Security

last person joined: 17 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Retain a guest user for a period after authenticate by Captive Portal

This thread has been viewed 0 times

  • 1.  Retain a guest user for a period after authenticate by Captive Portal

    Posted Jan 27, 2014 03:47 PM

     

    I know ClearPass can do this, but can Aruba control retains a guest user for longer period after authenticate by Captive Portal? 

    Many of my guests complaining that their devices were required to re-authenticate too soon and it is inconvenience.

     

    Thanks,

     



  • 2.  RE: Retain a guest user for a period after authenticate by Captive Portal

    EMPLOYEE
    Posted Jan 27, 2014 03:51 PM
    Without an external authentication server, no.


  • 3.  RE: Retain a guest user for a period after authenticate by Captive Portal

    MVP
    Posted Jan 27, 2014 04:16 PM

    It is possible by increasing the idle user timeout but that brings a heap of other problems so no, I wouldn't recommend it.



  • 4.  RE: Retain a guest user for a period after authenticate by Captive Portal

    Posted Jan 27, 2014 04:40 PM

    Thanks all.  Clearly, ClearPass is the solution!!!



  • 5.  RE: Retain a guest user for a period after authenticate by Captive Portal

    EMPLOYEE
    Posted Jan 27, 2014 08:07 PM

    New in ArubaOS 6.3 you can specify a different user idle timeout for the specific captive portal instance, so that it does not affect other SSIDs:

     

    http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Captive_Portal/Captive_Portal_Authentic.htm

     

    captiveportal.png

     



  • 6.  RE: Retain a guest user for a period after authenticate by Captive Portal

    Posted Jan 28, 2014 04:43 PM

    Thanks Colin, good information!



  • 7.  RE: Retain a guest user for a period after authenticate by Captive Portal

    Posted Jun 14, 2016 09:07 AM

    Can you please explain more why this wound't be a good idea.

     

    Thanks



  • 8.  RE: Retain a guest user for a period after authenticate by Captive Portal

    EMPLOYEE
    Posted Jun 14, 2016 09:23 AM

    Increasing the user idle timeout leaves users in the user table long after they are gone and consumes resources. That gives an artifically inflated view of the user table. In addition, if you do not make sure that the DHCP leases match the user idle timeout time, it is possible that your dhcp server can give ip addresses of users that are already in the user table, producing conflicts.  Increasing the user idle timeout should be for people who do not have an external policy server solution to do mac caching.