Hi everyone. I've run across this some time ago and wondering if anyone else has seen this.
We currently use Active Directory integrated with our MX for Content Filtering, it works great. Here is my issue:
-User Jon Doe with DHCP Address 10.1.1.100 connects to the Internet. The MX applies the appropriate Content Policy to the AD user Jon Doe. Now let's say Jon Doe is gone for two weeks and his DHCP address is released and 10.1.1.100 is available. A new device that is not part of AD takes this address and connects to the Internet. What will happen is the MX will simply say its 'Jon Doe' and give that non AD user his access. I've tested this over and over and it definitely works this way. I would LOVE a clear/release button in the MX console for this, but there isn't one. The only way I can get it to work is to literally power down the MX to clear the AD cache. Now to be clear in this exact same scenario if someone takes 10.1.1.100 and is just a different AD user it works great, the MX acknowledges its a different user and applies the appropriate policy. It's when the MX doesn't recognize a change that it keeps it the same, again it would be great to clear that.
Thanks!
Is there anything in this documentation that helps: Active Directory Integration documentation?
I'd definitely open a ticket. I hope this isn't normal behavior as that would be a security flaw.
You are correct - that is definately the way it works.
The (IP,User) table is updated based on the security event log. A non-AD user does authenticate to AD, so doesn't generate a security event log entry to update the (IP,User) mapping.
Thanks everyone for the responses! I've spoken with Meraki several times on this. Again, it would be so nice if you could clear an entry for these kinds of situations.