Wireless Access

Reply
Occasional Contributor II
Posts: 28
Registered: ‎07-29-2009

Idle timeout + ICMP

Hi everyone,

I have a problem with the idle session timeout on captive portal.

I know that to check if a client is still alive, after session timeout was elapsed, the controller sends an ICMP request.

On the client I received the query with tcpdump, however on the controller I get this lines in debugging logs :

icmp request sent for user 172.30.78.238
<DBUG> |authmgr|  MAC=00:1b:77:d3:8a:be IP=172.30.78.238 Sending ping 1 of 3 (id=8214, seq=56685)
<DBUG> |authmgr|  MAC=00:1b:77:d3:8a:be IP=172.30.78.238 Got ping response (seq=56685, user-ingress=0x108f ingress=0x106b, type=idle)
<DBUG> |authmgr|  Ping response from different ingress, deleting the user MAC=00:1b:77:d3:8a:be IP=172.30.78.238
<DBUG> |authmgr|  User idle ip=172.30.78.238, role=authenticated
<DBUG> |authmgr|  AU1(1), HA1, TAP0, PARP0 OIP0 IIP0 INT0
<DBUG> |authmgr|  MAC=00:1b:77:d3:8a:be IP=172.30.78.238 Send mobility delete message, flags=0x0
<DBUG> |authmgr|  {172.30.78.238} datapath entry deleted
<INFO> |authmgr|  MAC=00:1b:77:d3:8a:be IP=172.30.78.238 User entry deleted: reason=idle timeout

Is someone could tell me, what is this error ("Ping response from different ingress")?

Thanking you in advance

PS : M3 card on A6000 with AOS 3.4.5.1

Retired Employee
Posts: 234
Registered: ‎04-19-2011

Re: Idle timeout + ICMP

Is the guest client connecting through split-tunnel virtual ap?
--
HT
Occasional Contributor II
Posts: 28
Registered: ‎07-29-2009

Re: Idle timeout + ICMP

No, vap is in tunnel mode.

There are only two IP on the controler :

- one for mgmt (on mgmt interface)

- a second (controler ip) for communication with AP and client

Retired Employee
Posts: 234
Registered: ‎04-19-2011

Re: Idle timeout + ICMP

Kindly open a support case for this issue.
Thanks,
--
HT
Occasional Contributor II
Posts: 28
Registered: ‎07-29-2009

Re: Idle timeout + ICMP

I upgraded my 3600 to AOS 6.1.3.4 and users session timeout seems to work.

But in debug logs, I still have these lines "ping response from different ingress"....

 

However I noticed a strange behaviour : after timeout elapsed and after icmp request, the user is deleted from user-table but client seems to be always identified. When I launch network com (ping, dns request or browser), the entry previously deleted from user tabel is refreshed without authentication and with an age counter reset.

 

Does this seems to be normal operation of the "idle timeout" ?

 

Thanks in advance.

Search Airheads
Showing results for 
Search instead for 
Did you mean: