Security

Reply
Occasional Contributor I
Posts: 7
Registered: ‎04-13-2012

Change timeout or authentication method

Hi.

 

I have a solution where guests are presented with a controller based captive portal (AOS 6.1.3.8). These guests (or a least a small number of end points) should not have to reauthenticate after being idle in 255 minutes.

 

I cannot set timer higher than 255 minutes. I can use MAC authentication and fail-through to captive portal, but the customer is not willing to update MAC tables as these end points change at least once a year.

 

Will CPPM give the customer the opportunity to update MAC table with certain guest logins or am I missing another way to do this??

Kenneth
ACMP
MVP
Posts: 1,380
Registered: ‎05-28-2008

Re: Change timeout or authentication method

Set the user idle timeout value.

The value of this field is in minutes. . To prevent the user from timing out set the value of this field to 0.
The user idle timeout is the time in minutes for which the switch maintains state of an unresponsive client. If the client does not respond back to the switch within this time, the switch deletes the state of the user. The user will have to re-authenticate to gain access once the user state has been deleted. Set the value of the user idle timeout. The value of this field is in minutes

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 1,380
Registered: ‎05-28-2008

Re: Change timeout or authentication method

more info here:

http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-AAA-Idle-Timeout-and-Authentication-Server-Dead-Time/td-p/106

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Occasional Contributor I
Posts: 7
Registered: ‎04-13-2012

Re: Change timeout or authentication method

According to CRG, the value of parameter idle-timeout is between 1-15300 (seconds)

 

AAA timers idle-timeout <1-15300>

 

Unfortunately, I am unable to test this today, but I will test it tomorrow and give info back.

Kenneth
ACMP
Occasional Contributor I
Posts: 7
Registered: ‎04-13-2012

Re: Change timeout or authentication method

Tested and not possible.

 

Output from CLI:

(aruba3400) (config) #show aaa timers

User idle timeout = 15300 seconds Auth Server dead time = 10 minutes Logon user lifetime = 5 minutes User Interim stats frequency = 300 seconds

(aruba3400) (config) #aaa timers idle-timeout 0

                                              ^

% Invalid input detected at '^' marker.

(aruba3400) (config) #aaa timers idle-timeout 0 seconds                                                 ^

% Invalid input detected at '^' marker.

(aruba3400) (config) #no aaa timers idle-timeout 15300

(aruba3400) (config) #show aaa timers

User idle timeout = 300 seconds

Auth Server dead time = 10 minutes

Logon user lifetime = 5 minutes

User Interim stats frequency = 300 seconds

(aruba3400) (config) #aaa timers idle-timeout 15300 seconds

 

So it is not possible to set the idle-timeout to 0, if deleted using no aaa timers the value is set to default 300 seconds.

 

Any other suggestions??

Kenneth
ACMP
Occasional Contributor II
Posts: 12
Registered: ‎03-17-2013

Re: Change timeout or authentication method

[ Edited ]

Same problem. How can I increase the time, or use 0 to disable?

Search Airheads
Showing results for 
Search instead for 
Did you mean: