Wireless Access

Hi,

I can`t find how to set timeout session for captive portal users, can somebody help me, please ?

---

@robertos wrote:

Hi,

 

I can`t find how to set timeout session for captive portal users, can somebody help me, please ?

---

If you're looking for a station timeout value: It's in the SSID profile, advanced, "Station Ageout Time".

---

@Pjotmans wrote:

If you're looking for a station timeout value: It's in the SSID profile, advanced, "Station Ageout Time".

 

---

just to share some info - please be aware that the user idle/age out mechanism is different starting in 6.2.x and higher. In code prior to 6.2.x, the 'aaa timers idle-timeout' (as discussed elsewhere in this post) is the primary way an idle user entry is aged and deleted. The controller attempts to ping the user before deleting the user to see if it's alive, but this is marginally successful since most devices firewall by default these days.

However, starting in 6.2.x, the station ageout time becomes the primary method whereby after a user becomes idle at the AP level, the station ageout timer starts. Once this expires (default 1000 seconds), the AP will signal the controller to delete the user - but the controller will only delete the user *if* the aaa user idle time has also expired. Note that if the user is still associated and sending any form of traffic (including power save frames etc.) then it will not idle out easily with the default value of 1000 seconds.

in summary, in 6.2.x and higher if the aaa idle timer is < station ageout then the station ageout is the determining factor for when to delete a user from the user table. If the aaa idle timeout is > station ageout then the controller will wait until the greater value is reached before deleting the user.

In ArubaOS 6.2.x there is only one global aaa idle timer, but in 6.3.x this is extended to a per aaa profile value to allow more flexability in tuning the desired age out time relative to the function of a virtual AP.

hth

-jeff

In 6.1x try this place:

Security -> Authentication -> Advanced

User Idle Timeout - Tells the system how long your authenticated users can be idle/away from the network before it's considered to be idle and removed from the system.

Logon User Lifetime - Tells the system how long you'll allow non-authenticated users to be on the network.

Check your User Guide under Configuring Authentication Timers for more details

..John

thanks, that was it!

hi,

Is there any way to disable the "User Idle Timeout" functionality ?

I see from the guide that the maximum period is 255min which conflicts with my Captive Portal packages set to days or months. I don't want to have users to reauthenticate through CP next day they wake up, once they paid and created the session in my back-end for a month.

thanks.

---

@Andrei wrote:

hi,

 

Is there any way to disable the "User Idle Timeout" functionality ?

I see from the guide that the maximum period is 255min which conflicts with my Captive Portal packages set to days or months. I don't want to have users to reauthenticate through CP next day they wake up, once they paid and created the session in my back-end for a month.

 

thanks.

---

Andrei

You cannot disable it nor increase beyond 255 mins. Typically in the use care you mention the solution is to use something like ClearpassGuest/Amigopod/Other to create a mac address username/password in the RADIUS (which expires/deletes after X days/months), and have the controller perform mac auth before CP auth, such that finding an existing mac account in the RADIUS will put the user direct to the right role without hitting the captive portal initial role.

regards

-jeff