Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Captive portal users staying live

This thread has been viewed 0 times

  • 1.  Captive portal users staying live

    Posted Nov 07, 2013 10:55 AM

    Hi,

    Since we changed the settings for captive portal users to stay signed in for 3hours ( user idle timeout) our system seems to not be removing them at all, i have users who have been signed in for days and i have logged an iPad and Surface onto captive portal at 11am today and then left them until now 4pm and there still not asking for a signin and working fine.

     

    Any ideas why this might hapen? were on code 6.1.3.4.

     

    Cheers,



  • 2.  RE: Captive portal users staying live

    EMPLOYEE
    Posted Nov 07, 2013 11:07 AM
    @sketchmasterx wrote:

    Hi,

    Since we changed the settings for captive portal users to stay signed in for 3hours ( user idle timeout) our system seems to not be removing them at all, i have users who have been signed in for days and i have logged an iPad and Surface onto captive portal at 11am today and then left them until now 4pm and there still not asking for a signin and working fine.

     

    Any ideas why this might hapen? were on code 6.1.3.4.

     

    Cheers,

    Try turning off the device entirely and see if that continues to happen.  If the device can be pinged or passes traffic, the 3 hour timer resets.



  • 3.  RE: Captive portal users staying live

    Posted Nov 07, 2013 11:10 AM

    Ok i wil give that a go but the reason we put the limit up was due to ipad users constantly having to resign in after not using there devices for a few minutes.

     

    Thanks



  • 4.  RE: Captive portal users staying live

    EMPLOYEE
    Posted Nov 07, 2013 11:12 AM

    Did you change the user idle-timeout to make that happen?  If so, what number did you change it to?

     



  • 5.  RE: Captive portal users staying live

    Posted Nov 07, 2013 11:14 AM

    Yes i did, I set it to 180 minutes then the system changes it to 10800 seconds.



  • 6.  RE: Captive portal users staying live

    EMPLOYEE
    Posted Nov 07, 2013 11:34 AM

    Okay.  As long as the device can be pinged, or is passing traffic it will stay in the user table for days, because the timer to remove it will be reset at three hours every time it passes traffic or can be pinged.  

     

    The drawbacks of this timer are:

     

    -  The timer is global, so it affects users on ALL SSIDs on the controller, so your user table will be aritificially inflated, as a result.

    - If you have the DHCP lease time at less than this timer, it will cause problems

     

    The options you have are:

     

    - Move to 802.1x where the supplicant on the ipad will log users in automatically, so that users do not have to

    - Employ mac caching software like ClearPass which will allow already logged in users to not have to log in constantly

    - Plan an upgrade to ArubaOS 6.3 which has a Captive Portal timer for individual SSIDs so that it does not affect all users on the controller.

     

     

     



  • 7.  RE: Captive portal users staying live

    Posted Nov 07, 2013 11:39 AM

    Thanks for the info, were a university and we use 802.1x for our know staff devices and captive portal for our students BYOD, the odd thing is there are student connections in there that are days old, even though the students go home at night and take there deivces with them, a few may be in halls but not the number were seeing stay live on the system.

     

    We did try clearpass but it was just far to exspensive for what we wanted to do due to the large number of users (students) we have and the ammount of devices they bring in.

     

    We will look into an Aruba OS upgrade. Thanks.



  • 8.  RE: Captive portal users staying live

    EMPLOYEE
    Posted Nov 07, 2013 11:44 AM
    @sketchmasterx wrote:

    Thanks for the info, were a university and we use 802.1x for our know staff devices and captive portal for our students BYOD, the odd thing is there are student connections in there that are days old, even though the students go home at night and take there deivces with them, a few may be in halls but not the number were seeing stay live on the system.

     

    We did try clearpass but it was just far to exspensive for what we wanted to do due to the large number of users (students) we have and the ammount of devices they bring in.

     

    We will look into an Aruba OS upgrade. Thanks.

    You are running 6.1.3.4 and it is older, so I would plan an interim update to 6.1.3.9 or above to see if it goes away.  It is possible there is a bug with aging out users in that version of code.  

     

    At some Universities, to get around this, they also allow their students to do 802.1x on the same SSID as the faculty so that they don't have to login their devices at the captive portal and they can leverage encryption.  That would eliminate the need for the timer, unless you would still keep the captive portal for guests.  If this is a valid option I would suggest that you look into this before anything else...



  • 9.  RE: Captive portal users staying live

    Posted Nov 07, 2013 11:45 AM

    Thats an interesting idea, thank you.