Simply once you have applied the list under the sub-interface representing that particular ssid , MAC address that are not permitted wont be able to get an ip address upon connecting to the certain ssid ( simply blocked ).
So denied MACs shouldn't work with that ssid, what i am not getting , do you mean even allowed clients are not able to forward traffic? I don't think it should be the case cause the config under the subinterface looks unless you have missed up with something elsewhere.
One more thing are you trying to test traffic forwarding by trying to have clients permitted and connected to the same ssid pinging each others? If so , depending on what you have added it shouldn't work even at normal situations because you have the magic word "port-protected". If that is the case remove it and see how it goes.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...