Controllerless Networks

Any way to set a re-authentication interval either from Clearpass enforcement or by specifying it on the Instant User Role?

I tried passing radius:ietf / session-timout / 60 (for 60 second re-auth as a test) and the Cluster seems to ignore this. 

This is only useful for a Captive Portal setup, by the way.  If you force a 802.1x client to reauthenticate, the supplicant will resubmit the credentials and the client will simply reattach.

https://www.arubanetworks.com/techdocs/Instant_423_WebHelp/InstantWebHelp.htm#CLI_commands/wlan%20ssid-profile.htm?Highlight=reauth%20interval

So it looks like it is only do-able on the WLAN itself. I guess I will make due with that. There will be other devices connected that I dont really want to re-auth (Some IOT devices using device profiling to bypass cap portal) but they should be OK with it. 

Yes, this is for Captive Portal. 

Thanks for the response! 

To check to see if the session-timeout attribute is being adhered to, use the

"show client debug" command and look for the session-timeout for that user:

http://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-configure-the-Radius-session-timeout-with-Aruba-Instant/ta-p/178718

Thanks! That got me going in the right direction. The Radius:IETF Session-Timout does work. I was sending it twice and the longer duration trumped the shorter duration hence why I was not seeing a re-auth. 

FYI - I dont think newer IAP code shows the session time-out any longer. I am running 6.5.4.6. It is hard to read the blob of data but I dont think I see the timeout. Anyway, thanks for the help guys!