03-05-2013 06:45 AM
How can i increase the captive portal log out time. I mean once a user authenticated with captive portal by providing user name and password it should remain authenticated for atleast one day and system would never ask him to provide user name and password after every 5 minutes of idle time.
Syed Murad Ali
ACMP ACMA CCNA
Solved! Go to Solution.
03-05-2013 07:05 AM - edited 03-05-2013 07:06 AM
This is what you are looking for: (say thanks to cjoseph)
By default it is set to 5 minutes or 600 seconds, which means if a user does not pass traffic for 5 minutes, the user is pinged once ever minutes for 4 minutes. If the user still does not respond, the user is removed from the user table and must reauthenticate the next time he/she connects. From the Aruba knowedgebase verbatim (support.arubanetworks.com):
"aaa timer idle-timeout "- this is the timer for the datapath to detect if there is no more new sessions nor traffic initiated for a user record. When the time has come, it will signal the control plane "authmgr" to ping the client. The ping is three consecutive checks with 1 sec interval. If there is no ping response, you should issue an "aaa user delete w.x.y.z" command to clean up the user record. If the client can reply, the user record is kept for another round of idle timer."
You can see what it is by doing the following:
(3600.arubanetworks.com) #show aaa timers
User idle timeout = 300 seconds <------------------
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes
(More info can be found in here: http://community.arubanetworks.com/t5/Command-of-t
You can change it by doing the following:
aaa timer idle-timeout
Keep in mind, that this affects ALL users, so that if you increase it to, say 30 minutes, you will have a large number of users in the table that have not connected or even sent traffic for 30 minutes, reflected as still being there.
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
03-09-2013 09:05 AM
In 6.2 in the advanced portion of the SSID profile a station ageout timer that can override the global aaa timer. From the 6.2 release notes:
User Idle Timeout Behavior Change
The user idle timeout behavior for the way wireless users are aged out of the system has changed in ArubaOS 6.2.
In ArubaOS pre-6.2 versions, users were idled out if there was no IP traffic for five minutes (the default setting for configure terminal aaa timers idle-timeout). Users were idled out if there is no wireless traffic.
In ArubaOS 6.2, if the client signals that the AP it has left the BSSID, the client is aged out in the time specified by aaa user idle-timeout. Otherwise the client is aged out with the wireless timeout, whose default period is 1000 sec (configure terminal wlan ssid-profile <profile name> ageout).
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base