Hi all,

I have an AP running a wifi network backed with radius and EAP-TLS, and this is working fine.

What I'm struggling with is trying to convince the AP to re-authenticate the client with the radius server, just in case in the mean time, access has been revoked. I have configured the radius server to send a Session-Timeout attribute, and the Mikrotik is picking this up fine:

16:40:20 radius,debug,packet Session-Timeout = 600

The AP seems to be ignoring this attribute though - the phone stays connected to wifi for way past the 600 seconds, and makes no attempt to re-authenticate against the radius server. If I revoke access on the radius server, it seems to have no effect on the connection (I expect it to come and check if access is still present every 10 minutes).

Is this a known issue, and is there a way around it?

I am using freeradius v3.0.7 with eap-tls and WPA2-Enterprise, and routeros v6.22.

Regards,
Graham
--