Aruba Instant & Cloud Wi-Fi

Reply
Frequent Contributor I
Posts: 102
Registered: ‎06-17-2009

Machine Auth timeout

[ Edited ]

We a have a large Instant deployment at a school district. The main SSID has "force machine authentication" enabled.

Pass machine Auth = mahine_rest_role

Or

Pass User Auth = user_restricted_role

Pass both and you get the default role for the SSID which is basically "all all".

The issue is the "inactivity timeout" option for the SSID won't allow above 3600 seconds. So, what we are seeing is users being dropped into the "user_restricted_role" when they shut their laptops, or step away or lunch, or class, or a meeting. This then requires them to log off and then back on to get full access to the network again.

Also, this is 802.1x using RADIUS via Microsoft NPS.

A. Why is the "Inactivity Timeout" limited to 3600 seconds?

B. There needs to be a machine Auth cache timeout setting like there is on the controllers.

Aruba has made a big deal of making Instant ready for the "Enterprise", but this seems a bit a an oversight for an "Enterprise" solution. 

We're offering the as the solution for K-12 which is full of users that are hopping on an off their machines all day - not sitting at there desks for hours at a time like in many corporate settings.

There needs to be a proper solution for this.

Anyone else experiencing this issue with K-12 deployments? Any solutions you've come across?

EDDIE FORERO | @HeyEddie
Guru Elite
Posts: 20,560
Registered: ‎03-29-2007

Re: Machine Auth timeout

You can configure the machines via group policy to ONLY submit their machine credentials.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: