:46 :501100: <NOTI> |AP JRCAC_202@10.10.161.87 stm| Assoc success @ 15:27:51.741375: a8:bb:cf:04:0d:98: AP 10.10.161.87-00:1a:1e:89:fa:e1-JRCAC_202
Apr 22 15:27:46 :501080: <NOTI> |stm| Deauth to sta: a8:bb:cf:04:0d:98: Ageout AP 10.10.161.70-00:24:6c:80:84:d9-JRCAC-203 STA has roamed to another AP
Apr 22 15:27:46 :501100: <NOTI> |stm| Assoc success @ 15:27:46.569271: a8:bb:cf:04:0d:98: AP 10.10.161.87-00:1a:1e:89:fa:e1-JRCAC_202
Apr 22 15:27:46 :522035: <INFO> |authmgr| MAC=a8:bb:cf:04:0d:98 Station UP: BSSID=00:1a:1e:89:fa:e1 ESSID=Academic8021X VLAN=75 AP-name=JRCAC_202
Apr 22 15:27:46 :522077: <DBUG> |authmgr| MAC=a8:bb:cf:04:0d:98 ingress 0x0x10324 (tunnel 804), u_encr 64, m_encr 64, slotport 0x0x2100 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Apr 22 15:27:46 :522078: <DBUG> |authmgr| MAC=a8:bb:cf:04:0d:98, wired: 0, vlan:75 ingress:0x0x10324 (tunnel 804), ingress:0x0x10324 new_aaa_prof: Academic8021X-AAA, stored profile: Academic8021X-AAA stored wired: 0 stored essid: Academic8021X, stored-ingress: 0x0x1001f
Apr 22 15:27:46 :522247: <DBUG> |authmgr| User idle timer removed for user with MAC a8:bb:cf:04:0d:98.
Apr 22 15:27:46 :501105: <NOTI> |AP JRCAC-203@10.10.161.70 stm| Deauth from sta: a8:bb:cf:04:0d:98: AP 10.10.161.70-00:24:6c:80:84:d9-JRCAC-203 Reason STA has roamed to another AP
Apr 22 15:27:46 :522258: <DBUG> |authmgr| "VDR - Add to history of user user a8:bb:cf:04:0d:98 vlan 0 derivation_type Reset VLANs for Station up index 14.
Apr 22 15:27:46 :501000: <DBUG> |AP JRCAC-203@10.10.161.70 stm| Station a8:bb:cf:04:0d:98: Clearing state
Apr 22 15:27:46 :522255: <DBUG> |authmgr| "VDR - set vlan in user for a8:bb:cf:04:0d:98 vlan 75 fwdmode 0 derivation_type Default VLAN.
Apr 22 15:27:46 :522258: <DBUG> |authmgr| "VDR - Add to history of user user a8:bb:cf:04:0d:98 vlan 75 derivation_type Default VLAN index 15.
Apr 22 15:27:46 :522255: <DBUG> |authmgr| "VDR - set vlan in user for a8:bb:cf:04:0d:98 vlan 75 fwdmode 0 derivation_type Current VLAN updated.
Apr 22 15:27:46 :522258: <DBUG> |authmgr| "VDR - Add to history of user user a8:bb:cf:04:0d:98 vlan 75 derivation_type Current VLAN updated index 16.
Apr 22 15:27:46 :522246: <DBUG> |authmgr| Idle timeout should be driven by STM for MAC a8:bb:cf:04:0d:98.
Apr 22 15:27:46 :522254: <DBUG> |authmgr| VDR - mac a8:bb:cf:04:0d:98 rolename logon fwdmode 0 derivation_type Initial Role Contained vp not present.
Apr 22 15:27:46 :522258: <DBUG> |authmgr| "VDR - Add to history of user user a8:bb:cf:04:0d:98 vlan 0 derivation_type Reset Role Based VLANs index 17.
Apr 22 15:27:46 :522083: <DBUG> |authmgr| Skip User-Derivation, mba:0 udr_exist:0,default_role:logon,pDefRole:0x0xdafcc4
Apr 22 15:27:46 :524124: <DBUG> |authmgr| dot1x_supplicant_up(): MAC:a8:bb:cf:04:0d:98, pmkid_present:False, pmkid:N/A
Apr 22 15:27:46 :522243: <DBUG> |authmgr| MAC=a8:bb:cf:04:0d:98 Station Updated Update MMS: BSSID=00:1a:1e:89:fa:e1 ESSID=Academic8021X VLAN=75 AP-name=JRCAC_202
Apr 22 15:27:46 :527000: <DBUG> |mdns| mdns_parse_auth_userapname_message 447 Auth->MDNS User APNAME: MAC:a8:bb:cf:04:0d:98, NEW AP NAME:JRCAC_202
Apr 22 15:27:46 :522038: <INFO> |authmgr| username=cmerrill MAC=a8:bb:cf:04:0d:98 IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=CushDCSrv02
Apr 22 15:27:46 :522044: <INFO> |authmgr| MAC=a8:bb:cf:04:0d:98 Station authenticate(start): method=802.1x, role=faculty/faculty//logon, VLAN=75/75, Derivation=2/1, Value Pair=1, flags=0x8
--More-- (q) quit (u) pageup (/) search (n) repeat Apr 22 15:27:46 :522017: <INFO> |authmgr| MAC=a8:bb:cf:04:0d:98 IP=?? Derived role 'faculty' from server rules: server-group=CushTest, authentication=802.1x
Apr 22 15:27:46 :522127: <DBUG> |authmgr| {L2} Update role from faculty to faculty for IP=0.0.0.0.
