when you see clients/users in deny All role, it means that the user-role is not configured correctly. if there is a mis match in user-roles then they are put into deny all.
check your user-roles. what user role are you putting the tunneled users into?
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------
Original Message:
Sent: Jul 02, 2024 07:04 PM
From: Mitchell1
Subject: Deny All Role on Tunneled SSID 9240 Cluster
On two new 9240 Gateways in a cluster, I cannot connect clients to any tunneled SSID. When I connect to the one test access point, I see the client(s) get assigned a Deny All role, and no IP address is assigned either.