Wireless Access

Super Contributor II

Does Arubaos honour RADIUS Session-Timeout attributes even if user role has reauth disabled?


Our standard user role has reauth interval disabled. By default on all our dot1x auths I have our RADIUS servers pass back  Session-Timeout / Termination-Action attributes. Will ArubaOs honour these?


When receiving RADIUS attributes in access accept packets, do they take precedence over any locally defined settings if there is a clash?





Guru Elite

Re: Does Arubaos honour RADIUS Session-Timeout attributes even if user role has reauth disabled?



Name: employee, IP:, MAC: e8:92:a4:96:df:43, Role: Byod-Authenticated, ACL: 65/0, Age: 00:00:00
Authentication: Yes, status: started, method: 802.1x, protocol: EAP-PEAP, server: cppm-
Bandwidth = No Limit
Bandwidth = No Limit
Role Derivation: default for authentication type 802.1x
VLAN Derivation: User Dot1x Role Contained
Idle timeout (global): 300 seconds, Age: 00:00:00
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=0, mba=0, vpnflags=0, u_stm_ageout=1
Flags: innerip=0, outerip=0, vpn_outer_ind:0, download=1, wispr=0
phy_type: a-HT-20, l3 reauth: 0, BW Contract: up:0 down:0, user-how: 1
Vlan default: 1000, Assigned: 1000, Current: 1000 vlan-how: 13 DP assigned vlan:0 
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0
SlotPort=0x2100, Port=0x10016 (tunnel 22)
Role assigment - L3 assigned role: n/a, VPN role: n/a, Dot1x cached role: n/a
    Current Role name: Byod-Authenticated, role-how: 1, L2-role: Byod-Authenticated, L3-role: Byod-Authenticated
Essid: ACME-TLS, Bssid: 00:1a:1e:20:82:f3 AP name/group: AP-125-Home/default Phy-type: a-HT-20
RadAcct sessionID:employeeE892A496DF43-0A
RadAcct Traffic In 67/11522 Out 43/13544 (0:67/0:0:0:11522,0:43/0:0:0:13544)
Timers: reauth 0, mac reauth 0, dot1x reauth 0
Profiles AAA:ACME-TLS-aaa_prof, dot1x:dot1x_prof-nyi32, mac: CP: def-role:'logon' sip-role:'' via-auth-profile:''
ncfg flags udr 0, mac 0, dot1x 1, RADIUS interim accounting 1
IP Born: 1365083730 (Thu Apr  4 08:55:30 2013)
Core User Born: 1365083725 (Thu Apr  4 08:55:25 2013)
Upstream AP ID: 0, Downstream AP ID: 0
Device Type: Dalvik/1.6.0 (Linux; U; Android 4.2.2; Nexus 4 Build/JDQ39)
L3-Auth Session Timeout from Radius: 0
Mac-Auth Session Timeout Value from Radius: 0
Dot1x Session Timeout Value from Radius: 60
CoA Session Timeout Value from Radius: 0
Dot1x Session Term-Action Value from Radius: Radius-Request
Reauth-interval from role: 0
Address is from DHCP: yes


Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: