Using the above mentioned link, I realized that I needed to add a post-authentication user security rule for the BYOD Guest post authenticatrion access.
I created an any source to any destinatin rule to alow DHCP (post authentication user role)and that worked. My Android Cell phone was able to roam from AP to AP and maintain its IP address and connection to the WLAN.
However, when I tried to be stingy and only allow Any source from the 2 Controllers only and allow DHCP that did not work. We had the same problem as before.
I think the Aruba Access Points must play a factor in the authentication with RADIUS Servers and captive portal authentication. So I added the Any source to Any destination to allow DHCP and made that a priority with all of the other ACL rules in that post-auth role. Then we were functional again.
So, it appears that I needed to allow DHCP from any source/desination for a few Android devices to remain connected between ap's. This is not necessary for the other SSIDs taht do nto use captive portal authentication.
I did want to allow only the required services to be used on the GUEST access; but, this is weird that only a few Android devices were affected. Does anyone have any comments on this situation?