Meraki

AnkitSharma1

Team,

We have configured Cisco ISE with MR46, but when I try to send a session reauthentication request or termination, it does not go through. What could be the reason?

Once a user is authenticated, I cannot kick them out of the network. I'm not sure why

COA is already checked in the access control option

RaphaelL

Can you confirm that the wireless client is still connected to 10.100.175.175 ? Is ISE sending the request to the correct AP ?

AnkitSharma1

Yes, this is the AP's IP address. I have added the complete subnet range 10.100.175.0/24.

Do you think this issue occurs when I send the termination request, and it connects to a nearby AP instead of the AP the client was originally connected to?

the way i added to NAD ? Is it a correct way since there is no WLC

RaphaelL

the NAD is fine. You just have to make sure that the client was connected to 10.100.175.175 at the moment the CoA was sent.

Eg : Client was on AP1 10.100.175.175 , Roamed to AP2 10.100.175.180 , CoA sent to AP1 , but AP1 can't kick the client since the client is no longer on AP1.

You don't have 802.11r enabled right ?

AnkitSharma1

The machine is connected at the desk and did not roam. It is connected to the same AP, but when I force a session reauthentication request or termination, it is not working correctly.

AnkitSharma1

in Cisco ISE, session reauthentication means that the user will need to enter their login credentials again, right? I did that, but it connects again without asking for a username or password

Meraki

Community

Why doesn't Cisco ISE kick out the session?

Why doesn't Cisco ISE kick out the session?