Hi Tim, thanks for your kind reply. Here the user role , you mean the initial role or 802.1x role, we are using authentication WPA2, encryption AES, clearpass for authentication.
AAA profile like below
initial role: logon
802.1x role: deny
(role "deny" configured on controller, but on clearpass allow all)
Please advise
Thanks