Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
593
Views
0
Helpful
3
Replies

Expexted result after changing AD password on byod

Go to solution
cheungchunyu
Level 1
Level 1

‎10-01-2016 10:00 AM - edited ‎03-11-2019 12:07 AM

Hello,

I have a BYOD environment.All the authtication is tested.

Then I expect that when we change the password of domain user ,the mobile device will disconnect immediately.But the result is not.

When we reconnect the wifi again.I can still connect to the wifi and surf internet.

I guess ISE will cache the password for a short period.

Can anyone share their experience on above  behavior.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to cheungchunyu

‎10-02-2016 06:40 AM

Yes - this is expected. If you look at the RADIUS Live Log in ISE you should see that ISE is authenticating the user based on re-use of the existing session since the session timeout has not expired.

If you force the session to expire from ISE, the user will need to provide their new password as a new authentication will be required to reconnect.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-01-2016 08:48 PM

It depends on your setting for session timeout.

On the WLC, go to WLAN and choose your BYOD WLAN. Then edit > Advanced > "session timeout" - enabled (or not) and the setting for it.

0 Helpful

Go to solution
cheungchunyu
Level 1
Level 1
In response to Marvin Rhoads

‎10-01-2016 09:28 PM

Hello Marvin Rhoads,

If the mobile devices reach session timeout,it will trigger re authentication.This is no help for following case.

1.User do the full authentication.

2.User change the password.

3. Immediately disconnect the wifi and enable the wifi.

4.The user still can connect to the wifi.

5.The user cannot connect to the wifi and prompt a box let the user enter the password again.

 

Duncan

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to cheungchunyu

‎10-02-2016 06:40 AM

Yes - this is expected. If you look at the RADIUS Live Log in ISE you should see that ISE is authenticating the user based on re-use of the existing session since the session timeout has not expired.

If you force the session to expire from ISE, the user will need to provide their new password as a new authentication will be required to reconnect.

0 Helpful
Top