I have an open SSID with mac-authentication. The initial role for users failing mac authentication is 'deny all'.
There are few mac in 'deny all', that I had later allowed in mac-auth list (local-db) with initial role as "authenticated".
Now the problem is to have this users change role to authenticated. How can I enforce it to change role?
Enforcing change in user roles for clients that have acquired an IP is possible through "aaa user delete <ip address>" but how about enforcing change in user roles for client that have not yet acquired an IP and in denyall state?