Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Captive Portal Guest User Session Timeout

This thread has been viewed 2 times

  • 1.  Captive Portal Guest User Session Timeout

    Posted Apr 16, 2012 12:22 PM

    Is it possible?

     

    We are presenting guest SSID users a Captive Portal, with a guest only "authentication", meaning an agreement to AUP.  This is all working nicely.

     

    It has been requested to re-present that page at an interval - say 90 or 120 minutes.  I cannot seem to be able to configure this - is it possible? 

     

    I know about the User Idle timeout value and the Logon User Lifetime, but I belive the latter only applies to pre-authenticated users.  If I am understanding correctly, a Guest user who has logged on using captive portal (even as a guest) is still "authenticated", so would not apply.  Is this true or do I have it not quite right?

     

    Kevin



  • 2.  RE: Captive Portal Guest User Session Timeout

    Posted Apr 16, 2012 02:11 PM

    I think what you're looking for is an absolute timeout, which doesn't exist that I know of.



  • 3.  RE: Captive Portal Guest User Session Timeout

    Posted Apr 16, 2012 02:17 PM

    I think you are going to get a lot of complaints is doing something like this. As the user will have to accept and whatever they were doing just got killed by having to reauthenicate. 

     

    Can you give  a little more details on why you would want to present them with the AUP page every X minutes? 



  • 4.  RE: Captive Portal Guest User Session Timeout

    Posted Apr 16, 2012 03:24 PM

    It has been discussed as a re-education tool.  Our prevous guest network was open with no captive portal.  Students (and facstaff) had no reason to connect to anything else.  We are encouraging people to move to our WPA2 profile.  Our guest captive portal would either let them stay on as a guest (with re-auth) or direct actual users through an onboarding (to WPA2 SSID) process.

     

    Our thinking was that true guest/temporal access was primarily used for meetings, and forcing a guest "re-auth" during this interval would be acceptable for free usage.

     

     



  • 5.  RE: Captive Portal Guest User Session Timeout

    Posted Apr 16, 2012 04:27 PM

    You’re looking for behavior modification..


    We have used BW contacts for guest account for the very same thing. We make the guest connections usable but don't let them have as much BW as they would like. Every school that I have worked with has BW issues with students. This helps ensure guest don't take to much BW and get students to move to your preferred SSID.

     

    As far as the AUP popping back up. I still think your going to get in to bad light when someone is downloading a large file, the system

    kicks them out to accept the AUP but what they were almost done with a large download now they have to start over.

     





     



  • 6.  RE: Captive Portal Guest User Session Timeout

    Posted Apr 17, 2012 09:39 AM

    Agreed, regarding Behavior modification.... we were just kicking this around as an idea.

     

    I just found out this is possible per user role, under re-authentication timeout.  Missed it the first time through.



  • 7.  RE: Captive Portal Guest User Session Timeout

    Posted Apr 17, 2012 10:00 AM

    Please update us on what you decide and if you need help please let me know.