What does the idle timer do and how does IP spoofing block valid user sessions?

Aruba Employee
Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS versions.


aaa timer idle-timeout: This timer is for the datapath to detect if there is no more new sessions or traffic initiated for a user record. When the time has come, it signals the control plane "authmgr" to ping the client. The ping is three consecutive checks with 1 sec interval. If no ping response is returned, issue an 'aaa user delete w.x.y.z' command to clean up the user record. If the client can reply, the user record is kept for another round of idle timer.


Why are valid users triggering IP spoofing events?


System administrators usually lower their lease time when they run out of IP addresses. When the lease time is equal or lower than the idle timer, the IP spoofing event is triggered. Lower the idle timer to age out the old entries.

(Aruba) #show aaa timers

User idle timeout = 30 minutes
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes

Version history
Revision #:
1 of 1
Last update:
‎07-01-2014 04:00 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: