Can the session resumption and fast reconnect be disabled in the ClearPass server for EAP methods?
- Session resumption will cache EAP-PEAP/TLS sessions and reuse when the client reconnects within the session timeout.
- Fast reconnect will bypass the inner method within the authenticated outer tunnel and makes the process of re-authentication faster in EAP-PEAP when the session resumption is enabled.
Session resumption and Fast reconnect can be disabled in ClearPass. But please consider the help of these options for client re-authentication and make the decision.
In the Policy Manager GUI, navigate to Configuration >> Authentication >> Methods to disable session resumption in the EAP authentication methods as shown below.
Note: ClearPass server will not allow you to modify the default [EAP PEAP], [EAP TLS], [EAP TTLS] and [EAP FAST] methods. So, make a copy of default EAP methods or create new EAP methods and commit the changes. The newly created EAP methods need to be mapped under the Service >> Authentication for use.