From ArubaOS 6,3 and above, guest users from the user-table can be cleared when they remain idle without passing traffic?
Question: How to clear guest users from the user-table when they are remain idle without passing traffic?
Environment: This article applies to Aruba Mobility Controller running ArubaOS version 6.3 and above
Idle users are the wireless clients who are not passing any traffic. This could happen if the client is powered-off completely or has gone out of coverage area and lost connectivity. Such idle users consume resources on controller and the respective access point.
Aruba Controller with the help of idle timeout thresholds clears such users from the controller user-table and improve the performance of the system as a whole.
In this article, we are discussing about "User Idle Timeout" feature present in the Captive Portal profile.
This "User Idle Timeout" value mentioned is applicable only to the guest users associated to an SSID with this profile mapped. When the user is idle for this configured value, it is cleared out from the user table. When the user (wireless client) associates to the SSID again, they are forced to re-authenticate again.
"User Idle Timeout" value mentioned in the Captive Portal profile overwrites the "Global User idle timeout" mentioned under "aaa timers".
NOTE: A client can have both IPv4 address and an IPv6 address, But the controller does not relate the states of the IPv4 and IPv6 addresses on the same client. For example, if an IPv6 user session is active on a client, an IPv4 user session on the same client will be deleted if the idle timeout for the IPv4 session is reached.
But if the guest user associates to a captive portal SSID and do not authenticate, then it stays in Logon role within the user-table. Such unauthenticated users are force of the system using the "logon user lifetime" timer under "aaa timers" which is by default 5 mins (300 seconds).