Product and Software: This article applies to all Aruba controllers and ArubaOS 5.x and later.
The aaa timers idle-timeout cannot be set to 0. If the aaa timers idle-timeout could be set to 0, that would mean that users would never get aged out of the user table. The table would fill up and prevent more users from getting on the system.
- If the datapath has no user activity in for x seconds (as defined in the idle-timeout), an attempt is made to send traffic to the client. (This used to be called a ping, but may have been changed since then. Was pushing once to make it use a directed ARP instead.)
- If the client responds, the client session is not aged out.
- If the client does not respond after some number of attempts, the client is aged out.
If this value were set to 0, client sessions would never be aged out and eventually the user table could fill up. Even if the user table didn't fill up, the information about how many users are currently logged in would be inaccurate.