Security

Reply
Occasional Contributor II

User-idle Timeout

I have set user-idle timeout of 5 minutes.After 5 mintuies user must logged out.If the client does not commnunicates  with AP for 5 mintues then he must logged out.if yes ap determine clients communication based on ICMP i.e ping.Also if there is no network activity and user is idle for 5 mintues then also he must logged out ,that is not happening.Next when user shutdwon his/her PC he still remains in database for 5 mintues and then removed .When next time he loggins he should re-authenticate to gain internet acccess this is also not happening.He get directly connected to the network without authentication.Please suggest any solution to it.

Re: User-idle Timeout

What version of AOS are you using ?
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: User-idle Timeout

Model: Aruba3200 Version: 6.1.3.4

Highlighted
Aruba

Re: User-idle Timeout

The user idle timeout is used to clear clients from the user table.   As you mention in your case; when the controller detects a user is idle for 5 minutes, it will check to see if the client is still there (connected, just not doing anything).  If it is, it resets the timer and leaves it alone.  If the device is not there (disconnected or asleep), then the client is removed from the user table.   When the device comes back online, the reauthentication depends on the authentication type you have set for the network.  If it is 802.1X, the client will typically cache the logon, so no reauthentication is seen, although it takes place.  If it is a pre-shared key network, the client caches the key and will connect without any visible authentication.  If the network is Open, it will just connect.   The only time you'd typically see a reauthentication visually is if the client is set not to cache the username/password on an 802.1X network or if you have Captive Portal setup for an Open network.

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Occasional Contributor II

Re: User-idle Timeout

To re-authenticate in that case,what configuration have to be done in aruba 802.1x Profile.Is any configuration have to be done at Client's end.

Aruba

Re: User-idle Timeout

It is on the client end.   Typically the cache their logons and don't prompt again.   

------------------------------------------------
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX

Occasional Contributor II

Re: User-idle Timeout

Thanks for the support....

Occasional Contributor I

Re: User-idle Timeout

Hi We have 7220 Wireless controller and 697AP's, Users keeps re-authenticating after a sort of time. I actually tried configuring AAA profile User-Idle timeout to 15300 secs and even the global settings but users experiencing a disconnection reportedly even playing games and active for 30 minutes. 

 

Any suggestions on this?

 

Best Regards,

Kenneth Penafuerte

Phil-Data Business Systems Inc.

Guru Elite

Re: User-idle Timeout

Are your clients using captive portal authentication?  If not, manipulating the user idle timeout is not a symptom or solution to your issue.  We would need more details about your deployment (authentication being used, clients with problems, exactly what happens) before we can narrow down what could be happening.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: User-idle Timeout

Hi CJ,

 

Good day! We have two SSID's 1. For Admin users - No captive portal used,it's authentication was only using WPA or WPA 2. and other users such 2. Guests - are being authenticated through Xpossible device with captive portal, open authentication on the part of the Aruba wireless controller. It was xpossible who handles the DHCP server for Guest users also the Captive portal.

 

Best Regards,

Kenneth P;

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: