Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Captive Portal log out time

This thread has been viewed 7 times

  • 1.  Captive Portal log out time

    Posted Mar 05, 2013 09:45 AM

    How can i increase the captive portal log out time. I mean once a user authenticated with captive portal by providing user name and password it should remain authenticated for atleast one day and system would never ask him to provide user name and password after every 5 minutes of idle time.



  • 2.  RE: Captive Portal log out time
    Best Answer

    Posted Mar 05, 2013 10:06 AM

    Hi,

    :smileyhappy:

    This is what you are looking for: (say thanks to cjoseph)

    originalsdfsd.jpg

    By default it is set to 5 minutes or 600 seconds, which means if a user does not pass traffic for 5 minutes, the user is pinged once ever minutes for 4 minutes. If the user still does not respond, the user is removed from the user table and must reauthenticate the next time he/she connects. From the Aruba knowedgebase verbatim (support.arubanetworks.com):

    "aaa timer idle-timeout "- this is the timer for the datapath to detect if there is no more new sessions nor traffic initiated for a user record. When the time has come, it will signal the control plane "authmgr" to ping the client. The ping is three consecutive checks with 1 sec interval. If there is no ping response, you should issue an "aaa user delete w.x.y.z" command to clean up the user record. If the client can reply, the user record is kept for another round of idle timer."

    You can see what it is by doing the following:

    (3600.arubanetworks.com) #show aaa timers

    User idle timeout = 300 seconds <------------------
    Auth Server dead time = 10 minutes
    Logon user lifetime = 5 minutes


    (More info can be found in here: http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-AAA-Idle-Timeout-and-Authentication-Server-Dead-Time/td-p/106 )


    You can change it by doing the following:

    config t
    aaa timer idle-timeout

    Keep in mind, that this affects ALL users, so that if you increase it to, say 30 minutes, you will have a large number of users in the table that have not connected or even sent traffic for 30 minutes, reflected as still being there.


  • 3.  RE: Captive Portal log out time

    Posted Mar 05, 2013 10:15 AM
    i think that is what i was looking for....

    thank you so much


  • 4.  RE: Captive Portal log out time

    Posted Mar 08, 2013 12:58 PM

    I wish Aruba would setup a seperate timer specifically for Captive Portal instead of the global option for all users.  I suggested it a while back but I guess it fell on deaf ears :(



  • 5.  RE: Captive Portal log out time

    EMPLOYEE
    Posted Mar 09, 2013 12:05 PM

    In 6.2 in the advanced portion of the SSID profile a station ageout timer that can override the global aaa timer.  From the 6.2 release notes:

     

    User Idle Timeout Behavior Change

    The user idle timeout behavior for the way wireless users are aged out of the system has changed in ArubaOS 6.2.

    In ArubaOS pre-6.2 versions, users were idled out if there was no IP traffic for five minutes (the default setting for configure terminal aaa timers idle-timeout). Users were idled out if there is no wireless traffic.

     

     

    In ArubaOS 6.2, if the client signals that the AP it has left the BSSID, the client is aged out in the time specified by aaa user idle-timeout. Otherwise the client is aged out with the wireless timeout, whose default period is 1000 sec (configure terminal wlan ssid-profile <profile name> ageout).

     

     



  • 6.  RE: Captive Portal log out time

    Posted Mar 13, 2013 10:58 PM

    That's great news Colin, thanks for sharing that!  How stable is 6.2.1.0?  Is it safe for production right now, being that it's still in "Early Deployment"?