cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
424
Views
0
Helpful
3
Replies

Expexted result after changing AD password on byod

cheungchunyu
Level 1
Level 1

Hello,

I have a BYOD environment.All the authtication is tested.

Then I expect that when we change the password of domain user ,the mobile device will disconnect immediately.But the result is not.

When we reconnect the wifi again.I can still connect to the wifi and surf internet.

I guess ISE will cache the password for a short period.

Can anyone share their experience on above  behavior.

1 Accepted Solution

Accepted Solutions

Yes - this is expected. If you look at the RADIUS Live Log in ISE you should see that ISE is authenticating the user based on re-use of the existing session since the session timeout has not expired.

If you force the session to expire from ISE, the user will need to provide their new password as a new authentication will be required to reconnect.

View solution in original post

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

It depends on your setting for session timeout.

On the WLC, go to WLAN and choose your BYOD WLAN. Then edit > Advanced > "session timeout" - enabled (or not) and the setting for it.

Hello Marvin Rhoads,

If the mobile devices reach session timeout,it will trigger re authentication.This is no help for following case.

1.User do the full authentication.

2.User change the password.

3. Immediately disconnect the wifi and enable the wifi.

4.The user still can connect to the wifi.

5.The user cannot connect to the wifi and prompt a box let the user enter the password again.

 

Duncan

Yes - this is expected. If you look at the RADIUS Live Log in ISE you should see that ISE is authenticating the user based on re-use of the existing session since the session timeout has not expired.

If you force the session to expire from ISE, the user will need to provide their new password as a new authentication will be required to reconnect.