First of all I would like to start with something positive. ePSK is an awesome feature and unheard of at this price point and is a great part of securing IoT for the SMB without needing a NAC. I started testing the solution in my lab today. I was on FW 3.11.1-r2 and added a device using ePSK. The AP reconfigured as expected and the connectivity worked. Great! The issue come up when deleting a user in ePSK. The AP again goes offline to reconfigure and the SSID pops back up as expected but one problem. I can still connect with the Passphrase I just deleted. Not until I rebooted the AP did it deny the client. I then upgraded to FW 3.11.2 and the results were the same. This is on an E600 AP.
I tested it again on 3.11.2 and delete does work as expected. I will reach out to you directly for more details.
I opened a support ticket and your staff confirmed the same result I am seeing. If the AP is rebooted it will no longer accept the client but thats not really a fix. I have deleted the entry for the client under ePSK and saved the config. I have confirmed the AP update completed and I am 15 minutes post delete and my client can still connect. I can also disconnect and reconnect. I am very excited about this feature but I shouldn't have to reboot whole sites to support removing clients.