Security

Reply
Occasional Contributor II
Posts: 61
Registered: ‎06-27-2016

How to change the machine-authentication timeout

Hi

I think machine-authentication only when devices powered up, so if the device get up from hibernates or sleep then machine authentication will not be triggered. So sometimes machine auth timeout in CPPM and these hipernated or sleeped devices dont mach machine-auth CPPM rule when they get up.

So is there a way to increase the machine-auth devices timeout?
Mahmoud
MVP
Posts: 992
Registered: ‎04-13-2009

Re: How to change the machine-authentication timeout

Hi, 

 

Here's where you change this value:

 

machine.jpg

 

 

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Occasional Contributor II
Posts: 61
Registered: ‎06-27-2016

Re: How to change the machine-authentication timeout

Thanks, but...

What is the recommended value for this timeout, as in our case if a device sleeped or hipernated for an undetermined period "which is more than the configured timeout" then it will not be assigned to the data VLAN because the service rules for machine authentciation will not be matched...

 

So can I set it to never timeout, and is it recommended?

 

Thanks

Mahmoud
MVP
Posts: 992
Registered: ‎04-13-2009

Re: How to change the machine-authentication timeout

Hi,

The recommended value is the default one. It's up to you if you wish to change it.

I wouldn't recommend to hibernate or sleep windows machine for long periods of time, it'd recommend to shut them down if not being used. It saves money amongst other things.
Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite
Posts: 21,280
Registered: ‎03-29-2007

Re: How to change the machine-authentication timeout


mahmoud.yasin@ad-tech.com.jo wrote:

Thanks, but...

What is the recommended value for this timeout, as in our case if a device sleeped or hipernated for an undetermined period "which is more than the configured timeout" then it will not be assigned to the data VLAN because the service rules for machine authentciation will not be matched...

 

So can I set it to never timeout, and is it recommended?

 

Thanks


The default time is typically sufficient.  If a machine has successfully machine authenticated, every time the user authenticates after that, the machine cache is reset.  Let me repeat:  When a machine authenticates successfully, a countdown timer is started.  When a user authenticates after a machine has authenticated successfully, the machine authenticated timeout is reset.  So, the timer does not have to reflect how often the computer is rebooted, since every time a user authenticates successfully AFTER a machine successfully authenticates, the machine cache is reset.  

 

You can think of the timer as "If a user does not touch the laptop for X minutes", they will have to reboot it so that it can successfully machine authenticate.  There are some users who use their laptops frequently and it is not a problem.  There are some users who leave their laptops for days and it also won't be a problem.  



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 61
Registered: ‎06-27-2016

Re: How to change the machine-authentication timeout

Thanks Colin

Very Clear now

Mahmoud
Search Airheads
Showing results for 
Search instead for 
Did you mean: