I'l try to be clear and direct

whan a pc is connected to the network for the first time and fails authentication (as it should) it is meant to be authorized on guest portal with web redirection and it does, everything works like a charm...

but there is a huge problema round the corner... if I disconnect the pc from the lan and then replug the connector it won't do anything it is supposed to do,

the only option is to wait for dhcp lease to run out and then everything turns fine until a new disconnection...

it looks like the switch doesn't catch the pc as being re-connected (maybe because it doesn't ask for a new ip and use the leased one), and no action is applied to the session, the dacl is marked as global (not peer) and webredirection doesn't happen anymore, changing port has the same result

the only difference from cisco document's switch config is that host mode is multi-domain

(and it seems that the session is not terminated by being triggered by the disconnection of the pc)

switch port violation policy is "mac-move"

any clue?

tahnk you all very much for your support