Does Logon User Lifetime applies to 802.1x or Captive Portal authenticated clients?
The role "logon" is a specialized user role with default settings where the user is placed before any L3 authentication had taken place. The reason we have this lifetime is mainly for public facing SSID where you have lot of trespassers that just attempted to connect but not performing any authentication. This kind of client connections does not consuming any network resources, but consumption of "user license" on the controller. Hence the idea was to remove such clients not doing anything, but just staying idle in "logon" role for a certain amount of time. Therefore any clients in authenticated role are not subjected to logon user lifetime.