05-22-2013 11:55 PM
I have set user-idle timeout of 5 minutes.After 5 mintuies user must logged out.If the client does not commnunicates with AP for 5 mintues then he must logged out.if yes ap determine clients communication based on ICMP i.e ping.Also if there is no network activity and user is idle for 5 mintues then also he must logged out ,that is not happening.Next when user shutdwon his/her PC he still remains in database for 5 mintues and then removed .When next time he loggins he should re-authenticate to gain internet acccess this is also not happening.He get directly connected to the network without authentication.Please suggest any solution to it.
05-23-2013 03:57 AM
The user idle timeout is used to clear clients from the user table. As you mention in your case; when the controller detects a user is idle for 5 minutes, it will check to see if the client is still there (connected, just not doing anything). If it is, it resets the timer and leaves it alone. If the device is not there (disconnected or asleep), then the client is removed from the user table. When the device comes back online, the reauthentication depends on the authentication type you have set for the network. If it is 802.1X, the client will typically cache the logon, so no reauthentication is seen, although it takes place. If it is a pre-shared key network, the client caches the key and will connect without any visible authentication. If the network is Open, it will just connect. The only time you'd typically see a reauthentication visually is if the client is set not to cache the username/password on an 802.1X network or if you have Captive Portal setup for an Open network.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX