NAC system assigns device to VLAN... device goes to VLAN OK.
Then NAC assigns device to another VLAN... device does not go OK.
:think: :wall:
Turns out, it may be due to DHCP Renew actions. If the device doesn't send out a DHCP Renew, or sends it at the wrong time, then the device stays in that first VLAN. Do a port shut/no shut and the DHCP Renew is forced, device goes to the correct VLAN.
This is essentially random... some devices just get stuck and stay stuck. At the same time, other devices fly back and forth to all their VLANs, without issue. Damndest thing. I saw this on CounterACT and talked with another guy that saw this on ISE.