Apr 22 15:27:46 :522049: <INFO> |authmgr| MAC=a8:bb:cf:04:0d:98,IP=N/A User role updated, existing Role=faculty/faculty, new Role=faculty/faculty, reason=Station Authenticated with auth type: 4
Apr 22 15:27:46 :522128: <DBUG> |authmgr| download-L2: acl=55/0 role=faculty, tunl=0x0x10324, PA=0, HA=1, RO=0, VPN=0 L3MOB=0.
Apr 22 15:27:46 :522050: <INFO> |authmgr| MAC=a8:bb:cf:04:0d:98,IP=N/A User data downloaded to datapath, new Role=faculty/55, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=300
Apr 22 15:27:46 :522258: <DBUG> |authmgr| "VDR - Add to history of user user a8:bb:cf:04:0d:98 vlan 0 derivation_type Reset Dot1x VLANs index 18.
Apr 22 15:27:46 :522254: <DBUG> |authmgr| VDR - mac a8:bb:cf:04:0d:98 rolename NULL fwdmode 0 derivation_type Dot1x Aruba VSA vp present.
Apr 22 15:27:46 :527000: <DBUG> |mdns| mdns_parse_auth_userrole_message 287 Auth User ROLE: MAC:a8:bb:cf:04:0d:98, NAME:cmerrill, ROLE_NAME:faculty
Apr 22 15:27:46 :522254: <DBUG> |authmgr| VDR - mac a8:bb:cf:04:0d:98 rolename NULL fwdmode 0 derivation_type Dot1x MSFT Attributes vp present.
Apr 22 15:27:46 :522254: <DBUG> |authmgr| VDR - mac a8:bb:cf:04:0d:98 rolename NULL fwdmode 0 derivation_type Dot1x Server Rule vp present.
Apr 22 15:27:46 :522259: <DBUG> |authmgr| "VDR - Do Role Based VLAN Derivation user a8:bb:cf:04:0d:98 role faculty authtype 4 rolehow Matched server rule.
Apr 22 15:27:46 :522254: <DBUG> |authmgr| VDR - mac a8:bb:cf:04:0d:98 rolename faculty fwdmode 0 derivation_type Dot1x Server Rule Role Contained vp not present.
Apr 22 15:27:46 :522258: <DBUG> |authmgr| "VDR - Add to history of user user a8:bb:cf:04:0d:98 vlan 0 derivation_type Reset Role Based VLANs index 19.
Apr 22 15:27:46 :522161: <DBUG> |authmgr| Valid Dot1xct, remote:0, assigned:75, default:75, current:75,termstate:0, wired:0, dot1x enabled:1, psk:0 static:0 bssid=00:1a:1e:89:fa:e1.
Apr 22 15:27:46 :522255: <DBUG> |authmgr| "VDR - set vlan in user for a8:bb:cf:04:0d:98 vlan 75 fwdmode 0 derivation_type Current VLAN updated.
Apr 22 15:27:46 :522258: <DBUG> |authmgr| "VDR - Add to history of user user a8:bb:cf:04:0d:98 vlan 75 derivation_type Current VLAN updated index 20.
Apr 22 15:27:46 :522260: <DBUG> |authmgr| "VDR - Cur VLAN updated a8:bb:cf:04:0d:98 mob 0 inform 1 remote 0 wired 0 defvlan 75 exportedvlan 0 curvlan 75.
Apr 22 15:27:46 :522029: <INFO> |authmgr| MAC=a8:bb:cf:04:0d:98 Station authenticate: method=802.1x, role=faculty/faculty//logon, VLAN=75/75, Derivation=2/1, Value Pair=1
Apr 22 15:27:46 :522008: <NOTI> |authmgr| User Authentication Successful: username=cmerrill MAC=a8:bb:cf:04:0d:98 IP=10.10.75.23 role=faculty VLAN=75 AP=JRCAC_202 SSID=Academic8021X AAA profile=Academic8021X-AAA auth method=802.1x auth server=CushDCSrv02
Apr 22 15:27:46 :522053: <DBUG> |authmgr| PMK Cache getting updated for a8:bb:cf:04:0d:98, (def, cur, vhow) = (75, 75, 1) with vlan=0 vlanhow=0 essid=Academic8021X role=faculty rhow=2