Trying to automate putting a rogue device in the deny all role.
Have an android phone connecting to a PSK networks while advertising a wireless hot spot.
Can manually put the device into the deny all role on the controller. Once the inactivity timer value is reached, the device is removed from the database (deny all role) and can connect again.
I created a derivation role for the devices MAC address and applied it to a AAA profile trying to force the device into the deny all role.
set role condition macaddr equals ##:##:## set-value Deny_all description "rogue_test"
aaa profile Deny_all
Initial-role Deny_all
user-derivation-rules "Rogue"
!
The device goes into the initial role for the PSK network instead of the deny all role.