Contributor II

How to disconnect Users at a specified time?

Hey everybody,


we are using CPPM 6.4 with the Guest module.


I want to disconnect guest users at a specified time using CoA or Radius Session-Timeout.


One customer wants to have specified time ranges for their guest users.

I already updated the service so they can only login in the specified time, but of course don't get disconnected when the end time is reached.


The biggest problem is that we have different guest roles with different time ranges.

Would it be possible to disconnect a users with a specific user role at 10pm for example?


The users shall not expire! They will be able to reconnect again at the next day in the specified time range.


The authentication is using captive portal.

The NAS device is a IAP.





ACMX 754, ACCX 726
Guru Elite

Re: How to disconnect Users at a specified time?

You would need to use the time source as an authorization source and calculate the difference between the authentication time and 10 PM and then return that amount of time as a session timeout.

Tim Cappalli | Aruba Security TME
@timcappalli | | ACMX #367 / ACCX #480
Contributor II

Re: How to disconnect Users at a specified time?


This required some PostgreSQL knowledge but I have a running solution now :)


Step 1: Add TimeSource as Authorization Source


Step 2: Add Filter to TimeSource 

select (extract(epoch from date(CURRENT_DATE) + time '22:30' - now()))::int as Until2300;


Step 3: Enforcement Profile with Session-Timeout

Radius:IETFSession-Timeout=%{Authorization:[Time Source]:Until2300}





ACMX 754, ACCX 726
Search Airheads
Showing results for 
Search instead for 
Did you mean: