Security

Reply
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Session expire time

Hello,

 

Step by step, my CP self-registration is going on but there is one thing I can't achieved. I would like that the guests can connect only one hour on the wifi and then are disconnected. I dont' want that the account expire, only the session. So the guests can login again with the same account. Is it possible ?

 

In addition, I'd like to manage a five minutes break between each sessions ?

 

Thanks

 

Dimitri

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Session expire time

I haven't tried this myself, but I wonder if it's possible to use the RADIUS attributes Session-Timeout and Terminate-Action to set the session time and then force reauthentication?  I'm not sure if the controller will allow the session timeout to be set by a RADIUS server, but this is certainly possible on a Cisco switch.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Session expire time

Thanks, I have seen this but don't know how to use it exactly. Can you help me a bit ?

Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Session expire time

A little up if someone more experienced than me can help to implement this.


Thanks

 

Dimitri

MVP
Posts: 470
Registered: ‎05-11-2011

Re: Session expire time

 

Well - what is really your point behind making them re-connect?

Is it the option to re-direct them to a landing portal with some info or ads you want them to see/click on?

 

Depending on what you want to achieve I would just save the user the hassle, and just have them re-register to get a new password. The account will by default auto-update with a new password anyways, and not overwrite any parameter not filled in..

 

But - that said...

 

I haven't tried this myself, but you could most likely create a variation of the Enforcement Policy "Standard Guest Access" with a rule that terminates the session if more than 1 hour since last authentication.

 

Inserted screenshot for configuration

 

01.03.jpg

 

 

 

Note that if the user has already timed out in the Aruba Session ie. he has been idle more than 5 minutes (or whatever you've set user idle timeout to be) he will have to be re-authenticated through the portal anyways.

 

Also.. You might want to use MAC-authentication and do the termination part there instead. Just same kind of rule starting out with the "MAC-caching 24hours" policy.

 

 Try it and let us know how it works out for you.

 

 

Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Session expire time

Hi,

 

I want to avoid guests to download movies or massive stuffs as IAPs are used as hotspot.

 

I have tried to create a variation of the Enforcement Policy "Standard Guest Access" but I can't add the operator "GREATER_THAN_OR_EQUALS" => value is not correct.

 

Dimitri

MVP
Posts: 470
Registered: ‎05-11-2011

Re: Session expire time

It saves fine for me - as you can see in the screenshot. Perhaps you've chosen the wrong Type?

 

(Authorization:[Insight Repository]:Hours-Since-Auth GREATER_THAN_OR_EQUALS 1)

 

 

But - for your purpose perhaps looking into quotas, bandwidth limits and firewall rules..

 

Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Session expire time

It's a request of my customer but I will try and see about quotas, bandwidth. Can I configure both in CCPM or is it better in the VC of the IAP ?

 

aruba_policies_problem.PNG

 

As you can see, I can't use GREATER_THAN_OR_EQUALS 1.

 

Dimitri

 

MVP
Posts: 470
Registered: ‎05-11-2011

Re: Session expire time

[ Edited ]
Strange. What version of CPPM are you using? I'm on 6.0.2.46902.
 
The quota part you should do in CPPM & Guest
Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Session expire time

CCPM 6.0.1.45969

 

Ok for the quota, so I need to make a new Enforcement Profile ?

 

Dimitri

Search Airheads
Showing results for 
Search instead for 
Did you mean: