Security

Reply
Occasional Contributor II
Posts: 19
Registered: ‎01-13-2014

Captive Portal Reauthentication Timer

[ Edited ]

I have setup a captive portal using LDAP, I have everything working just fine for logins and gaining access to the web. My question is with setting a timer so a user only has to Authenticate once a day. Right now everytime a user gets disconnected from the network due to moving around and or shutting down thier device they have to reauthenticate everytime. I have tried almost every setting with not luck and now i'm looking for help.

 

I have tweaked all these with no luck 

 

User Idle Timeout

Logon User Lifetime (min)

Re-authentication Interval

 

Model : Aruba 7210-US

Version: 6.3.0.1

MVP
Posts: 4,012
Registered: ‎07-20-2011

Re: Captive Portal Reauthentication Timer

 

Are you using ClearPass guest or the controller captive portal?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II
Posts: 19
Registered: ‎01-13-2014

Re: Captive Portal Reauthentication Timer

I'm using the built in CP from the controller. 

MVP
Posts: 4,012
Registered: ‎07-20-2011

Re: Captive Portal Reauthentication Timer

 

 

What's current value on the user idle timeout ? This should help you out

 

show aaa timers

 

Are clients roaming to another controller ?

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Guru Elite
Posts: 7,839
Registered: ‎09-08-2010

Re: Captive Portal Reauthentication Timer

Unfortunately without using some type of MAC caching, a device that disconnects and then ages out of the user-table will always go into the initial-role which will require authentication.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Frequent Contributor I
Posts: 76
Registered: ‎11-23-2010

Re: Captive Portal Reauthentication Timer

Are the aaa timers global settings?

For a specific VAP/SSID with captive portal I need 24hrs without reauthentication, but with these "aaa timers" it is impossible.

 

Are there issues for 255min (the maximum) for logon-lifetime?

Guru Elite
Posts: 19,974
Registered: ‎03-29-2007

Re: Captive Portal Reauthentication Timer

The AAA timer is global, so you should not touch that.  If you need to have a client reauthenticate less, you should use the Captive Portal user-idle-timeout parameter in the Captive Portal Authentication Profile:  http://www.arubanetworks.com/techdocs/ArubaOS_64_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_authentication_captive.htm

 

" Valid range is 30-15300 in multiples of 30 seconds. Enabling this option overrides the global settings configured in the AAA timers. If this is disabled, the global settings are used"

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Frequent Contributor I
Posts: 76
Registered: ‎11-23-2010

Re: Captive Portal Reauthentication Timer

Thank you Colin.

Our version is 6.1 and the user-idle-timeout parameter is 6.3. We have the memory limitation of 3200.

We have 3 VAPs (2 802.1x/EAP-TLS and 1 Captive portal) on a 1 master/4 local controllers configuration.

What are the issues if I set global user-idle-timeout to 15300?

Guru Elite
Posts: 19,974
Registered: ‎03-29-2007

Re: Captive Portal Reauthentication Timer

Increasing the global timer means that users will be in the user table long after they have already left. This will give you an inflated count of the number of users that are really on your network.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: