Wireless Access

Reply
Occasional Contributor II

Re: Session Timeout and Inactive Timeout

hey thanks for all the replies. 

 

base on the replies, can i conclude the following?

 

1) when setting 'User Idle Timeout', it will not boot the user although the user is 'idle' for Xmins? that is becasue even if the client is 'idling', there is still some traffic going on? This user idle timeout setting is when the user get disconnected from the network, then after Xmins, it will be removed from the controller. 

 

2) reauthentication interval works for all authentication method just that 802.1x will be 'invisible' to the user. as for captive portal, if lets say the interval is 5mins, after 5mins, the user will need to reauthenticate again, which will be directed to the captive portal again.

 

3) the only way to do session time out is via clearpass

 

Guru Elite

Re: Session Timeout and Inactive Timeout

1. Correct
2. Reauthentication Interval really only works for Captive Portal. If it is captive portal, and the user has valid credentials, the user can still logon again.
3. Clear pass is the best way to limit sessions by disconnecting users and disabling their accounts. The controller cannot do both of those functions.
******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: Session Timeout and Inactive Timeout

Hi,

I got  the similar issue.

 

I have a IAP with setting reauth timer to 0

FreeRadius return session-timer 120s

If I setup Captive portal with using the RADIUS server,  session is stop after 120s

IAP can force the user to reauthenticate by captive portal.

That's okay

 

However, if i set  the employee SSID with WPA2-Enterprise (802.1x)

IAP with setting reauth timer to 0

FreeRadius return session-timer 120s,

I checked the RADIUS records, there is no reauthenticate RADIUS/EAP message come in for a long period of time. I can only see accouting information.

Then I try to set reauth timer to 3 min, then IAP will cause user to send  reauthen after 3 min.

It seems that the IAP only follows the reauth timer setting in IAP GUI  but not the session-timer from RADIUS.

 

May I know if IAP 105 version 6.3 whether support session-timer from Radius for 802.1x authentication ?

 

thank you

 

 

 

Trusted Contributor I

Re: Session Timeout and Inactive Timeout

i would advise you to start a new thread and not jump on an old one which isnt exactly your issue either.

 

as for your specific sitation i kinda assume that with a captive portal the radius timeout doesnt have an effect on the user setting. even though you authenticate against radius it remains captive portal that allows access.

Occasional Contributor I

Re: Session Timeout and Inactive Timeout

i see

thanks

 

Contributor II

Re: Session Timeout and Inactive Timeout

Can you explain this using CPPM.  I have been looking all over the forms in CPPM to change that for two SSID's.

Guru Elite

Re: Session Timeout and Inactive Timeout

This thread has multiple topics. What are you looking to do?


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Highlighted
Contributor II

Re: Session Timeout and Inactive Timeout

I have to SSID's that users use captive portal.  One SSID I want the user to have a time limit of 4 hours and a session timeout longer than five minutes.  With the other SSID I want to give them 12 hours since that is their shift time and also would like to change their session and inactivity timeout time.

Guru Elite

Re: Session Timeout and Inactive Timeout

Do you have ClearPass?  If yes, I'm going to make this its' own topic and move it to the NAC forum for better visibility.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: