Symptom
Clients fail to connect to the WLC due to VLAN failure. When reviewing the client trace file, the affected device authenticates and receives an IP, then receives a second VLAN assignment after the AAA override. The trace logs show the "client vlan not resolves and static ip mobility disable" and the client is moved to the exclusion list. The scenario repeats indefinitely.
Conditions
9800 utilizing AAA override on a WLAN where the change of authorization (CoA) has another VLAN than the originally assigned VLAN. The IP subnets must be different. The model of AP or class of controller does not appear relevant. All clients receiving a AAA override with a change of VLAN are affected. The WLAN must not have DHCP required set as this seems to mitigate the CoA change.
Workaround
Enabling DHCP required on the WLAN eliminates or substantially reduces the frequency of occurrence
Further Problem Description
Customer reported client connectivity issues on controller running 17.3.x with DHCP required. Contrast this with 17.9.3, where enabling improved client connectivity.
