ArubaOS and Controllers

Occasional Contributor II

Captive Portal, Radius and time limit for guests

I've configured a captive portal where the guest users are getting checked against an external freeRadius db. This is working fine and users are getting put in the user role according the Aruba-User-Role attribute send back from the radius server.

However, I also would like that the users are having only access to the network during a certain amount of time like if I configure a user through the guest provisioning page and by using the internal db. Is that possible with radius too and what would be the attributes which have to be sent back from the radius server?

If it's not possible with the radius server, is it possible with ldap or other kind of external server?

Thank you for any hint,

Frequent Contributor II

Try using the session-timeout attribute

Hi SKuettel,

You may be able to achieve what you are after using the session-timeout attribute.
This attribute sets the maximum time in seconds that service is provided to a user before the session is terminated. FreeRADUIUS can send this attribute back to the controller in the Access-Accept packet.

I understand however, that the user will be allowed to re-connect for another session using this method.

If you are trying to set some sort of daily time allowance for guest users you will have to do this through the accounting side of FreeRADIUS as you will need to keep track of how much time a user has accumulated during the day and terminate when the allotted time has expired. Here is a link to an article you may find to be of help with this.

If you simply what to terminate the guest's session after a certain amount of time but not prevent them from connecting again if they choose to do so, the session-timeout attribute should do the trick.
Occasional Contributor II

Re: Captive Portal, Radius and time limit for guests

Thank you very much! I will check it out.

Have a nice day

Aruba Employee

Were you ever succesful ?

Hi Stefan,

I know this is an old post, but I have just run across a similar need.

I am curious if you or anyone ever figured out a way to do this.

Even if RADIUS returned an attribute, I don't see where that attribute value would be utilized. From what I know, returned attributes can only be applied to a user role or VLAN assignment, not an expiration date/time.

Alternatively, I suppose you could set an expiration time for the credentials in the server, but there also appears to be no way to set a reauth frequency for captive portal - which is understandable given how non-user-friendly that would be.
Search Airheads
Showing results for 
Search instead for 
Did you mean: