Okay. As long as the device can be pinged, or is passing traffic it will stay in the user table for days, because the timer to remove it will be reset at three hours every time it passes traffic or can be pinged.
The drawbacks of this timer are:
- The timer is global, so it affects users on ALL SSIDs on the controller, so your user table will be aritificially inflated, as a result.
- If you have the DHCP lease time at less than this timer, it will cause problems
The options you have are:
- Move to 802.1x where the supplicant on the ipad will log users in automatically, so that users do not have to
- Employ mac caching software like ClearPass which will allow already logged in users to not have to log in constantly
- Plan an upgrade to ArubaOS 6.3 which has a Captive Portal timer for individual SSIDs so that it does not affect all users on the controller.