Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

How to configure session timeout and idle timeout

This thread has been viewed 29 times

  • 1.  How to configure session timeout and idle timeout

    Posted Jun 26, 2013 03:08 PM

    I am using an Aruba 620 controller and AP105's running Aruba OS 6.1.3.6 and I am trying to configure a session time out and idle timeout without success. I would like for users to re-authenticate after a specified time and for idle devices to disconnect and have to re-authenticate after a specified time.

     

    I've tried configuring the controller timers,

    timers.png

     

    configuring timeouts in connection request policies on the NPS,

    CRP Timeout.png

     

     

    and configuring timeouts in network policies on the NPS.

     

    Network Policy Timeout.png

     

     

    So far, none of these settings seems to have any effect. Tested with iPad and iPhone and laptop running Win7 which none were ever disconnected nor prompted to re-enter credentials. Where can I make these settings work? What am I missing? 

     

    Thanks for any help,

    Calvin

     

     



  • 2.  RE: How to configure session timeout and idle timeout

    Posted Jun 26, 2013 03:13 PM

     

    This could help you out:

    L2 Authentication - Google Chrome_2013-06-26_15-11-35.png



  • 3.  RE: How to configure session timeout and idle timeout

    Posted Jun 26, 2013 03:50 PM

    I tried and iDevices are still connected. Was not prompted to reauthenticate.

     

     

    temp.png



  • 4.  RE: How to configure session timeout and idle timeout

    EMPLOYEE
    Posted Jun 26, 2013 04:45 PM

    Calvin,

     

    None of those knobs have any effect that you want them to in 802.1x because it is the built-in IOS Supplicant that re-submits those credentials automatically.  At most, those devices receive an EAP request and resubmit the same credentials upon reauthentication.  The only way those devices will prompt a user, is if there is a rejection from the radius server.  The only way to do it the way you want is using the Captive Portal.