Meraki

AnkitSharma1 · ‎Jan 8 2025

Team,

We have configured Cisco ISE with MR46, but when I try to send a session reauthentication request or termination, it does not go through. What could be the reason?

Once a user is authenticated, I cannot kick them out of the network. I'm not sure why

COA is already checked in the access control option

RaphaelL · ‎Jan 8 2025

Can you confirm that the wireless client is still connected to 10.100.175.175 ? Is ISE sending the request to the correct AP ?

AnkitSharma1 · ‎Jan 8 2025

Yes, this is the AP's IP address. I have added the complete subnet range 10.100.175.0/24.

Do you think this issue occurs when I send the termination request, and it connects to a nearby AP instead of the AP the client was originally connected to?

the way i added to NAD ? Is it a correct way since there is no WLC

RaphaelL · ‎Jan 8 2025

the NAD is fine. You just have to make sure that the client was connected to 10.100.175.175 at the moment the CoA was sent.

Eg : Client was on AP1 10.100.175.175 , Roamed to AP2 10.100.175.180 , CoA sent to AP1 , but AP1 can't kick the client since the client is no longer on AP1.

You don't have 802.11r enabled right ?

AnkitSharma1 · ‎Jan 8 2025

The machine is connected at the desk and did not roam. It is connected to the same AP, but when I force a session reauthentication request or termination, it is not working correctly.

AnkitSharma1 · ‎Jan 8 2025

in Cisco ISE, session reauthentication means that the user will need to enter their login credentials again, right? I did that, but it connects again without asking for a username or password

Meraki

Community

Why doesn't Cisco ISE kick out the session?

Why doesn't Cisco ISE kick out the session?