I have seen this a few times where the AP was unable to reach the authentication server. But best is to get the logs and analyze those or have them analyzed by Aruba TAC.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Apr 29, 2021 11:01 AM
From: Matt Ervin
Subject: AP Role = Deny All?
I found an old post from 2014 that shows this.
Deny All role being assigned. Why? | Controllerless Networks (arubanetworks.com)
It's now 2021 and i'm facing the same issue.
I have some AP's being setup. I have the SSID broadcasting using WPA2-AES, it goes to a Radius server, which authenticates only if the laptop is part of the approved group AND it has the correct internal PKI cert.
I can validate that the laptop connect, was assigned a correct DHCP address, and I can confirm that it was properly authenticated on the RADIUS/NPS server with a valid cert being presented.
For some reason the AP role is listed as "Deny All"
Anyone have any idea what and what that might happen?
------------------------------
Matt
------------------------------