I have a couple of customers with large campuses and multiple controller deployments. When users auth'd through captive portal roam from an AP on the local controller they originally auth'd against to another local controller, they are forced to re-auth via captive portal. As long as they roam back (it seems before the user-idle timeout expires) all is fine.
In both cases all users are on a single VLAN that spans the controllers, so IP mobility is disabled and should not be required. And since we are only using a single VLAN, VLAN mobility should not be necessary.
We're theorizing that the 'ha-disc-onassoc' command under the VAP profile may rectify this issue. Can anyone confirm or deny this? If this is not the answer does anyone out there have the answer? Do we need to enable VLAN mobility even though we are using a single VLAN? I've scoured the BPDGs and the OS Manuals to no avail on this topic.