Joseph,
I understand this. But specifically I want to focus on HOW a user can earn a Deny All role!
We know that they can earn it if they fail a MAC auth.
How ELSE can they earn it? I can't find any other documented reason that they can earn a Deny All role other than the failed MAC auth.
I am not using MAC auth, so that cannot be the reason the user has earnt the role.
What other UNDOCUMTNED reasons can a user earn a Deny All role?
If we have an SSID configured to use 802.1x auth ONLY, and a user does not have a working 802.1x supplicant, what happens to that user? Will they earn a Deny All role? If this is true, why is it not documented?
Do you understand where I am coming from? Ignore my specific problem and focus upon the quesiton at hand.
"What scenarios can result in a user earning a Deny All role?"