Authorized (Deny) status on a wireless client
Summary
This article explains the reason for Authorized (Deny) status on a connected client.Question
What causes the Authorized (Deny) status of a wireless client and what can I do about it?Customer Environment
ZoneDirector controlled wireless network, Ruckus indoor/outdoor APsRoot Cause
Device Access Policy rule OR a Role Based Access Control Policy that denied access to the user's operating system or allows access during a particular time slot only.Resolution
ZoneDirector allows various access control methods to its clients. These include:1. Layer 2 based MAC ACLs
2. Layer 3 based ACLs that disallows or allows a particular service available at a server by its IP address
3. Device access policies that disallows or allows a particular OS
4. White lists that allow access to a machine only if its MAC address matches to the known/configured value
5. Application denial policy that disallows access to an entire domain
When you see status such as "Authorized (Deny)" as shown below, you need to check the policies under the Configure --> Access Control page.
For example, a device policy can be setup to deny access to Windows machines while allowing access to Apple machines.
If you try different OSs on the SSID and see different authorization states for each it is quite possible that device policy is setup to reflect this behavior.
Other place to look at include the Configure --> Roles. Find out the role the user belongs to and check the configuration of it. It is quite possible that his role either has the OS denied or time range setup that denies access outside a specific time.
Article Number:
000002774
Updated:
August 05, 2019 03:28 AM (over 5 years ago)
Tags:
Configuration, Troubleshooting, ZoneDirector
Votes:
1
This article is:
helpful
not helpful