10-01-2016 10:00 AM - edited 03-11-2019 12:07 AM
Hello,
I have a BYOD environment.All the authtication is tested.
Then I expect that when we change the password of domain user ,the mobile device will disconnect immediately.But the result is not.
When we reconnect the wifi again.I can still connect to the wifi and surf internet.
I guess ISE will cache the password for a short period.
Can anyone share their experience on above behavior.
Solved! Go to Solution.
10-02-2016 06:40 AM
Yes - this is expected. If you look at the RADIUS Live Log in ISE you should see that ISE is authenticating the user based on re-use of the existing session since the session timeout has not expired.
If you force the session to expire from ISE, the user will need to provide their new password as a new authentication will be required to reconnect.
10-01-2016 08:48 PM
It depends on your setting for session timeout.
On the WLC, go to WLAN and choose your BYOD WLAN. Then edit > Advanced > "session timeout" - enabled (or not) and the setting for it.
10-01-2016 09:28 PM
Hello Marvin Rhoads,
If the mobile devices reach session timeout,it will trigger re authentication.This is no help for following case.
1.User do the full authentication.
2.User change the password.
3. Immediately disconnect the wifi and enable the wifi.
4.The user still can connect to the wifi.
5.The user cannot connect to the wifi and prompt a box let the user enter the password again.
Duncan
10-02-2016 06:40 AM
Yes - this is expected. If you look at the RADIUS Live Log in ISE you should see that ISE is authenticating the user based on re-use of the existing session since the session timeout has not expired.
If you force the session to expire from ISE, the user will need to provide their new password as a new authentication will be required to reconnect.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide