Security

Reply
MVP

Retain a guest user for a period after authenticate by Captive Portal

 

I know ClearPass can do this, but can Aruba control retains a guest user for longer period after authenticate by Captive Portal? 

Many of my guests complaining that their devices were required to re-authenticate too soon and it is inconvenience.

 

Thanks,

 

~Trinh Nguyen~
Boys Town
Guru Elite

Re: Retain a guest user for a period after authenticate by Captive Portal

Without an external authentication server, no.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP

Re: Retain a guest user for a period after authenticate by Captive Portal

It is possible by increasing the idle user timeout but that brings a heap of other problems so no, I wouldn't recommend it.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
MVP

Re: Retain a guest user for a period after authenticate by Captive Portal

Thanks all.  Clearly, ClearPass is the solution!!!

~Trinh Nguyen~
Boys Town
Guru Elite

Re: Retain a guest user for a period after authenticate by Captive Portal

New in ArubaOS 6.3 you can specify a different user idle timeout for the specific captive portal instance, so that it does not affect other SSIDs:

 

http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Captive_Portal/Captive_Portal_Authentic.htm

 

captiveportal.png

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP

Re: Retain a guest user for a period after authenticate by Captive Portal

Thanks Colin, good information!

~Trinh Nguyen~
Boys Town
New Contributor

Re: Retain a guest user for a period after authenticate by Captive Portal

Can you please explain more why this wound't be a good idea.

 

Thanks

Guru Elite

Re: Retain a guest user for a period after authenticate by Captive Portal

Increasing the user idle timeout leaves users in the user table long after they are gone and consumes resources. That gives an artifically inflated view of the user table. In addition, if you do not make sure that the DHCP leases match the user idle timeout time, it is possible that your dhcp server can give ip addresses of users that are already in the user table, producing conflicts.  Increasing the user idle timeout should be for people who do not have an external policy server solution to do mac caching.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: