Wireless Access

last person joined: 4 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Guest users re-authentication

This thread has been viewed 1 times
  • 1.  Guest users re-authentication

    Posted Jan 30, 2012 09:07 AM

    I have searched the Airheads without finding a specific answer to my question.

     

    I have guest users authenticated thru a Captive Portal and the user is in the local db.

    The controller is running 6.1.2.6 and is a 3200XM.

     

    When the user leaves the building heading for another building, but with AP's on the same controller, they loose connectivity to the AP and will have to re-authenticate. I have checked that the re-auth. timer on the "guest" role is at 0, so you should need to re-auth.. As i understand  this timer is only for users that have an association to the wireless network.

     

    I have not been able to find any info on how long guest users are cached in the authenticated state. I understand that this should not be very long as they are guest users, but at least 5 mins is acceptable.

     

    Am i missing something or is there a way to make the controller wait a little longer before classifying the guest user as "not authenticated" after a short while.

     

    Roar Fossen


    #3200


  • 2.  RE: Guest users re-authentication

    Posted Jan 30, 2012 09:11 AM

    Question.

    Is the next AP that the Guest user is moving to in the same AP group as the first AP they connected to? Is there any configuration difference? They aren't going to a different VLAN when they move, are they?

     

    Also, what is the device type? Is it an iPad or mobile phone?



  • 3.  RE: Guest users re-authentication

    Posted Jan 30, 2012 09:16 AM

    The AP is at the same controller, but might be at a different AP group. The virtual AP behind the AP group should be thate same, as they just have different AP groups for the different buildings.

    The guest will NOT and up in a different VLAN as there is only one virtual AP.

     

    The device i'm not sure, but that should be an issue. Normally it is guest users with either a PC or MAC. I could have the customer check this if necessary.

     

    Roar Fossen



  • 4.  RE: Guest users re-authentication

    Posted Jan 30, 2012 09:34 AM

    Please check the device type. When mobile devices lock, they shut down their wireless connection.



  • 5.  RE: Guest users re-authentication

    Posted Jan 30, 2012 09:48 AM

    Hi

     

    Yes i am aware of this, i understood from the customer that computers was the problem, but not sure. Will ask the customer for more correct information and get back to this thread.

     

    Thanx for the help anyway.

     

    But for the question at hand, what is the correct cache time for guest users, how long will they exist in the controller after they have authenticated but is not online. How does the controller treat such users or any users for that matter

     

    Roar Fossen



  • 6.  RE: Guest users re-authentication

    Posted Jan 30, 2012 09:56 AM
    The user idle timeout determines how long a user will remain in the user table if:

    The user cannot be pinged
    The user stops sending traffic.

    The default user idle timeout is 5 minutes.

    Here is how to find out what is is:

    Show AAA timers

    Here is how to configure:

    Configuration> Authentication> advanced.


  • 7.  RE: Guest users re-authentication

    Posted Jan 30, 2012 09:57 AM

    @cjoseph wrote:
    The user idle timeout determines how long a user will remain in the user table if:

    The user cannot be pinged
    The user stops sending traffic.

    The default user idle timeout is 5 minutes.

    Here is how to find out what is is:

    Show AAA timers

    Here is how to configure:

    Configuration> Authentication> advanced.

    Ahh, thanks.

     

    Roar Fossen



  • 8.  RE: Guest users re-authentication

    Posted Jan 31, 2012 07:29 AM

     

    Should've asked me Roar - could've told you that :) Good to use the forums here tho - fast respons!